September 16, 2024
“If I had used the word ‘repatriation’ three years ago, I would have been labelled as a data centre bigot.”
Allan King sat back, shook his head and forced a half smile.
On occasions, the cloud conversation has mirrored today’s society – in which alternative views have often been chastised rather than challenged.
Up in the sky, those quick to assign dinosaur tags and brand considered argument as outdated thinking. Down on the ground, those ignorant to change and committed to scaremongering.
All up, a complete absence of intellectual debate and spirited disagreement.
“The cloud pendulum has swung – as it always does after the bright, shiny new thing has been swallowed – and has landed somewhere in the middle,” said King, speaking as Managing Director of Infront Systems.
“Three years ago, we were a big Microsoft partner but given our history in the infrastructure space, that would have been our label. But now, the industry has evolved into a workload conversation. Is this workload fit for cloud? No, then run it on-premises. Yes, then build it for cloud and run it that way.”
In launching and leading Infront – a Canberra-based system integrator and managed service provider that entered the market in 1998 – King is driving a wedge between two extreme ends of the argument.
“Customers are now saying that they need to repatriate workloads because it’s costing too much, this is becoming a commercial decision based on price,” King added. “It was never fit for purpose in the first place and should never have been migrated.
“The promise was that cloud was simple and cheap. We talk to a lot of customers and are quick to debunk the industry saying of, ‘you only pay for what you use’. Actually, you pay for what you deploy.”
According to Barclays CIO Survey 2024 findings, 83% of enterprise organisations plan to move workloads back to private cloud from public cloud. This data point has been frequently cited by Michael Dell – CEO of Dell Technologies – and branded as “not surprising”.
Supporting this position is IDC, which recently reported that 80% of businesses expected to see some level of repatriation of compute and storage resources during the next 12 months.
“We started to see repatriation from the moment public cloud was mainstream,” noted Natalya Yezhkova, Research Vice President at IDC. “There’s always some activity around repatriation, and the level of activity isn’t dropping off.”
Offering an alternative viewpoint is Gartner however, which expects public cloud end-user spending to eclipse the one trillion dollar mark before the end of this decade.
The analyst firm documented that worldwide end-user spending on public cloud services is forecast to grow 20.4% to total $675.4 billion in 2024, up from $561 billion in 2023. This growth is being driven by generative AI (GenAI) and application modernisation.
“The continued growth we expect to see in public cloud spending can be largely attributed to GenAI due to the continued creation of general-purpose foundation models and the ramp up to delivering GenAI-enabled applications at scale,” said Sid Nag, Vice President Analyst at Gartner.
Closer to home, the no.1 priority for Australian organisations during the next 12 months is cost control and expense management. That’s according to Moxie Research – which extensively surveyed 251 IT decision-makers in Australia during February 2024.
Based on the local data, 38% of companies are challenged by the rising costs of running technology and doing business, with cloud management ranking as the third most important solution deployment priority in 2025. This is behind only artificial intelligence (AI) and cyber security.
Looking ahead, CIOs are increasing focus on the following initiatives in the short- to medium-term:
Within that context, 50% of businesses are now questioning pricing models and tightening technology spend with 45% demanding increased levels of return on investment (ROI) on projects that are either already running or upcoming.
Occupying ground somewhere in the middle of such evolving end-user expectations is Infront, which specialises in the deployment of hybrid cloud solutions across public and private sectors.
“Businesses ran very quick to cloud but 2-3 years later, started suffering from the cost and compliance issues that came with it,” King added. “Whether public or private sector, pretty much every agency or organisation that has moved to the cloud is now tasked with managing the cost of the move.”
Building cloud governance from the ground up
Like many businesses in Australia, the journey to cloud has been somewhat of a rollercoaster ride for King.
In late 2015, the serial entrepreneur moved ahead of the chasing pack with the launch of Buttonwood Cloud Exchange – spun-off from Infront to compete in the emerging orchestration and governance market.
This was no opportunistic move however, rather a considered and calculated strategy that cost the business nearly $10 million in research and development (R&D). But the competition was fierce with global vendors dominating the market, chiefly VMware Aria, Red Hat Ansible and Terraform by HashiCorp.
“We ran the race with orchestration and governance with our own automation engine,” King explained. “But about two years into a four-year journey, we realised that race was already won by those established vendors. So we pivoted to address the governance aspects of cloud.”
In response, Infront has launched Cloud Governance-as-a-Service (CGaaS). This multi-cloud governance and continuous compliance service is designed to manage “stringent” government – such as Information Security Manual (ISM) and Essential Eight – and commercial security and operational risks.
Once again, this is the product of an unwavering commitment to gather unfiltered market insights.
“I carried out 18 months of research and spoke with every customer that I could get my hands on,” King recalled.
Whether over breakfast, lunch or dinner, King was relentless in engaging with executives tasked with managing the financial aspects of cloud. This was feedback on steroids with the primary aim of better understanding the risk and providing a resolution to that risk.
“They all agreed in the first principle that they didn’t know what they had,” King shared. “They didn’t understand because a single application could be made up of 10 or 20 different cloud services.
“Are they sized correctly? Is that architecturally deployed properly? Is it configured in a secure manner? Am I overpaying? Do I have authored assets?
“It’s a very complex conversation to have and on that basis, businesses can’t even start down the path of optimising cloud spend because they don’t know where to start.”
In the first instance, the primary problem was tags – a label designed to provide greater visibility on cloud usage and costs across functions.
Government agencies and businesses receive 10 million lines of billing skews on a weekly, monthly or annual basis. Within that deluge of data, organisations are struggling to truly understand cost breakdowns.
“Without metadata, you can’t spin that data – it’s just an amorphous mass,” King qualified.
Hence the first part of the FinOps engine which focuses on INFORM. This allows organisations to assess cloud environments at an application layer, before aligning critical elements to demonstrate where spend is linked to cost centres or business owners.
Part of the blueprint is a responsibility matrix to provide context behind the ownership metrics and to outline the true definitions of each – “otherwise it’s just words on a piece of paper”.
“We had to ensure accountability because the FinOps practice itself is responsible for the well run,” King noted. “But the teams you are dealing with are accountable for the outcome but they can’t do it alone because of the need for subject matter experts – whether financial or technical within the organisation.”
The team at Infront has spent the past 12 months documenting every process, input and output to improve exception based management capabilities by highlighting what’s running well and what’s not.
Underpinning this is processes and tooling to identity issues, raise them up as a blip and then allow the FinOps team to engage and solve.
“But the reason why the blueprint is so important is because those KPIs and responsibilities are now contextual,” King added. “Now, if you’re responsible for A – this is what A means, this is the process, this is what you’re managing and this is what you’re measuring.”
As a result, an effective communication strategy is taking place which requires buy-in from all key stakeholders to change the culture of cloud through information.
Following INFORM is OPTIMISE.
Through CGaaS, organisations can start making changes if a deviation from best practice occurs – such as spending more money or architectural challenge points.
Completing the three-step approach is OPERATE.
“Many customers want to get on the DevOps journey and the whole idea of cloud is that everything is created by code,” King said. “When you extract information out of cloud, it’s extracted as code which is how we run compliance because the data is there. Therefore, deploying cloud is actually deploying by code as well.”
At the heart of CGaaS is a ‘crawl, walk, run’ maturity approach to performing cloud governance which enables organisations to start small, and grow in scale, scope and complexity as business value warrants the maturing of functional activity.
Targeting businesses that are either preparing to move to cloud or are already operating at scale, the offering is anchored on achieving a “disciplined, but pragmatic approach” to governance and compliance across multi-cloud environments.
“This is achieved by DevOps and a shift-left mindset,” King detailed. “When you shift left, you ensure code is created out of best practice, from approved patterns and is secure on deployment. Not a deployment in cloud which has security holes and requires teams to come back and fix retroactively.
“There’s a very specific set of maturity steps that businesses need to go through but no organisation is even getting the metadata right today.”
Buyer’s remorse or cloud contentment?
On the topic of cloud governance – whether in Australia or overseas – IT executives are spinning heads listening to a divided market.
A shoulder angel on one side, a shoulder devil on the other – both accessing thoughts and introducing ideas.
For some, infrastructure vendors represent a conscience exposing rising cloud costs. For others, it’s nothing more than ill-advised temptation to resist change regardless of the benefits.
“That’s a correct assessment,” King accepted. “The hyperscalers don’t believe there’s a problem but that’s because they get paid – particularly the sales reps – on consumption.
“We’ve been told by a former executive at Microsoft that no sales rep will ever sponsor or support our initiatives because we are focusing on the optimisation of cloud spend. And we’re a gold partner of Microsoft.”
According to King, the hyperscalers – whether that be Microsoft, Amazon Web Services (AWS) or Google Cloud – are playing the role of devil’s advocate to counter the work of Infront in this space.
“The line is, ‘you don’t need any third-party process or tooling because we do everything’,” King explained. “But the tooling isn’t fit for purpose. It’s not designed to provide the insights required to operate a well run cloud. It’s not in their interest or aligned to their incentives.”
The irony for King is that when Buttonwood Cloud Exchange was presented to customers almost 10 years ago, the product was branded as too mature for the market need. Notably, the offering was viewed as at least 3-4 years ahead of most environments.
“Because the concept was governance, best practice came after the event,” King said. “Everyone sprinted to the cloud but now, businesses want help solving the problems that this approach created.”
For example, CGaaS provides ISM compliance as part of the platform. In Federal Government and now more broadly across the public sector, approximately 107 technical controls exist that are required to be applied in cloud to secure environments.
The team at Infront built secure environments and landing zones for customers ensuring certification via third-party security consultants.
“Then on day one, we gave them the keys to the kingdom and they ran forward doing everything they needed to do,” King added. “If we went back to those customers today and asked, ‘are you still compliant?’ They wouldn’t have a clue because there’s no simple way of understanding, it’s a very technical and difficult problem statement.
“So we spent 12-14 months writing policy as code outcomes allowing organisations to take business risks, codify them and then raise them up as security posture problems within their environment.”
In a note of clarification, King was quick to stress that FinOps as a concept is not anchored in the need for cost savings – that is a small part of the overall approach.
“It’s about getting value for money in cloud,” King confirmed. “It’s not about throwing everything at cloud and then complaining about the bill.
“It’s about doing the migration well and then following strong practices to understand the risks and optimise costs. They might be simple actions but they are increasingly difficult to get on top of for businesses today.”
Inform your opinion with executive guidance, in-depth analysis and business commentary.