It's ironic, but most SaaS companies don’t invest in their own technology. Instead they rely on AWS or Google or Microsoft for their infrastructure, scaling and storage needs. You can’t blame them, really. Turning over infrastructure to the public cloud has its benefits, faster development cycles and speed-to-market being two. Part of the cloud’s well-earned mythology is that it enables more innovation and keeps companies competitive in a world always threatening to leave them behind. As far as most SaaS companies are concerned, the cloud is a beautiful place.
Something Is Amiss in the Cloud
On closer inspection though, something’s amiss in the cloud. Capital One made news for falling victim to a massive data breach that left millions of customers exposed when the company moved onto AWS. These breaches have become common in a world where businesses and consumers alike have learned to live with a degree of vulnerability concerning data. In Capital One’s case, it was a former AWS-employee-turned-hacker who exploited some lax security protocols. An aberration — so Capital One and AWS would like people to believe. The more worrying trend is the fact that sensitive customer data like social security numbers were sitting on unencrypted public servers.
By recent estimates, cloud security mishaps like Capital One’s often stem from misconfigurations of the service. Over 90% of breaches involve a misconfigured setting somewhere that exposes a vulnerability. Such mistakes are quite common. If it’s that easy to undo a public cloud’s security protocols, if cloud providers can’t or won’t apply more rigor to the implementation, cloud customers have to ask if it’s worth the cost.
Companies like Amazon's AWS, Microsoft's Azure and Google Cloud fetch incredibly high annual contracts, often in the hundreds of millions of dollars, from SaaS companies using their service. In lean times, these costs can be crippling. In good times, the costs go up as the business grows, and not in a particularly sustainable way.
Take Snapchat, which in 2017 committed to paying Google $400 million per year for five years to use its cloud infrastructure services. To put that figure in context, the company generated $404 million in total revenue in 2016. When the deal with Google’s up, it will have to renegotiate and hope it doesn’t wind up paying even more.
Related Article: Choosing a Cloud Provider for Business Innovation
Knowing When the Public Cloud's Bad Outweighs the Good
For venture capital (VC)-backed companies yet to turn a profit, going all-in on the public cloud poses significant risk. When a company cedes decision-making privileges to its financial backers, suddenly, investing in their own technology stack over simply renting on the cloud becomes a matter of “priorities.” If owning and running your own data center isn’t tied to your investors’ immediate ROI, good luck building it at all.
That’s partly what tilts the scales so heavily in the public cloud companies’ favor. Their customers, particularly startups in tech-adjacent fields trying to scale quickly, are all but disincentivized from investing in their own infrastructure. And the longer a business stays in the cloud, the harder it is to leave. What initially seemed like a lean, cost-efficient venture turns into an albatross. As the business matures and its needs get more sophisticated, it must make up more ground to support those needs. It turns to shortcuts and patchwork to service its software applications. Meanwhile, its technical debt mounts right alongside its financial debt, all but guaranteeing that migrating to a private or even hybrid solution will be painful and costly.
Of course, leaving the cloud is possible. Dropbox, initially the poster child for the public cloud revolution, picked its spot and started migrating from AWS’s cloud services to its own custom infrastructure back in 2015. Within a couple years, it saved $75 million in operating costs.
In an honest reckoning, most companies will realize that sooner or later the public cloud’s bad outweighs the good for their business. This makes that initial upfront investment in infrastructure and interest in slow growth seem a lot sweeter.
Related Article: Thinking of Moving to a Public Cloud? Think Again