By Mike Brown, Principal, Deloitte Consulting LLP
Over the last couple of years, I have seen a big shift in how companies perceive the risk of moving their finance function to the cloud. Just a few years earlier, it was typical for clients thinking about such a move to come to the table with a laundry list of concerns, especially around security. They had serious questions about everything from cyber-attacks and physical security to encryption, system access, and statutory compliance. Basically, they wondered if it was too risky to store sensitive financial data in the cloud.
Today, I feel confident in saying that we’ve moved past these early doubts. Critical questions around security have been answered and the technical issues largely solved. And while a few companies continue to run their finances on premises, the vast majority now accept—if not eagerly embrace—the cloud as the leading venue for managing nearly every aspect of their financial operations.
The path companies have taken to embracing the cloud for finance parallels the “journey” many companies took a few years earlier when they moved non-financial functions like HR and CRM to the cloud. Although skeptics questioned the wisdom of storing employee and customer data off site, where it was perceived as more vulnerable to breaches, that didn’t stop companies from recognizing the power of the cloud to generate significant business value in the form of lower costs, easier upgrades, better disaster recovery, and much more. In the end, the business case for the cloud proved so compelling that issues like security—though necessary to address—no longer stood in the way. Cloud providers helped seal the deal by providing security protections equal to, if not stronger than, the many advanced on-premises systems.
The risk for finance organizations is not substantially different. Breaches of customer or employee data can be just as damaging as internal financial data breaches, so the same standards apply. If there is a difference, it lies in the fact that financial executives are required to sign off on their company’s financial statements, in effect putting their personal credibility on the line. So it’s no surprise they take this step in the journey very seriously.
But just like the sales, marketing and HR organizations before them, many finance organizations are moving to the cloud, and for the same underlying reason: the cloud generates tremendous business value.
Many of the conversations we have with clients start by defining this value. We’ll take stock of the challenges a company is facing with its current on-premises finance applications—such as slow reporting and complex upgrades—and estimate the cost of staying on premises, including any capital investments needed to modernize the data center, improve disaster recovery, or bolster security. In many cases, the cloud model offers clear cost advantages for finance. Cloud finance apps can also help accelerate period close cycles and provide analytics to executives faster, improving decision-making.
The desire for system consolidation drives a lot of our conversations with clients, many of whom are seeking to unify disparate systems they’ve inherited from mergers and acquisitions. But trying to unify organizations by integrating diverse on-premises apps and licenses can be an enormously complex and costly undertaking. In my view, it’s a dead-end road compared to going with an easily scalable cloud solution.
Increasingly, we are seeing companies interested in opportunities for digital transformation. The cloud is a great platform for enabling agile new business capabilities, such as consumption-based billing, that underpin these transformations. Increasingly, digital transformation means handling large volumes of transactions—whether for subscriptions, micro-transactions, or advertising revenue—and the cloud offers a uniquely scalable environment for processing these volumes in a timely manner.
Many of the CFOs I work with are quite comfortable running their company’s finances in the cloud. Many have been relying on outsourced providers for their payroll and credit card transactions for years without incident. And many CFOs, when they look into it, discover that their existing on-premises systems can’t match the security protections offered by cloud providers—especially established vendors with deep pockets to invest in security and R&D. IT departments that do not already have a checklist of security requirements are those that should already be moving to a cloud model, since it’s clear they haven't put formal controls in place internally.
I’ve found that for many finance organizations today, the biggest pain point isn’t cyber-attacks or physical security. It’s how to enforce internal controls like “segregation of duties” that assign financial management duties to separate individuals to decrease risk. In this regard, some cloud environments can present a challenge because so many new cloud solutions have hit the market in recent years that it’s not uncommon for companies to run a grab bag of different cloud services—one for procurement, another for expense reporting, a third for payroll, and so on. This mix of unconnected cloud services can have the unintended effect of making it tougher to enforce segregation of duties.
Subscribing to a hodgepodge of cloud-service vendors can also create data integration headaches for clients—not to mention the chore of keeping up with twice-a-year application updates from each vendor (with each one following different release cycles and regression testing schedules). This is where Oracle’s suite-based approach to cloud services can be compelling for our clients. You get all the advantages of the cloud minus the connection and application-update pains. Plus, having a broad set of applications driving business value in a single cloud helps reduce your exposure to security threats. You have better control over segregation of duties, fewer disparate tools accessing confidential data, and fewer unsecured shadow applications. Not surprisingly, we are seeing more companies take a closer look at solutions that cover a spectrum of business functions in a single, unified ERP and EPM cloud.
Whether companies choose a point or a suite approach, the trend toward moving finance to the cloud is here to stay. And if there are deal-stoppers left on the table, security is unlikely to be one of them. In fact, whenever I hear clients express concern about security in the cloud, it’s usually because they feel they’re being “pushed” to the cloud by vendors and simply haven’t had the opportunity to clearly define the cloud’s business value potential. But once they do, their concerns invariably fall away, just as they did for the earlier generation of companies that moved their HR and CRM applications to the cloud.
If you’re looking at migrating to the cloud, but aren’t sure how to get started, I invite you to read our CFO guidebook, “Best Practices for ERP Cloud Migrations.”
Mike Brown is a principal with Deloitte Consulting LLP and serves as US Oracle Cloud ERP & Technology Services Leader. Mike has 20 years of experience in technology strategy and planning, solution architecture, and implementation. Whether it’s implementing an advanced, enterprise application infrastructure or establishing enterprise-wide solutions for systems integration and business intelligence, Mike’s focus is on helping clients make the most of their technology investments, enabling them to run their businesses more effectively.