Skip to main content

Why we use the cloud: security and efficiency

Posted by: , Posted on: - Categories: Common technology services


When you’re updating or procuring IT solutions it’s worth evaluating cloud services first. In the first post I listed the benefits for tech and support. In this second blog post I’m going to list some financial and security benefits of cloud adoption.

Avoid upfront investment

Onsite solutions require significant upfront investment, even if the software being used is free of charge or open source. Data centres, networks, servers, storage and operating systems are required to host even the most trivial enterprise software. All these supporting components require a lot of of time and money to build well and maintain. Periodically these parts will require major upgrades.

Cloud Software as a Service (SaaS) is typically pay as you go. There’s no upfront investment.

A future decision to migrate to a new solution is not bound up by concerns about what has already been spent. When a service is no longer used, it no longer costs money.

Low levels of upfront investment mean reduced risk. Small scale trials of solutions can be undertaken, and radically changed, or abandoned, with minimal cost.


On-premises solutions require a business plan that looks at today’s pricing, and some years of maintenance and support in the future.  These costs, the price of licenses, computing power, labour and so on, rarely fall significantly over the lifetime of a product or service.

It is very hard to work out the real cost of an on-premises solution, as a number of different investments and operational costs must be factored in, and enterprise software licensing can be fiendishly complex.

Conversely, cloud services keep getting cheaper. Competitive pressure, improved hardware and increasing utilisation rates are driving down costs in SaaS and in Infrastructure as a Service (IaaS) too.  Pricing is usually very simple and transparent, and there are no hidden costs to worry about.

Greater efficiency

IT systems have traditionally had a high demand for power, and the power consumed is a source of air pollution and expense. On-premises systems typically have lower than ideal levels of server and storage utilisation, resulting in power waste and large bills.

Public cloud systems are typically housed in the most energy efficient facilities, which helps drive down power demand, but also has high levels of utilisation. This further reduces the power and costs required to deliver a service.


Password proliferation is the bane of many users lives.  Fortunately many cloud services now support automatic sign-in. This is based on widely adopted and supported identity standards. The result is a great user experience. A user signs in once to unlock their device, starts their web browser and the services they need just work, without the need to remember any usernames or passwords.


Adopting cloud services should have a very positive impact on information security.  Using a browser to consume data means there is less information stored on devices.  Upgrades and security patches are constantly applied. Using federated identity can make data access revocation easy.  

Many cloud services provide excellent methods for the audit and control of resources supporting information assurance.  The size and expertise in security teams of cloud providers makes for high levels of assurance of data security.  

Another area in which cloud providers tend to excel is in separation of duties: software development is removed from hardware and data centre management, and the logical management of data is left to the customer.  All these benefits can add up to a much improved data security posture which is easier to audit and maintain.

Consume with confidence

Not all cloud services are good enough.  To help with evaluations, we have jointly published a series of guides with CESGincluding the cloud security principles, which can help purchasers select suitably robust and secure services.

Common Technology Services is interested to hear your experiences with cloud services in government. Email us, or use the comments feature below.

Sharing and comments

Share this page

1 comment

  1. Comment by Adam Turner posted on

    Are you looking at a guide to cover the environmental/sustainability aspects at all? As you say, not all cloud services are good enough and I would think that we should be pushing hard on things like a minimum threshold for PUE, minimum access to data for government reporting on energy use, clear boundaries for responsbilities around carbon emmissions, supply chain and resilince information of the kit we are consuming as a service, data deduplication.....