https://azure.microsoft.com/en-us/pricing/details/managed-disks/

Disillusionment

Were you surprised by the results of the sanity check? Did you expect on-prem to outperform, or were you leaning toward cloud? While the sanity check showed cloud coming out ahead, it's important to remember that this was just one example of on-prem pricing. I could lower the on-prem costs further with some adjustments. My main takeaway from the sanity check is that the pricing gap between the two shrinks considerably when we optimize both on-prem and cloud infrastructures, particularly for resources like virtual machines and storage.

So, why do we keep hearing about the high costs of the public cloud and the trend of moving workloads back to on-prem? There are several reasons for this, and understanding where organizations are in their cloud adoption journey provides some insight. Most companies follow the "hype cycle" outlined by Gartner. If we look at the trough of disillusionment, we can see that many enterprises are entering or leaving this phase, depending on where they are in their cloud journey.

The disillusionment phase is when companies question whether the public cloud meets their expectations. Before this, they were at the "peak of inflated expectations," believing the cloud would solve all their problems. During disillusionment, reality sets in, and one of the primary concerns is cost. Media headlines like "The Cost of Public Cloud is Out of Control" or "We’re Moving Back to On-Prem" are typical during this phase. However, this isn’t unique to the cloud—it happens with most emerging technologies. 

It's also worth noting that only some organizations move through this cycle simultaneously. Some may have already passed through disillusionment, while others are just entering it. During this phase, the blame is often placed squarely on the public cloud, especially around costs. But the real story goes deeper. In most cases, the problems stem from how the organization adopted the cloud, not the cloud itself. The following section will explore why organizations struggle with their cloud strategies. The key takeaway is that we shouldn't simply blame the public cloud for these issues—instead, we should dig deeper to find the root causes.

Flight Plan

This section may sound like something from a 1970s disaster movie: "Captain, did you file a flight plan?" "No." Without a flight plan, there’s no way to know if the plane has enough fuel to reach its destination—let alone where it's headed. Of course, this would never happen in real life (or even in a movie). So why should it happen when an enterprise adopts the public cloud? 

It's easy to check if your organization has made the mistake of not creating a "flight plan" for public cloud adoption. Just print out the business plan to guide the cloud adoption process. If it doesn't exist, that’s a red flag. Without a well-thought-out plan, understanding the costs of public cloud becomes nearly impossible. Without precise projections for the costs of post-migrated workloads running in the cloud for the short, mid, and long term, there’s no way to anticipate if those workloads will become cost-prohibitive as cloud expenses increase.

Not only that, but without a business case to stress-test costs, there’s no way to understand the financial impact of running these workloads in the cloud over time. What are the short-term, mid-term, and long-term costs? How do they compare to on-premises expenses? And, more importantly, what risks do these workloads pose as cloud costs fluctuate? Without these answers, you're essentially flying blind.

If your enterprise hasn't developed a solid business case for cloud adoption, it’s like navigating a plane in the dark without a flight plan. This lack of planning can quickly lead to the belief that moving to the public cloud was a mistake. But the real issue isn’t the cloud itself—it’s the lack of a plan. Without a resource projection that outlines where cloud adoption began, the on-premises costs of each workload, and current and future cloud costs, you can’t know where you stand. And unfortunately, things are likely to get worse without this crucial insight.

A poorly developed—or nonexistent—business case for cloud adoption is a sign of poor cloud planning. A well-developed business case, on the other hand, is like a flight plan for your organization’s journey to the public cloud. It enables you to understand each workload's costs and the future financial implications of running them in the cloud. The business case should capture the cost of operating in the cloud, including stress-tested projections showing how expenses will evolve in the short, medium, and long term. It also provides a complete picture of the total cost of ownership for the cloud, which is essential before moving any workload to the public cloud.

Impact 

Failing to create a solid business plan for public cloud adoption can have significant consequences for the entire organization, much like a pilot attempting to fly without a flight plan. A comprehensive strategy is necessary to maintain financial management and the company's operational efficiency and strategic direction. Here are the key impacts on the organization:

• Unpredictable Costs and Budget Overruns Without a detailed "flight plan" for cloud adoption, organizations often face unpredictable cloud expenses. The lack of a clear cost projection for workloads can result in significant budget overruns, as cloud costs can increase unexpectedly. This unpredictability makes it difficult for financial teams to allocate resources effectively, causing potential disruptions in cash flow. The result is a cycle of reactive spending, where the organization constantly tries to catch up rather than proactively managing costs.

• Lack of Financial Visibility and AccountabilityThe absence of a well-thought-out business case leads to limited financial visibility. Teams need a clearer understanding of the short-term, mid-term, and long-term costs associated with running workloads in the cloud, making it nearly impossible to compare these expenses to on-premises costs. Without a detailed cost-benefit analysis, decision-makers are left without the crucial insights needed to evaluate whether cloud adoption delivers the expected value. This lack of transparency may hinder accountability, as stakeholders cannot track cost drivers or understand how individual workloads contribute to overall cloud expenditure.

• Wrong Interpretation: On-Premises Is Lower Cost Without a proper "flight plan," organizations may wrongly conclude that on-premises infrastructure is a lower-cost option than the public cloud. This misinterpretation arises because no clear information exists on which workloads are better suited for the cloud versus on-premises environments. Without an accurate comparison of on-premises and cloud costs, including a detailed assessment of workload suitability, decision-makers may feel pressured to repatriate workloads back to on-premises to reduce costs. However, this decision is often made reactively, based on incomplete information, rather than through a strategic evaluation supported by a well-developed business case. As a result, the organization ends up chasing costs without fully understanding the long-term financial and operational implications of such moves.

• Operational Inefficiencies and Increased RisksA missing flight plan affects not only financial aspects but also operational efficiency. Cloud adoption with a proper plan often leads to better-architected cloud environments, affecting performance, security, and scalability. This can result in increased risks, including under-provisioned resources leading to performance bottlenecks or over-provisioned resources leading to wasted spend. Furthermore, a resource roadmap is needed to align cloud capabilities with business objectives, limiting the organization's ability to leverage cloud services to drive innovation fully.

• Erosion of Stakeholder ConfidenceWhen cloud adoption leads to unpredictable expenses, inefficiencies, and unclear results; stakeholder confidence can erode quickly. Executives and investors expect to see a clear return on investment, and when costs spiral out of control without corresponding value, the cloud initiative may be perceived as a failure. This can jeopardize future technology investments as stakeholders grow increasingly skeptical of any initiative involving significant upfront costs without a clear, detailed plan to ensure a positive outcome.

• Difficulty in Measuring SuccessWithout a "flight plan," it becomes challenging to measure the success of cloud adoption initiatives. A business case provides benchmarks, milestones, and performance indicators that help track progress and evaluate whether cloud adoption meets business objectives. The absence of these measures makes it difficult for the organization to assess whether it is on the right path, leading to misguided adjustments or premature abandonment of cloud strategies. Organizations may invest in unnecessary cloud services or overlook potential optimization opportunities simply because there is no structured way to evaluate the impact.

• Reactive Instead of Proactive Decision-Making Organizations without a well-developed cloud adoption plan often find themselves in a reactive state, constantly trying to resolve issues as they arise rather than proactively managing cloud resources. This reactive approach makes it hard to take advantage of the cost-optimization features provided by cloud providers, such as auto-scaling, reserved instances, or efficient storage management. A proactive plan, on the other hand, allows the organization to stay ahead of potential issues, anticipate resource needs, and optimize spending—ultimately driving better business outcomes.

Not having a "flight plan" for cloud adoption is not just a minor oversight; it is a critical failure that can have lasting repercussions on the organization's financial stability, operational efficiency, and overall strategic direction. A well-developed business case guides cloud adoption, helping the organization anticipate costs, optimize workloads, and align cloud strategy with business goals. Just like a pilot wouldn't take off without a flight plan, enterprises shouldn't embark on their cloud journey without a comprehensive approach.

Apples vs Frogs

When comparing on-premises infrastructure to public clouds like Azure, it's easy to think they’re similar—after all, they both provide computing resources. But let’s get one thing straight: this is like comparing apples to frogs. The richness of the public cloud environment is unmatched by traditional on-prem setups, and it's not just about having a few more servers in someone else's data center. Public clouds like Azure go far beyond that, offering a comprehensive ecosystem that simplifies governance, security, availability, and scalability in an almost impossible way to replicate on-premises.

Governance, Security, and Best Practices

Public clouds like Azure come with governance tools and frameworks deeply embedded into their core—think about Azure Policies and Blueprints that help you effortlessly keep your environment compliant. Azure Policies allow you to enforce organizational standards and assess compliance at scale. At the same time, Azure Blueprints provide a way to define and deploy a repeatable set of resources that adhere to those standards. Implementing these same governance frameworks on-premises would take considerable time and expertise, and it would still probably fall short of what’s available in the cloud. Azure integrates best practices right out of the box, helping organizations streamline compliance and reduce the chance of misconfigurations, which is one of the leading causes of data breaches.

Azure Entra ID is a perfect example of what the public cloud brings to the table that on-prem setups simply can't. Azure Entra ID provides advanced identity and access management features such as Conditional Access, identity protection, and identity governance. Conditional Access allows you to enforce policies that provide contextual access control to apps, ensuring that only the right people get access under the right conditions. Identity Protection helps detect and remediate potential vulnerabilities using machine learning to identify suspicious activities like atypical sign-ins. Identity governance ensures that users access resources appropriately through features like access reviews and privileged identity management. Combined with Multi-Factor Authentication (MFA), these features secure every entry point, providing a layered defense that’s incredibly difficult to replicate in an on-prem environment.

Azure operates on a zero-trust model, meaning that every request, whether from inside or outside the network, is verified before granting access. This approach actively seeks out potential threats, ensuring security constantly evolves to address new challenges. Azure also uses Risk-Based Vulnerability Assessment (RBVA) across services to identify potential vulnerabilities and provide mitigation recommendations. This proactive stance ensures that your environment is always ahead of possible threats.

Azure Key Vault is another critical component of the security ecosystem. It helps securely manage secrets, certificates, and encryption keys, ensuring that sensitive data remains protected. With identity protection features, Key Vault ensures that your data is only accessible to those who genuinely need it. It also provides auditing capabilities to track who accessed what and when.

To build something even remotely similar on-premises, you would need a massive infrastructure investment, a dedicated security operations team, and a lot of expertise. With Azure, these security capabilities are integrated and available from the start, making the public cloud a far more secure and manageable option for most organizations. The public cloud offers it as part of its primary offerings—no additional setup or need for a dedicated security operations team to manage identity. The security framework is deeply embedded, ensuring that your environment is secure by design.

Software-Defined Networking and Virtual Network Segmentation

Another key differentiator between the public cloud and on-premises infrastructure is the power of software-defined networking (SDN) and virtual network segmentation. In Azure, the ability to segment and manage virtual networks through a software-defined interface is light-years ahead of traditional on-prem networking. Azure provides tools like Network Security Groups (NSGs) and Azure Firewall, integral components of this software-defined networking environment. NSGs allow you to control inbound and outbound traffic to your resources based on security rules, while Azure Firewall provides centralized policy enforcement across multiple virtual networks. Without significant manual effort and cost, this control, automation, and segmentation level doesn’t exist in the on-prem world.

In an on-premises setup, networking typically relies on physical hardware and manual configuration—a process that is not only time-consuming but also prone to human error. The lack of automation means that scaling up or modifying the network is a slow, cumbersome process, often bogged down by dependencies on network engineers and physical equipment. In contrast, Azure’s software-defined infrastructure allows for rapid configuration and deployment of networking components, all from a centralized management console. This means that public cloud environments can move fast, adapt quickly, and remain secure without the traditional bottlenecks of on-prem infrastructure.

Moreover, the zero-trust security model is deeply integrated with Azure's SDN capabilities, ensuring that every virtual network segment is protected. Services like Azure Entra ID, NSGs, and Azure Firewall work together to provide a comprehensive security framework that actively monitors and controls network access. Azure Key Vault adds to this by managing sensitive information securely, ensuring that secrets, certificates, and keys are only accessible to authorized users and services.

The public cloud’s software-defined infrastructure, with built-in automation, monitoring, and security, is something that on-prem setups simply cannot replicate. The old-fashioned approach of manual networking drags down the ability of on-prem environments to move quickly, adapt to new challenges, and scale effectively. Azure’s SDN gives you the agility and security that modern businesses need, making it clear that the capabilities of the public cloud far exceed what is possible with traditional on-prem networking.

Constant Patching and Feedback Ecosystem

One of the most significant advantages of Azure and the public cloud is the constant patching and updating of services. Microsoft continuously monitors and patches vulnerabilities across all Azure services, ensuring that security is always up-to-date. This means your infrastructure is always running on the latest, most secure versions without requiring manual intervention or downtime. In an on-premises environment, keeping everything patched can be a monumental task that requires dedicated IT staff, and even then, vulnerabilities can be missed, leaving your systems exposed. Azure's automated patching helps maintain a sound security posture, removing the burden from your IT team and significantly reducing the risk of unpatched vulnerabilities.

The public cloud also benefits from an extensive ecosystem for feedback on security and governance posture. Azure provides tools like Microsoft Defender for Cloud and Azure Security Center, which continuously assess your resources' security and compliance state. These tools provide actionable recommendations, helping you identify and fix potential issues before they become significant problems. The insights and feedback these tools provide are derived from Microsoft's vast experience managing cloud security across millions of customers, a scale that is impossible to replicate on-prem. This feedback loop helps organizations maintain a high security and governance standard, ensuring their environments are continually optimized for best practices.

Azure Key Vault is another component that strengthens security by securely managing secrets, certificates, and encryption keys. Coupled with continuous monitoring and patching, Key Vault ensures that sensitive information is stored securely and protected by the latest security updates and best practices.

The combination of constant patching, a robust ecosystem of feedback tools, and integrated services like Key Vault means that Azure provides a level of proactive security and governance that takes a lot of work to achieve on-prem. On-premises environments rely heavily on manual intervention, which is slow and prone to error, while the public cloud automates these processes, enabling faster and more secure operations.

Rapid Software Development with Public Cloud

One of Azure's key advantages is its comprehensive set of services that enable rapid software development. Azure provides a rich ecosystem of tools and services that allow developers to build, test, and deploy applications more quickly and efficiently. Azure DevOps, GitHub Actions, and Azure App Services provide a streamlined development pipeline, enabling continuous integration and deployment (CI/CD). This allows teams to rapidly push new features, fixes, and updates to production with minimal manual intervention.

Azure also offers Platform as a Service (PaaS) capabilities, such as Azure App Services, Azure Functions, and Azure Kubernetes Service (AKS), significantly reducing the time spent managing infrastructure. Developers can focus on writing code and developing features without worrying about their applications' underlying servers or scalability. These services are designed to be highly integrated, making creating a cohesive development environment that supports rapid iteration and deployment easy.

In an on-premises environment, achieving this level of speed and automation is incredibly challenging. You must build and maintain your own CI/CD infrastructure, set up servers for testing, and manually manage deployments. The lack of automation and the reliance on physical hardware make the process much slower and more error-prone compared to what is possible with Azure's cloud-based tools. The public cloud's ability to provide infrastructure on-demand, along with integrated development and testing tools, makes it unmatched in speed and agility.

With Azure’s software development ecosystem, you can access monitoring and logging tools like Azure Monitor and Application Insights, which provide real-time feedback on application performance. This rapid feedback loop enables developers to identify and resolve issues quickly, leading to shorter development cycles and faster releases. The automation, integration, and scalability offered by Azure’s development tools make it clear that the public cloud is the superior choice for organizations looking to innovate and move quickly.

Not Comparing Apples to Apples

The public cloud is designed to provide a rich, integrated ecosystem—something on-prem setups can’t match without massive effort and investment. Whether it’s deep governance controls, robust security features offered by Azure Entra ID, zero-trust architecture, RBVA, or Key Vault, or global reach, the public cloud provides a depth that’s difficult, if not impossible, to achieve on-prem. When we compare the public cloud to on-premises, we’re not comparing apples to apples. It's more like apples to frogs—a completely different species with different strengths and weaknesses. The cloud’s vast resource availability, embedded best practices, and robust security model make it a no-brainer choice for organizations looking to grow and secure their IT environment most effectively.

So, next time someone says, "Why not just keep everything on-prem?" remember the apples and frogs. Public cloud isn’t just about hosting—it’s about leveraging a massive ecosystem designed to make your life easier and your business more effective.

Conclusion

The debate between on-premises and the public cloud is often misunderstood because it focuses solely on raw infrastructure costs. As we've seen, the public cloud, in terms of sheer computing power, can usually be more cost-effective than an on-premises setup. However, many organizations stumble in their planning and execution. Without a well-defined strategy—a "flight plan"—cloud adoption can lead to rising costs, operational inefficiencies, and misinterpretations about the true value of the cloud.

The key to successful cloud adoption lies not in comparing dollar-to-dollar costs between on-prem and cloud but in understanding what the public cloud offers beyond just infrastructure: deep integration, governance, scalability, and a feature-rich environment that enables organizations to innovate faster and more securely. When approached with a structured plan and thoughtful resource management, these benefits far outweigh any perceived cost disadvantages.

So, next time someone tells you the cloud is more expensive, remember—it's about more than just the hardware. It's about the entire ecosystem, built-in security and governance, and the ability to innovate rapidly. With the right strategy, the public cloud can transform your IT operations, driving cost efficiencies and business value.