cloud computing business model

SUGGESTED TOPICS
The Magazine
Newsletters
Managing Yourself
Managing Teams
Work-life Balance
The Big Idea
Data & Visuals
Reading Lists
Case Selections
HBR Learning
Topic Feeds
Account Settings
Email Preferences

What CEOs Need to Know About the Cloud in 2021

Bhaskar Ghosh
Karthik Narain

Cloud tools give companies access to big tech capabilities.

While companies’ shift to the cloud has been gradual over the last decade, Accenture’s research shows that the pandemic has accelerated that move. In 2020, companies of all kinds quickly learned that they had to depend on cloud technologies to enable entire staffs to work from home, to ramp up digital commerce, and to provide telehealth, entertainment streaming, and more. CEOs must now evaluate a changed and changing business for the longer term. And despite the enthusiasm for what cloud can do, executives across the C-suite have concerns. The authors answer five key questions about cloud adoption on the minds of business leaders.

Medical researchers and innovators may be the heroes who will make our world livable again, but they can’t do it without the power of technology — especially cloud computing. This critical technology has enabled the rapid development of Covid-19 vaccines that, as of this writing, we hope will be as effective as clinical trials have indicated.

One of the companies leading the way is Moderna, a relatively small organization compared to the pharmaceutical giants working on other vaccine candidates. But by building and scaling its operations on the cloud, Moderna was able to deliver its first clinical batch to the National Institutes of Health for phase one trial only 42 days after initial sequencing of the virus. To accomplish this, the company invented proprietary cloud-based technologies and methods to create mRNA constructs that cells recognize as if they were produced in the body. This allows Moderna to experiment rapidly and easily shift between vaccines for different viruses without investing in new technology or infrastructure.

Moderna also uses the cloud to achieve higher efficiency and visibility across manufacturing, inventory management, and even accounting — and to “copy and paste” its digital manufacturing model onto partner facilities, which is critical for the rapid scaling of vaccine production.

The Moderna example reveals the cloud’s connection to five key areas all CEOs must lead: speed to market, reduced costs, flexibility of operations, business resilience, and innovation capabilities. Cloud technology allows startups and midsize companies to access big tech capabilities — compute power, algorithms, programming tools, and architectures — and partner in an ecosystem with larger firms.

Understanding Midsize Businesses

But prior to 2020, progress toward the cloud had actually been quite gradual. As we found in designing the research for our recent survey of 750 C-level leaders , today, about 20% to 30% of work is being done through the cloud, and companies initially planned to accelerate that to more like 80% over an eight- to 10-year process. The year of the virus, however, is speeding things up . Companies of all kinds quickly learned that they had to depend on cloud technologies to enable their entire staffs to work from home, to ramp up digital commerce, and to provide telehealth, entertainment streaming, and more. We now see this shift to 80% taking place in the next three years.

Despite the enthusiasm for what cloud can do, executives across the C-suite still have concerns. In our survey, only 37% said they had fully achieved the outcomes they expected from their cloud initiatives — an increase of just two percentage points from our 2018 survey. Only about three in 10 reported complete confidence in their organization’s cloud migration initiatives to deliver expected value at the expected time. (The 2020 survey covered 17 countries in 11 industries, with a split of roughly two-thirds IT executives and one-third business executives and a minimum $1 billion in sales.)

Through our work with companies across the world, which includes dozens of in-depth discussions with C-level leadership, we identified the five key questions business leaders have as they strategize for the long-term and move closer to that 80% target. Two are longstanding concerns about security and legacy IT. The other three ultimately come down to how cloud makes it possible to help CEOs reimagine their business. If you’re a business leader daunted by cloud adoption, consider our research- and experience-informed answers to these questions.

Can I really trust my data in the cloud?

There are two important points here. First, cloud providers operate comprehensive data security programs so you don’t have to. On-premises infrastructure is prone to the kind of small mistakes that determined cyberattackers can exploit. The main public cloud providers , however, are able to provide advanced data security controls, including data encryption, database monitoring, and access control.

That said, security continues to be a legitimate concern, and companies would rightly (and often for legal reasons) refrain, for example, from putting sensitive consumer or healthcare data in the public cloud. Most companies are addressing the desire to work through the cloud without exposing certain data to risk of exposure by turning to a hybrid model of public and private cloud operations. The latter allows businesses to maintain control over their most sensitive information.

Do I have to get rid of my legacy infrastructure once and for all?

Unwinding the spaghetti is difficult. And beyond the technical issues, the question of who pays for it can slow things down. Executives naturally aren’t keen to start over from scratch; in fact, in a 2018 survey , 70% of C-level leaders told us they wanted to keep running legacy systems as long as possible despite the limits they set on innovation and market agility.

What to do? A “lift-and-shift” strategy is a good approach for many companies. Imagine moving your entire house from one city to another without bothering to pack and unpack all the individual items or even rethink the layout of your rooms. For companies, this makes sense, because it causes minimal disruption to customers and provides relief from pressing concerns like outages. The rest can be worked out later.

How do I make the right cloud choices for my business?

The most important step here is to understand the three major cloud capabilities and what they make possible: Software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS).

SaaS started the cloud revolution. Companies could roll it out quickly, fund it directly from business budgets, and standardize processes while also enabling innovation. In 2015, Rolls Royce put in place a cloud-based HR system in 46 countries overnight using a SaaS solution. Before making this move, the company faced challenges getting an accurate view of its workforce and deploying the right people to the right places.

As cloud computing matured, IaaS and PaaS models emerged, giving businesses a higher level of control over the alignment of business and IT objectives. Food company Del Monte (full disclosure: Del Monte is an Accenture client) transformed its IT infrastructure — including their core applications — in less than four months using IaaS and PaaS. The company was able to consolidate a fragmented IT environment, improve management of hundreds of apps, and speed up new solutions and upgrades.

Today, the key for organizations is to understand the capabilities and strengths of each model and apply them judiciously to enable business innovation and growth. How do you get started? Here are a few simple rules of thumb: IaaS is a simple way to access computing and data storage resources. With IaaS, an organization rents servers and storage in the cloud rather than purchasing and maintaining its own infrastructure. PaaS is a popular choice for businesses that want to create unique applications without making major financial investments. And SaaS, the most commonly used cloud application service, is an important means for organizations to access software applications.

How does shifting our work to the cloud make it possible to reimagine the business?

The cloud dissolves many of the limits on innovation. For example, in the pharmaceuticals industry, Takeda (also an Accenture client) is using “edge” technology to help hemophiliacs monitor their enzymes while at home. (Edge computing, part of a cloud approach, is the ability to sense and respond to data locally, reducing latency and demands on communications technology.)

Also consider one of the issues at the top of mind for many CEOs today: Sustainability.

French energy company ENGIE (also an Accenture client) is using the cloud to reinvent itself as a provider of renewable and low- or zero-carbon energy. The big challenge at the core of this radical business model change is understanding client preferences in 70 countries and making those insights accessible in all 24 of ENGIE’s business units. Using a PaaS tool, the company created a single, unified view of each customer. ENGIE’s marketing, sales, and service teams can now work together without silos and quickly deliver tailor-made solutions for its customers. Consider one example: ENGIE is working with the University of Iowa on a 50-year contract to help the school meet its energy, water, and sustainability goals on its two campuses in Iowa City. One goal is to make the school coal-free by 2025.

It’s not just companies that benefit from cloud reinvention. The city of Barcelona has worked on a smart-city strategy culminating in a move to the cloud since 2013. The strategy enables the central management of urban transportation, traffic, waste disposal, noise, water, and energy on a single platform through IoT sensors. This open source platform also connects to other smart cities around the globe.

Business leaders understand the potential of cloud in this area. In our survey, 87% said that cloud would be a critical component, to a moderate or great degree, in achieving sustainability goals.

Do I have the skills I need to take advantage of the cloud?

When it comes to accelerating cloud initiatives, what’s keeping CEOs up at night the most is probably a lack of skills in the organization. For companies that have been low adopters (those doing less than 30% of their work in the cloud), almost half of CEOs cited a lack of the needed skills as a barrier to success. But even for high adopters (companies doing 75% or more of their work in the cloud), three in 10 CEOs are concerned about skills shortages.

There’s no shortcut here, but making aggressive plans today is an essential first step. For example, Takeda’s cloud-driven business transformation has big goals for innovation and how its people work. The company anticipates creating hundreds of new jobs in specialized roles, turning to new talent pools, and building the skills of thousands of employees so they can accelerate Takeda’s data and digital capabilities. A lower-investment approach could be to encourage your people to seek out online instruction to build their skills (even with free courses, like the ones the University of Illinois offers through Coursera ). Make sure to give them time for this work and the assurance that you’ll recognize the credentials.

Above all, it’s vital for the CEO to become intimately involved in the cloud journey. Cloud is too important to a business’s fundamental competitiveness to be treated as an IT program. It’s about creating a platform for the efficiency, innovation, and growth that will determine the future success of your business.

The authors thank Dave Light and H. James Wilson of Accenture Research for their contributions to this article.

BG Bhaskar Ghosh is Accenture’s Chief Strategy Officer and a member of the firm’s Global Management Committee. He is a co-author of The Automation Advantage: Embrace the Future of Productivity and Improve Speed, Quality, and Customer Experience Through AI (McGraw Hill, 2021).
Karthik Narain leads Accenture’s cloud business. He oversees Accenture services, acquisitions, talent and ecosystem partnerships in public and hybrid cloud, data & AI and software engineering. @KarthikSNarain

Partner Center

Illustration showing how cloud computing enables access to intranet-based infrastructure and applications

Published: 14 February 2024 Contributors: Stephanie Susnjara, Ian Smalley

Cloud computing is the on-demand access of computing resources—physical servers or virtual servers, data storage, networking capabilities, application development tools, software, AI-powered analytic tools and more—over the internet with pay-per-use pricing.

The cloud computing model offers customers greater flexibility and scalability compared to traditional on-premises infrastructure.

Cloud computing plays a pivotal role in our everyday lives, whether accessing a cloud application like Google Gmail, streaming a movie on Netflix or playing a cloud-hosted video game.

Cloud computing has also become indispensable in business settings, from small startups to global enterprises. Its many business applications include enabling remote work by making data and applications accessible from anywhere, creating the framework for seamless omnichannel customer engagement and providing the vast computing power and other resources needed to take advantage of cutting-edge technologies like generative AI and quantum computing .

A cloud services provider (CSP) manages cloud-based technology services hosted at a remote data center and typically makes these resources available for a pay-as-you-go or monthly subscription fee.

Read how Desktop as a service (DaaS) enables enterprises to achieve the same level of performance and security as deploying the applications on-premises.

Compared to traditional on-premises IT that involves a company owning and maintaining physical data centers and servers to access computing power, data storage and other resources (and depending on the cloud services you select), cloud computing offers many benefits, including the following:

Cloud computing lets you offload some or all of the expense and effort of purchasing, installing, configuring and managing mainframe computers and other on-premises infrastructure. You pay only for cloud-based infrastructure and other computing resources as you use them.

With cloud computing, your organization can use enterprise applications in minutes instead of waiting weeks or months for IT to respond to a request, purchase and configure supporting hardware and install software. This feature empowers users—specifically DevOps and other development teams—to help leverage cloud-based software and support infrastructure.

Cloud computing provides elasticity and self-service provisioning, so instead of purchasing excess capacity that sits unused during slow periods, you can scale capacity up and down in response to spikes and dips in traffic. You can also use your cloud provider’s global network to spread your applications closer to users worldwide.

Cloud computing enables organizations to use various technologies and the most up-to-date innovations to gain a competitive edge. For instance, in retail, banking and other customer-facing industries, generative AI-powered virtual assistants deployed over the cloud can deliver better customer response time and free up teams to focus on higher-level work. In manufacturing, teams can collaborate and use cloud-based software to monitor real-time data across logistics and supply chain processes.

The origins of cloud computing technology go back to the early 1960s when Dr. Joseph Carl Robnett Licklider (link resides outside ibm.com), an American computer scientist and psychologist known as the "father of cloud computing", introduced the earliest ideas of global networking in a series of memos discussing an Intergalactic Computer Network. However, it wasn’t until the early 2000s that modern cloud infrastructure for business emerged.

In 2002, Amazon Web Services started cloud-based storage and computing services. In 2006, it introduced Elastic Compute Cloud (EC2), an offering that allowed users to rent virtual computers to run their applications. That same year, Google introduced the Google Apps suite (now called Google Workspace), a collection of SaaS productivity applications. In 2009, Microsoft started its first SaaS application, Microsoft Office 2011. Today, Gartner predicts worldwide end-user spending on the public cloud will total USD 679 billion and is projected to exceed USD 1 trillion in 2027 (link resides outside ibm.com).

The following are a few of the most integral components of today’s modern cloud computing architecture.

CSPs own and operate remote data centers that house physical or bare metal servers , cloud storage systems and other physical hardware that create the underlying infrastructure and provide the physical foundation for cloud computing.

In cloud computing, high-speed networking connections are crucial. Typically, an internet connection known as a wide-area network (WAN) connects front-end users (for example, client-side interface made visible through web-enabled devices) with back-end functions (for example, data centers and cloud-based applications and services). Other advanced cloud computing networking technologies, including load balancers , content delivery networks (CDNs) and software-defined networking (SDN) , are also incorporated to ensure data flows quickly, easily and securely between front-end users and back-end resources.

Cloud computing relies heavily on the virtualization of IT infrastructure —servers, operating system software, networking and other infrastructure that’s abstracted using special software so that it can be pooled and divided irrespective of physical hardware boundaries. For example, a single hardware server can be divided into multiple virtual servers . Virtualization enables cloud providers to make maximum use of their data center resources.

IaaS (Infrastructure-as-a-Service), PaaS (Platform-as-a-Service), SaaS (Software-as-a-Service) and serverless computing are the most common models of cloud services, and it’s not uncommon for an organization to use some combination of all four.

IaaS (Infrastructure-as-a-Service) provides on-demand access to fundamental computing resources—physical and virtual servers, networking and storage—over the internet on a pay-as-you-go basis. IaaS enables end users to scale and shrink resources on an as-needed basis, reducing the need for high up-front capital expenditures or unnecessary on-premises or "owned" infrastructure and for overbuying resources to accommodate periodic spikes in usage.

According to a Business Research Company report (link resides outside ibm.com), the IaaS market is predicted to grow rapidly in the next few years, growing to $212.34 billion in 2028 at a compound annual growth rate (CAGR) of 14.2%.

PaaS (Platform-as-a-Service) provides software developers with an on-demand platform—hardware, complete software stack, infrastructure and development tools—for running, developing and managing applications without the cost, complexity and inflexibility of maintaining that platform on-premises. With PaaS, the cloud provider hosts everything at their data center. These include servers, networks, storage, operating system software, middleware and databases. Developers simply pick from a menu to spin up servers and environments they need to run, build, test, deploy, maintain, update and scale applications.

Today, PaaS is typically built around container s , a virtualized compute model one step removed from virtual servers. Containers virtualize the operating system, enabling developers to package the application with only the operating system services it needs to run on any platform without modification and the need for middleware.

Red Hat® OpenShift ® is a popular PaaS built around Docker containers and Kubernetes , an open source container orchestration solution that automates deployment, scaling, load balancing and more for container-based applications.

SaaS (Software-as-a-Service) , also known as cloud-based software or cloud applications, is application software hosted in the cloud. Users access SaaS through a web browser, a dedicated desktop client or an API that integrates with a desktop or mobile operating system. Cloud service providers offer SaaS based on a monthly or annual subscription fee. They may also provide these services through pay-per-usage pricing.

In addition to the cost savings, time-to-value and scalability benefits of cloud, SaaS offers the following:

Automatic upgrades: With SaaS, users use new features when the cloud service provider adds them without orchestrating an on-premises upgrade.
Protection from data loss: Because SaaS stores application data in the cloud with the application, users don’t lose data if their device crashes or breaks.

SaaS is the primary delivery model for most commercial software today. Hundreds of SaaS solutions exist, from focused industry and broad administrative (for example, Salesforce) to robust enterprise database and artificial intelligence (AI) software. According to an International Data Center (IDC) survey (the link resides outside IBM), SaaS applications represent the largest cloud computing segment, accounting for more than 48% of the $778 billion worldwide cloud software revenue.

Serverless computing , or simply serverless, is a cloud computing model that offloads all the back-end infrastructure management tasks, including provisioning, scaling, scheduling and patching to the cloud provider. This frees developers to focus all their time and effort on the code and business logic specific to their applications.

Moreover, serverless runs application code on a per-request basis only and automatically scales the supporting infrastructure up and down in response to the number of requests. With serverless, customers pay only for the resources used when the application runs; they never pay for idle capacity.

FaaS, or Function-as-a-Service , is often confused with serverless computing when, in fact, it’s a subset of serverless. FaaS allows developers to run portions of application code (called functions) in response to specific events. Everything besides the code—physical hardware, virtual machine (VM) operating system and web server software management—is provisioned automatically by the cloud service provider in real-time as the code runs and is spun back down once the execution is complete. Billing starts when execution starts and stops when execution stops.

A public cloud is a type of cloud computing in which a cloud service provider makes computing resources available to users over the public internet. These include SaaS applications, individual virtual machines (VMs) , bare metal computing hardware, complete enterprise-grade infrastructures and development platforms. These resources might be accessible for free or according to subscription-based or pay-per-usage pricing models.

The public cloud provider owns, manages and assumes all responsibility for the data centers, hardware and infrastructure on which its customers’ workloads run. It typically provides high-bandwidth network connectivity to ensure high performance and rapid access to applications and data.

Public cloud is a multi-tenant environment where all customers pool and share the cloud provider’s data center infrastructure and other resources. In the world of the leading public cloud vendors, such as Amazon Web Services (AWS), Google Cloud, IBM Cloud®, Microsoft Azure and Oracle Cloud, these customers can number in the millions.

Most enterprises have moved portions of their computing infrastructure to the public cloud since public cloud services are elastic and readily scalable, flexibly adjusting to meet changing workload demands. The promise of greater efficiency and cost savings through paying only for what they use attracts customers to the public cloud. Still, others seek to reduce spending on hardware and on-premises infrastructure. Gartner predicts (link resides outside ibm.com) that by 2026, 75% of organizations will adopt a digital transformation model predicated on cloud as the fundamental underlying platform.

A private cloud is a cloud environment where all cloud infrastructure and computing resources are dedicated to one customer only. Private cloud combines many benefits of cloud computing—including elasticity, scalability and ease of service delivery—with the access control, security and resource customization of on-premises infrastructure.

A private cloud is typically hosted on-premises in the customer’s data center. However, it can also be hosted on an independent cloud provider’s infrastructure or built on rented infrastructure housed in an offsite data center.

Many companies choose a private cloud over a public cloud environment to meet their regulatory compliance requirements. Entities like government agencies, healthcare organizations and financial institutions often opt for private cloud settings for workloads that deal with confidential documents, personally identifiable information (PII), intellectual property, medical records, financial data or other sensitive data.

By building private cloud architecture according to cloud-native principles, an organization can quickly move workloads to a public cloud or run them within a hybrid cloud (see below) environment whenever ready.

A hybrid cloud is just what it sounds like: a combination of public cloud, private cloud and on-premises environments. Specifically (and ideally), a hybrid cloud connects a combination of these three environments into a single, flexible infrastructure for running the organization’s applications and workloads.

At first, organizations turned to hybrid cloud computing models primarily to migrate portions of their on-premises data into private cloud infrastructure and then connect that infrastructure to public cloud infrastructure hosted off-premises by cloud vendors. This process was done through a packaged hybrid cloud solution like Red Hat® OpenShift® or middleware and IT management tools to create a " single pane of glass ." Teams and administrators rely on this unified dashboard to view their applications, networks and systems.

Today, hybrid cloud architecture has expanded beyond physical connectivity and cloud migration to offer a flexible, secure and cost-effective environment that supports the portability and automated deployment of workloads across multiple environments. This feature enables an organization to meet its technical and business objectives more effectively and cost-efficiently than with a public or private cloud alone. For instance, a hybrid cloud environment is ideal for DevOps and other teams to develop and test web applications. This frees organizations from purchasing and expanding the on-premises physical hardware needed to run application testing, offering faster time to market. Once a team has developed an application in the public cloud, they may move it to a private cloud environment based on business needs or security factors.

A public cloud also allows companies to quickly scale resources in response to unplanned spikes in traffic without impacting private cloud workloads, a feature known as cloud bursting. Streaming channels like Amazon use cloud bursting to support the increased viewership traffic when they start new shows.

Most enterprise organizations today rely on a hybrid cloud model because it offers greater flexibility, scalability and cost optimization than traditional on-premises infrastructure setups. According to the IBM Transformation Index: State of Cloud , more than 77% of businesses and IT professionals have adopted a hybrid cloud approach.

To learn more about the differences between public, private and hybrid cloud, check out “ Public cloud vs. private cloud vs. hybrid cloud: What’s the difference? ”

Watch the IBM hybrid cloud architecture video series.

Multicloud uses two or more clouds from two or more different cloud providers. A multicloud environment can be as simple as email SaaS from one vendor and image editing SaaS from another. But when enterprises talk about multicloud, they typically refer to using multiple cloud services—including SaaS, PaaS and IaaS services—from two or more leading public cloud providers.

Organizations choose multicloud to avoid vendor lock-in, to have more services to select from and to access more innovation. With multicloud, organizations can choose and customize a unique set of cloud features and services to meet their business needs. This freedom of choice includes selecting “best-of-breed” technologies from any CSP, as needed or as they emerge, rather than being locked into offering from a single vendor. For example, an organization may choose AWS for its global reach with web-hosting, IBM Cloud for data analytics and machine learning platforms and Microsoft Azure for its security features.

A multicloud environment also reduces exposure to licensing, security and compatibility issues that can result from " shadow IT "— any software, hardware or IT resource used on an enterprise network without the IT department’s approval and often without IT’s knowledge or oversight.

Today, most enterprise organizations use a hybrid multicloud model. Apart from the flexibility to choose the most cost-effective cloud service, hybrid multicloud offers the most control over workload deployment, enabling organizations to operate more efficiently, improve performance and optimize costs. According to an IBM® Institute for Business Value study , the value derived from a full hybrid multicloud platform technology and operating model at scale is two-and-a-half times the value derived from a single-platform, single-cloud vendor approach.

Yet the modern hybrid multicloud model comes with more complexity. The more clouds you use—each with its own management tools, data transmission rates and security protocols—the more difficult it can be to manage your environment. With over 97% of enterprises operating on more than one cloud and most organizations running 10 or more clouds , a hybrid cloud management approach has become crucial. Hybrid multicloud management platforms provide visibility across multiple provider clouds through a central dashboard where development teams can see their projects and deployments, operations teams can monitor clusters and nodes and the cybersecurity staff can monitor for threats.

Learn more about hybrid cloud management.

Traditionally, security concerns have been the primary obstacle for organizations considering cloud services, mainly public cloud services. Maintaining cloud security demands different procedures and employee skillsets than in legacy IT environments. Some cloud security best practices include the following:

Shared responsibility for security: Generally, the cloud service provider is responsible for securing cloud infrastructure, and the customer is responsible for protecting its data within the cloud. However, it’s also essential to clearly define data ownership between private and public third parties.
Data encryption: Data should be encrypted while at rest, in transit and in use. Customers need to maintain complete control over security keys and hardware security modules.
Collaborative management: Proper communication and clear, understandable processes between IT, operations and security teams will ensure seamless cloud integrations that are secure and sustainable.
Security and compliance monitoring: This begins with understanding all regulatory compliance standards applicable to your industry and establishing active monitoring of all connected systems and cloud-based services to maintain visibility of all data exchanges across all environments, on-premises, private cloud, hybrid cloud and edge.

Cloud security is constantly changing to keep pace with new threats. Today’s CSPs offer a wide array of cloud security management tools, including the following:

Identity and access management (IAM): IAM tools and services that automate policy-driven enforcement protocols for all users attempting to access both on-premises and cloud-based services.
Data loss prevention (DLP): DLP services that combine remediation alerts data encryption and other preventive measures to protect all stored data, whether at rest or in motion.
Security information and event management (SIEM) : SIEM is a comprehensive security orchestration solution that automates threat monitoring, detection and response in cloud-based environments. SIEM technology uses artificial intelligence (AI)-driven technologies to correlate log data across multiple platforms and digital assets. This allows IT teams to successfully apply their network security protocols, enabling them to react to potential threats quickly.
Automated data compliance platforms: Automated software solutions provide compliance controls and centralized data collection to help organizations adhere to regulations specific to their industry. Regular compliance updates can be baked into these platforms so organizations can adapt to ever-changing regulatory compliance standards.

Learn more about cloud security.

Sustainability in business , a company’s strategy to reduce negative environmental impact from their operations in a particular market, has become an essential corporate governance mandate. Moreover, Gartner predicts (link resides outside ibm.com) that by 2025, the carbon emissions of hyperscale cloud services will be a top-three criterion in cloud purchase decisions.

As companies strive to advance their sustainability objectives, cloud computing has evolved to play a significant role in helping them reduce their carbon emissions and manage climate-related risks. For instance, traditional data centers require power supplies and cooling systems, which depend on large amounts of electrical power. By migrating IT resources and applications to the cloud, organizations only enhance operational and cost efficiencies and boost overall energy efficiency through pooled CSP resources.

All major cloud players have made net-zero commitments to reduce their carbon footprints and help clients reduce the energy they typically consume using an on-premises setup. For instance, IBM is driven by sustainable procurement initiatives to reach NetZero by 2030. By 2025, IBM Cloud worldwide data centers will comprise energy procurement drawn from 75% renewable sources .

According to an International Data Corporation (IDC) forecast (link resides outside ibm.com), worldwide spending on the whole cloud opportunity (offerings, infrastructure and services) will surpass USD 1 trillion in 2024 while sustaining a double-digit compound annual growth rate (CAGR) of 15.7%. Here are some of the main ways businesses are benefitting from cloud computing:

Scale infrastructure: Allocate resources up or down quickly and easily in response to changes in business demands.
Enable business continuity and disaster recovery: Cloud computing provides cost-effective redundancy to protect data against system failures and the physical distance required to apply disaster recovery strategies and recover data and applications during a local outage or disaster. All of the major public cloud providers offer Disaster-Recovery-as-a-Service (DRaaS) .
Build and test cloud-native applications : For development teams adopting Agile, DevOps or DevSecOps to streamline development, the cloud offers on-demand end-user self-service that prevents operations tasks, such as spinning up development and test servers, from becoming development bottlenecks.
Support edge and IoT environments: Address latency challenges and reduce downtime by bringing data sources closer to the edge . Support Internet of Things (IoT) devices (for example, patient monitoring devices and sensors on a production line) to gather real-time data.
Leverage cutting-edge technologies: Cloud computing supports storing and processing huge volumes of data at high speeds—much more storage and computing capacity than most organizations can or want to purchase and deploy on-premises. These high-performance resources support technologies like blockchain , quantum computing and large language models (LLMs ) that power generative AI platforms like customer service automation.

Create a no-charge IBM Cloud account and access more than 40 always-free products in cloud and AI.

IBM Cloud for VMware Solutions enables you to seamlessly migrate and modernize VMware workloads to the cloud, allowing you to leverage your existing investments for a consistent VMware experience—retaining the same level of access, security and control.

Let IBM Cloud manage your infrastructure while you manage your environment. Pay only for what you use.

Tackle large-scale, compute-intensive challenges and speed time to insight with hybrid cloud HPC solutions.

An industry-specific cloud, built to support your unique modernization and AI transformation needs.

Hybrid cloud integrates public cloud services, private cloud services and on-premises infrastructure into a single distributed computing environment.

DevOps speeds delivery of higher quality software by combining and automating the work of software development and IT operations teams.

Cloud migration is the process of relocating an organization’s data, applications, and workloads to a cloud infrastructure.

Although cloud computing is only a different way to deliver computer resources rather than a new technology, it has sparked a revolution in the way organizations provide information and service.

Determining the best cloud computing architecture for enterprise business is critical for overall success. That’s why it is essential to compare the different functionalities of private cloud versus public cloud versus hybrid cloud.

We're excited to introduce a three-part lightboarding video series that will delve into the world of hybrid cloud architecture. In this intro video, our guide, Sai Vennam, lays out the three major hybrid cloud architecture issues that we're going to cover: Connectivity, Modernization and Security.

Designed for industry, security and the freedom to build and run anywhere, IBM Cloud is a full stack cloud platform with over 170 products and services covering data, containers, AI, IoT and blockchain. Use IBM Cloud to build scalable infrastructure at a lower cost, deploy new applications instantly and scale up workloads based on demand.

How CIOs and CTOs can accelerate digital transformations through cloud platforms

It has been more than a decade since the first corporate experiments with external cloud platforms, and the verdict is long in on their business value . Companies that adopt the cloud well bring new capabilities to market more quickly, innovate more easily, and scale more efficiently—while also reducing technology risk.

Unfortunately, the verdict is still out on what constitutes a successful cloud implementation to actually capture that value. Most CIOs and CTOs default to traditional implementation models that may have been successful in the past but that make it almost impossible to capture the real value from the cloud. Defining the cloud opportunity too narrowly with siloed business initiatives, such as next-generation application hosting or data platforms, almost guarantees failure. That’s because no design consideration is given to how the organization will need to operate holistically in cloud, increasing the risk of disruption from nimbler attackers with modern technology platforms that enable business agility and innovation.

Companies that reap value from cloud platforms treat their adoption as a business-technology transformation by doing three things:

Focusing investments on business domains where cloud can enable increased revenues and improved margins
Selecting a technology and sourcing model that aligns with business strategy and risk constraints
Developing and implementing an operating model that is oriented around the cloud

CIOs and CTOs need to drive cloud adoption, but, given the scale and scope of change required to exploit this opportunity fully, they also need support and air cover from the rest of the management team.

Four failure modes prevail

Over the past 20 years, there have been multiple disruptions in the way large enterprises host applications—from expensive proprietary processors to commodity x86 architectures, from proprietary operating systems to open-source Linux, and from servers dedicated to a single application to many virtual machines running on a single server. Together these changes have transformed the cost structure of application hosting. Twenty years ago a single small application might run on a $25,000 server. Today, a similar-size application might run on a $5,000 server shared with ten other applications.

Unlike past successful programs to adopt Linux, x86 processes, or server virtualization, implementing cloud is more challenging. First, the thousands of applications a large enterprise might have built over the past three decades need remediation or re-architecting to run efficiently, securely, and resiliently in the cloud. In some cases, companies have found existing applications cost more to run in the cloud before remediation. 1 In the cloud, charges for applications consumer hosting, storage, and network services are based on usage (“by the drink”). Therefore, applications not designed for efficient resource usage can run up large bills with cloud service providers. Required investments often result in an unexciting ROI for cloud migration, at least for companies that have already aggressively optimized their on-premises infrastructure environment. The cost economics of cloud adoption can be much more attractive for companies that can use it as a forcing mechanism to optimize their infrastructure environment or to avoid making a large data-center capital investment.

Second, the economics, skills, processes, and organizational changes required are too complex and span too many different parts of the business for infrastructure heads to manage on their own.

These realities have led an overwhelming majority of large institutions to experience one or more of the following failure modes:

Pilot stall: Companies have succeeded in implementing a few greenfield applications on public-cloud platforms, but the value derived from these programs has been limited. This makes further progress impossible because tech leaders cannot make a convincing business case to extend the use of the cloud platform into the heart of IT’s technology environment.
Cloud gridlock: Cloud initiatives become jammed up in long queues because IT cannot build out the automation or reference architectures required to use public-cloud-platform services in a secure, resilient, and compliant fashion.
No value from “lift and shift”: The migration of significant portions of the technology environment—largely by replacing on-premises virtual machines with off-premises ones without taking advantage of cloud-optimization levers—has failed to significantly reduce costs or increase flexibility. Support for cloud initiatives subsequently collapses.
Cloud chaos: Tech leadership does not have an aligned vision and does not provide the required guidance or management oversight, leaving developers largely to their own devices in configuring cloud services. This leads to very divergent approaches and tooling with significant security, resiliency, and compliance risks.

As a result, although cloud service providers (CSPs) are growing quickly, enterprise cloud adoption has consistently lagged predictions. Multiple surveys performed by McKinsey indicate that large companies host 10 to 15 percent of their applications in the cloud but continue to host the core of their technology environment in traditional data centers. 2 McKinsey Cloud Cube Survey; see also Arul Elumalai, James Kaplan, Mike Newborn, and Roger Roberts, “ Making a secure transition to the public cloud ,” January 2018, McKinsey.com.

Using cloud to enable digital transformation

Only 14 percent of companies launching digital transformations have seen sustained and material performance improvements. Why? Technology execution capabilities are often not up to the task. Outdated technology environments make change expensive. Quarterly release cycles make it hard to tune digital capabilities to changing market demands. Rigid and brittle infrastructures choke on the data required for sophisticated analytics.

Operating in the cloud can reduce or eliminate many of these issues. Exploiting cloud services and tooling, however, requires change across all of IT and many business functions as well—in effect, a different business-technology model.

Success requires CIOs and tech leaders to do three things.

Would you like to learn more about McKinsey Digital ?

1. focus cloud investments in business domains where cloud platforms can enable increased revenues and improved margins.

The vast majority of the value the cloud generates comes from increased agility, innovation, and resilience provided to the business with sustained velocity. In most cases, this requires focusing cloud adoption on embedding reusability and composability so investment in modernizing can be rapidly scaled across the rest of the organization. This approach can also help focus programs on where the benefits matter most, rather than scrutinizing individual applications for potential cost savings (Exhibits 1 and 2):

Faster time to market: Cloud-native companies can release code into production hundreds or thousands of times per day using end-to-end automation. Even traditional enterprises have found that automated cloud platforms allow them to release new capabilities daily, enabling them to respond to market demands and quickly test what does and doesn’t work. As a result, companies that have adopted cloud platforms report that they can bring new capabilities to market about 20 to 40 percent faster. 3 Cameron Coles, “11 advantages of cloud computing and how your business can benefit from them,” McAfee, June 9, 2015, skyhighnetworks. com.
Ability to create innovative business offerings: Each of the major cloud service providers offers hundreds of native services and marketplaces that provide access to third-party ecosystems with thousands more. These services rapidly evolve and grow and provide not only basic infrastructure capabilities but also advanced functionality such as facial recognition, natural-language processing, quantum computing, and data aggregation.
Reduced risk: Cloud clearly disrupts existing security practices and architectures but also provides a rare opportunity to eliminate vast operational overhead to those that can design their platforms to consume cloud securely. Taking advantage of the multibillion-dollar investments CSPs have made in security operations requires a cyber-first design that automatically embeds robust standardized authentication, hardened infrastructure, and a resilient interconnected data-center availability zone.
Efficient scalability: Cloud enables companies to automatically add capacity to meet surge demand (in response to increasing customer usage, for example) and to scale out new services in seconds rather than the weeks it can take to procure additional on-premises servers. This capability has been particularly crucial during the COVID-19 pandemic, when the massive shift to digital channels created sudden and unprecedented demand peaks.

A financial-information provider determined that moving its customer-facing applications to the cloud could enable much faster and less costly responses to market opportunities. For example, hosting these applications in the cloud meant that the cost of setting up operations in a new country would be negligible, when it had traditionally cost at least a million dollars. A health-insurance carrier examined its current project portfolio and found that several billion dollars in additional revenues could be accelerated by cloud adoption. Moving the systems that help it interact with healthcare providers has proven to be especially attractive because of the ability to accelerate the onboarding of new providers.

2. Select a technology, sourcing, and migration model that aligns with economic and risk constraints

Decisions about cloud architecture and sourcing carry significant risk and cost implications—to the tune of hundreds of millions of dollars for large companies. The wrong technology and sourcing decisions will raise concerns about compliance, execution success, cybersecurity, and vendor risk—more than one large company has stopped its cloud program cold because of multiple types of risk. The right technology and source decisions not only mesh with the company’s risk appetite but can also “bend the curve” on cloud-adoption costs, generating support and excitement for the program across the management team.

If CIOs or CTOs make those decisions based on the narrow criteria of IT alone, they can create significant issues for the business. Instead, they must develop a clear picture of the business strategy as it relates to technology cost, investment, and risk.

Where to use the different ‘as-a-service’ options

Just as CIOs and CTOs have long had to make buy-versus-build decisions, in the cloud they must determine whether to procure software-as-a-service (SaaS) offerings or build their own applications to run on infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) services hosted in the cloud. CIOs should work with senior business leaders to determine which business domains have differentiated processes requiring bespoke software and domains that can be supported by SaaS offerings. SaaS has gotten the most traction in functional domains such HR and customer relationship management (CRM), but there are increasingly capable vertical-specific SaaS packages in many sectors as well.

Which services should be indexed in cloud

There are multiple architectural models for running bespoke needs in cloud, each with its own benefits and drawbacks. A clear understanding of what these are is crucial for CIOs who want to create a tailored approach to cloud that embeds operational efficiencies during migration to maximize the benefits:

Consuming traditional virtual machines has the lowest transition costs and implies the lowest level of vendor lock-in but, depending on the application, may not provide much benefit in terms of agility or time to market.
Using CSP native compute (IaaS) with third-party-provided cloud-ready images provides the lowest level of vendor lock-in and limits changes to the infrastructure, providing low levels of benefit for imported availability and maintenance, if deployed with automation.
Refactoring applications to use containerization enables far greater agility, flexibility, scalability, and sustainability with increased productivity. Exact experience varies, with most companies seeing a 12–18-month payback period. When containerization is designed and run with clearly defined standards, it can provide a predictable pathway to support the repatriation of containerized applications from one cloud provider to another. Containerization is most suitable for applications but requires code refactoring during migration from traditional environments. Containerization provides optimized efficiencies, scalability, and abstraction with cost efficiency.
Rewriting an application to be cloud native requires the highest investment but yields the largest improvements in both agility and total cost of ownership. This often requires using proprietary services from a CSP, which may create an unacceptable vendor dependency for some companies.

How to address the loss of the traditional physical-security perimeter

Migrating to the cloud moves applications outside the company’s network perimeter and creates a new security paradigm.

CIOs and CISOs will need to identity how much dependency they will build into their existing legacy network design and traditional security systems. There tend to be three options:

Route traffic through proprietary data centers. About 75 percent of large companies route all cloud traffic through their data center, which attempts to leverage existing traditional perimeter protections. This approach can add 10 to 20 percent to hosting costs and add significant latency, reducing the quality of a user’s experience. In addition, securing cloud requires the deployment of native networking and security tooling to protect cloud activities in parallel. For this reason, fewer than 20 percent of CISOs expect to use this option in the future.
Rebuild the security perimeter in the cloud. More than two-thirds of companies will take the time and invest enough to adopt native network flows using native tooling and configurations with mature full-stack DevSecOps orchestration. Integration with security-service SaaS providers and targeted compliance tooling will be used to protect the dynamic perimeter.
Build “zero-trust applications.” Roughly one-fifth of companies will build zero-trust applications that do not require a network perimeter. Most CISOs believe this model provides the best combination of cost and protection. However, it depends on sophisticated application-development skills that many companies will struggle to develop.

Three actions CEOs can take to get value from cloud computing

How many CSPs to engage

There are a number of major CSPs and several smaller ones. Using multiple CSPs increases engineering and integration costs. Conversely, focusing on one CSP may limit access to some types of innovation and will lock the company into a single provider, which has often been painful in the traditional on-premises world.

Smaller and less technologically sophisticated companies seem to be gravitating toward using a single CSP. Larger companies, however, with hundreds of millions of dollars in technology-infrastructure spend, are more inclined to use multiple vendors, though they will often start with a single CSP. The largest banks, for example, often put significant effort into using multiple vendors, each best suited to different types of workloads.

While some paint an idyllic picture of companies “cloud bursting” (using a mix of private and public cloud hosting to manage peaks of demand) their applications in real time to whichever CSP can provide the lowest-cost capacity, we have not observed this occurring except for very specialized workloads.

How to migrate existing applications

At the highest level, companies can choose to focus remediation on security and compliance fixes and then optimize systems once they are running, or they can choose to optimize as they go. There is no single right answer here; companies must choose the type of risk they wish to underwrite. Migrating and then optimizing later can help break through the gridlock many companies have experienced with their cloud programs. But this approach requires accepting that some applications may cost more in the short term and aggressively preventing application teams from moving on after migration and neglecting to optimize their systems in the cloud.

3. Change operating models to capture cloud value

Capturing the value of migrating to the cloud requires changing both how IT works and how IT works with the business. The best CIOs and CTOs follow a number of principles in building a cloud-ready operating model:

Make everything a product. To optimize application functionality and mitigate technical debt, 4 Technical debt is the implied cost of rework caused by implementing a quick but brittle or otherwise architecturally suboptimal solution. CIOs need to shift from “IT projects” to “products”—the technology-enabled offerings used by customers and employees. Most products will provide business capabilities such as order capture or billing. Automated as-a-service platforms will provide underlying technology services such as data management or web hosting. This approach focuses teams on delivering a finished working product rather than isolated elements of the product. This more integrated approach requires stable funding and a “product owner” to manage it.
Focus on developer experience. CIOs must redesign the technology delivery processes end to end, using cloud-native practices to create a “delightful” developer experience. Applying developer journeys to workflows with modern tooling drives organic adoption and sustainable velocity.
Integrate with business. Achieving the speed and agility that cloud promises requires frequent interaction with business leaders to make a series of quick decisions. Practically, business leaders need to appoint knowledgeable decision makers as product owners for business-oriented products. These are people who have the knowledge and authority to make decisions about how to sequence business functionality as well as the understanding of the journeys of their “customers.”
Cloud scale-out abstracts its infrastructure as code (IaC) to tools that offer multi-CSP and SaaS vendor support (such as Terraform or Ansible) so teams can unify on a common approach that embeds co-creation. Continuous integration/ continuous delivery (CI/CD) automates the provisioning of infrastructure and delivery of applications with embedded risk assessment and security governance “in pipeline” using DevSecOps.
Repeatable patterns (such as logging or building virtual private clouds with defined networks) and security guardrails (such as at-rest encryption or inspection tooling) are coded into reusable components that are published to the IaC tool, which teams can then use in a self-service manner in their platform builds, driving consistency.
Paper-based reference architectures are converted to codified blueprints using modern architectures (containerization, for example) that are composable so teams have the flexibility to swap in and out new capabilities and custom integrations during provisioning.
Secure cloud by design. CISOs must redesign cyber programs, update policies, and modernize controls to build security seamlessly into cloud. This includes shifting risk as early in the provisioning process as possible by embedding guardrails, governance, testing, and security assessment in line to drive uniformed compliance. Infrastructure and security teams should strive to eliminate the human “middleware” and prevent risk before deployment to deliver consistently secured, scalable environments that operate at velocity.
Be agile everywhere. Traditional infrastructure, networking, and security teams must adopt iterative ways of working and codification, utilizing modern development practices of continuous integration and delivery, ensuring cloud builds use a layered approach so changes can be applied granularly with limited dependency or impact on applications and workloads.
Drive cloud skill sets across development teams. Traditional centers of excellence charged with defining configurations for cloud across the entire enterprise quickly get overwhelmed. Instead, top CIOs invest in delivery designs that embed mandatory self-service and co-creation approaches using abstracted, unified ways of working that are socialized using advanced training programs (such as “train the trainer”) to embed cloud knowledge in each agile tribe and even squad. 5 The ACG Blog, “Why ‘central cloud teams’ fail (and how to save yours),” blog entry by Forrest Brazeal, April 23, 2020, acloudguru.com.
Build engineering skills and culture. Some companies have seen technical execution as a commodity and outsourced and offshored development activity but retained business analysts and project managers. Others have rewarded IT staff for deep skills in specific vendor technologies. In contrast, as cloud is based on everything as software, its operating model requires everyone to be software engineers who can traverse multiple technology stacks to deliver integrative solutions , with the primary attribute being that everyone can code and understands modern development practices. But some engineers’ deep subject-matter expertise aligns to cloud providers, and others’ to bespoke product engineering. One institution has set the aspiration that 80 percent of its technology staff will regularly code.
Take a risk-based approach. To prevent security, resilience, and compliance concerns resulting from cloud adoption, top CIOs work closely with their CISOs to develop a clear-eyed view on risk and have rigorous discussions about the best mechanisms for aligning decisions about their technology environment with their risk appetite.

One CTO at a natural-resources company took many of these principles to heart in developing an effective cloud-optimized operating model. He led the implementation of agile ways of working for business product owners, application development, infrastructure, and security. In particular, he invested in unifying a software-defined approach to cloud with infrastructure as code to embed reusability and composability with end-to-end automation, so that developers could provision workloads on cloud with dedicated as-a-service business platforms securely and resiliently. As a result, the company was able to release new capabilities in days rather than months, while limiting risk and technical debt.

How CIOs and CTOs can join forces with leadership to succeed

Given the economic and organizational complexity required to get the greatest benefits from the cloud, heads of infrastructure, CIOs, and CTOs need to engage with the rest of the leadership team. That engagement is especially important in the following areas:

Technology funding. Technology funding mechanisms frustrate cloud adoption—they prioritize features that the business wants now rather than critical infrastructure investments that will allow companies to add functionality more quickly and easily in the future. Each new bit of tactical business functionality built without best-practice cloud architectures adds to your technical debt—and thus to the complexity of building and implementing anything in the future. CIOs and CTOs need support from the rest of the management team to put in place stable funding models that will provide resources required to build underlying capabilities and remediate applications to run efficiently, effectively, and safely in the cloud.
Business-technology collaboration. Getting value from cloud platforms requires knowledgeable product owners with the power to make decisions about functionality and sequencing. That won’t happen unless the CEO and relevant business-unit heads mandate people in their organizations to be product owners and provide them with decision-making authority. Some companies have explicitly combined tech and business teams.
Engineering talent. Adopting the cloud requires specialized and sometimes hard-to-find technical talent—full-stack developers, data engineers, cloud-security engineers, identity and access-management specialists, cloud engineers, and site-reliability engineers. Unfortunately, some policies put in place a decade ago to contain IT costs can get in the way of onboarding cloud talent. Companies have adopted policies that limit costs per head and the number of senior hires, for example, which require the use of outsourced resources in low-cost locations. Collectively, these policies produce the reverse of what the cloud requires, which is a relatively small number of highly talented and expensive people who may not want to live in traditionally low-cost IT locations. CIOs and CTOs need changes in hiring and location policies to recruit and retain the talent needed for success in the cloud.
Rational risk assessment. It’s not uncommon for security, resiliency, and compliance concerns to stop a cloud program in its tracks. CIOs and CTOs can help leaders to understand risk issues and how to mitigate them, and how to work with CEOs and other business leaders to place cloud risks in the context of existing on-premises risks.

The recent COVID-19 pandemic has only heightened the need for companies to adopt digital business models. Only cloud platforms can provide the required agility, scalability, and innovative capabilities required for this transition. While there have been frustrations and false starts in the enterprise cloud journey, companies can dramatically accelerate their progress by focusing cloud investments where they will provide the most business value and building cloud-ready operating models.

Jayne Giemzo is a digital expert in McKinsey’s Brisbane office; Mark Gu is an associate partner in the New York office, where James Kaplan is a partner; and Lars Vinter is a partner in the Copenhagen office.