Cloud vs On Premise - What Are The Risk Management Trade-offs?

(1) Availability - When you host on-site, you have some control over system availability. However, keep in mind that both hosted and on-premise sites are sensitive to the same issues - power outages, network outages, denial of service attacks, etc. Most hosting companies provide secondary data centers and backup and recovery services to ensure high availability.

(2) Security - make sure the hosting company is at least as secure as you are. Most companies overestimated their security controls so you might want to have an independent security audit performed. Most hosting companies are actually MORE secure than their on-premise counterparts but this is offset by one factor: Large hosting companies are a more attractive target of attack simply because they tend to be large targets.

(3) Cost - if not managed properly, costs for hosting can exceed on premise costs, negating one of the primary motives for moving to the cloud. Do a thourogh cost/benefit analysis before you make the decision to move to the cloud.

One last point - a well implemented hosting solution should be able to provide your users with an experience that is as good as or better than can be provided via an on-premise solution. For some systems, like email, there is little or no incentive to keep an on-site presence. The security and availability risks for email are essentially the same regardless of where the service is installed because information must necessarily 'traverse the fire wall' to be useful (emails are only 100% secure if you never send them). If you want to explore moving to the cloud, email is a great starting point. We use Microsoft Office 365 and have not had any issues with the service (full disclosure: we're a small company with relatively light email volume).

Recognize that risk will shift away from technology to the business. SaaS ERP systems can be implemented faster, cheaper, and easier than on-premise counterparts. This is true for the technology iteself since there is no software to implement on-site and there is less need for a physical infrastructure to support the solution. Also remember that if the Cloud provider can guarantee a secure reliable offering they will not be around for long! Do you homework on the top Cloud providers and you will not be disappointed.

Some people argue that the tradeoff is relative lack of flexibility, and as a result, CIOs and CFOs are forced to spend more time addressing organizational change management and training issues since the solutions can’t be easily changed to fit business needs, increasing the pressure on the organization to change its business processes and people. Frankly I think this is not well founded in that many Cloud based offerings are flexible and offer several ways to configure the system. Personal experience has validated this.

ERP implementations can be difficult, costly, and potentially risky to any organization, regardless of whether you’re implementing on-premise, SaaS or cloud ERP solutions. In my experience I have found that Cloud based implementations tend to go quicker and smoother than my experience with on premise. This is partly attributable to Cloud provides offering a straight-foreword implementation process and then allows the user to tweak as they go - the crawl, walk run analogy is applicable here.

Do not make the mistake of assuming that business processes don’t need to be redesigned, employees don’t need organizational change management, or adequate resources aren’t required to make the project successful. Mismanaged expectations are one of the root causes of ERP failures in general, this holds true regardless of offering you are implementing.