How to use this assessment: How to use this assessment: Work through each item and mark it complete once confirmed. Items flagged High Risk represent the most common sources of material overspend. A score of 15 or more indicates a well-governed position.
Section 1: Infrastructure and Licensing Cost Baseline
Before comparing cloud and on-premise models, you must establish a complete 5-year baseline of on-premise costs. Most enterprises underestimate hardware refresh cycles, data centre real estate, power and cooling, and the true cost of software licensing across multiple servers and users. This section covers the foundation metrics that determine whether cloud economics are actually favourable.
1. You have calculated the full 5-year on-premise TCO including hardware refresh, data centre space, power, cooling, and maintenance contracts.
Enterprise hardware cycles typically refresh every 5 years, but most TCO models capture only year-one costs. A complete baseline must include server replacement averaging £18,000 to £45,000 per unit, uninterruptible power supply systems, rack space leases at £50 to £150 per U annually, power costs of approximately £1,800 to £3,600 per kW per year, and annual maintenance contracts typically at 15 to 20 percent of hardware cost. Missing any component undermines the entire comparison and leads to a biased decision in favour of cloud.
● High Risk
2. You have identified and priced all software licensing models including per-user, per-server, per-core, perpetual, and subscription across your proposed cloud or on-premise footprint.
Licensing represents 35 to 50 percent of total TCO but is frequently miscalculated during migration planning. Oracle, Microsoft, SAP, and Adobe pricing differs radically between on-premise and cloud deployments. A single misclassified user or miscalculation of virtual core multipliers can inflate the total by 15 to 25 percent. Enterprise agreements and Software Assurance terms must be audited by licensing specialists before any migration commitment is made.
● High Risk
3. You have modelled vendor lock-in costs and exit expenses including data egress fees, contract penalties, and re-migration costs if you need to leave your chosen solution.
Cloud egress fees — charges to retrieve data from the cloud provider — range from £0.03 to £0.12 per GB on AWS, Google Cloud, and Azure. For a 10TB dataset, egress alone costs £300 to £1,200; for a petabyte, that is £30,000 to £120,000. Exit penalties, cross-cloud repatriation engineering, and licence re-negotiation with competitors can add £50,000 to £500,000 or more depending on solution complexity. This cost is often omitted entirely from initial comparisons, creating false confidence in the cloud option.
● High Risk
4. You have quantified the cost of compliance certification for both cloud and on-premise deployments, including ISO 27001, SOC 2, HIPAA, PCI-DSS, and GDPR.
Compliance costs differ significantly between deployment models. Cloud providers often share SOC 2 and ISO 27001 certifications at no additional cost, reducing burden. However, HIPAA, PCI-DSS, and GDPR compliance can be more restrictive or expensive on cloud due to data residency requirements. On-premise deployments incur internal audit, penetration testing, and change management overhead — typically £30,000 to £150,000 annually per regulated system. Cloud compliance may also mandate premium tiers or dedicated infrastructure, adding 20 to 40 percent to monthly cloud fees.
● Medium Risk
5. You have benchmarked your current on-premise IT staffing model against the skills and headcount required for your target cloud or on-premise architecture.
On-premise infrastructure demands database administrators, system administrators, network engineers, and security specialists with average salaries of £55,000 to £95,000 per role. Cloud shifts the skill mix toward cloud architects and DevOps specialists at higher salaries of £75,000 to £140,000. If you retain on-premise infrastructure, headcount may remain flat; cloud adoption may require hiring cloud architects while retaining on-premise teams during transition. A typical 5-year burden estimate is 4 to 6 FTE at £400,000 to £700,000 annually, or £2M to £3.5M over the full horizon.
● Medium Risk
Section 2: Cloud Cost Modelling and Hidden Charges
Cloud pricing is deceptive. On-demand rates appear lower than on-premise until you factor in data transfer, managed services, idle compute, API calls, and multi-cloud fees. Most enterprises discover hidden cloud costs 6 to 18 months post-migration when budgets are already committed. This section forces quantification of the costs that cloud calculators routinely omit.
6. You have modelled data transfer and egress costs separately, including inter-region transfers, hybrid cloud connectivity, and backup and recovery scenarios.
Data transfer is often the largest hidden cost. AWS charges £0.09 per GB for data leaving the cloud, Google Cloud £0.12 per GB, and Azure £0.02 per GB. A media streaming enterprise budgeted £45K monthly but paid £110K, with 40 percent attributable to data transfer alone. Hybrid cloud architectures multiply this: data between on-premise and cloud, replication across regions, and disaster recovery transfers accumulate rapidly. For enterprises processing 100 TB monthly, egress costs alone can reach £9,000 to £14,000 monthly, or £108K to £168K annually.
● High Risk
7. You have calculated your true cloud compute costs under realistic workload scenarios including baseline, peak, and idle resources — not just on-demand pricing.
Cloud cost models fail when applied to real workloads. Reserved instances and Savings Plans reduce costs by 30 to 65 percent but require 1 to 3-year commitments. Spot instances are 70 to 90 percent cheaper but interrupt without notice. Most enterprises run a mix: reserved for predictable workloads, on-demand for variability, and spot for batch jobs. Idle compute — resources spun up but unused — consumes 15 to 30 percent of cloud budgets. Defaulting to on-demand pricing inflates cost projections by 40 to 60 percent and creates an artificially unfavourable comparison for cloud.
● High Risk
8. You have itemised managed services costs including databases, analytics, containers, and monitoring, and compared them to the cost of self-managed equivalents.
Managed services such as AWS RDS and Azure Cosmos DB eliminate operational overhead but cost 2 to 4 times more than self-managed databases on raw compute. Over 5 years, managed services hide labour costs; self-managed exposes them. Most TCO models favour managed services, but only if labour costs are truly redeployed elsewhere. If not, managed services inflate operating expenditure by 30 to 50 percent. The decision depends on whether your team's time has genuine alternative value once database administration is eliminated.
● Medium Risk
9. You have assessed the cost of post-migration optimisation and wasted resources, accounting for cloud waste overages of 20 to 35 percent in the first 18 months.
Post-migration, enterprises typically overprovision resources for 12 to 24 months while applications stabilise. Cloud waste — unused capacity, over-sized instances, orphaned storage — consumes 20 to 35 percent of cloud budgets industry-wide. A £500K monthly cloud bill will waste £100K to £175K monthly until rightsizing is complete. Correcting this requires continuous monitoring tools, team training, and process changes — an additional £50,000 to £150,000 project cost. Many enterprises skip this investment and accept permanent 25 percent overages.
● Medium Risk
10. You have compared your 5-year cloud OpEx trajectory against on-premise CapEx amortisation, accounting for cloud price increases of 3 to 8 percent annually and on-premise refresh schedules.
Cloud pricing has increased 3 to 8 percent annually since 2020, while on-premise hardware costs decline or hold steady. A £1M annual cloud bill in year 1 becomes £1.16M to £1.47M by year 5, totalling £5.5M to £6.0M over the period. On-premise amortises capital: £2M initial investment plus £300K annual maintenance totals £3.5M over 5 years but is front-loaded as CapEx rather than recurring OpEx. At discount rates above 15 percent, on-premise NPV often improves; below 8 percent, cloud usually wins. Applying a flat assumption without NPV analysis can overstate cloud value by 10 to 20 percentage points.
● Medium Risk
Section 3: Operational and Labour Cost Factors
TCO extends far beyond infrastructure and licensing. Staff retraining, project management, change management, support escalation, and business continuity planning represent 30 to 40 percent of the true migration cost. Enterprises that underestimate labour costs often find that cloud saves infrastructure spend but increases headcount or delays strategic initiatives.
11. You have budgeted staff retraining costs to upskill your team on cloud administration, development, and operations platforms including AWS, Azure, GCP, and Kubernetes.
On-premise database and systems administrators lack cloud-native skills. Retraining a 10-person infrastructure team to AWS or Azure competence costs £80,000 to £150,000 in external training, certification, and productivity loss during a 3 to 6-month ramp-up period at 20 to 30 percent reduced output. For larger enterprises with 50 or more infrastructure staff, retraining totals £400,000 to £750,000. Some roles such as mainframe administrators may not transition and create attrition costs in severance and recruitment. A realistic 5-year labour transformation budget adds £150,000 to £500,000 to migration costs.
● High Risk
12. You have estimated the cost of parallel running during migration, covering both old and new systems simultaneously, and the duration of that overlap.
Most enterprises run legacy and cloud systems in parallel for 3 to 12 months to validate data integrity and stability before decommissioning old infrastructure. This doubles licensing, support, and staffing costs during the overlap. A parallel run costing £500K monthly for 6 months adds £3M to the project budget — often completely omitted from initial TCO proposals. Some regulated industries extend parallel runs to 18 to 24 months, tripling costs. Realistic migration timelines assume 6 to 9 months of parallel infrastructure; many TCO models assume instant cutover and underestimate by £2M to £5M.
● High Risk
13. You have accounted for business continuity and disaster recovery costs on both platforms, including failover testing, data replication, and RPO and RTO infrastructure.
Cloud vendors often tout BCDR as built-in, but enterprise-grade RPO and RTO requirements demand investment in replication, testing infrastructure, and management tooling. On-premise BCDR requires backup appliances at £50K to £200K, a secondary data centre, and failover testing cycles. Cloud BCDR appears simpler but multi-region replication doubles compute costs and backup services cost £10K to £50K annually. A realistic BCDR budget is £100K to £300K for implementation, then £50K to £100K annually. Many TCO models allocate zero or assume free cloud BCDR and significantly understate true costs.
● Medium Risk
14. You have evaluated support and maintenance costs including vendor SLA premiums, on-call escalation, and response time commitments for both deployment options.
Cloud vendors offer tiered support from free basic tiers to enterprise support negotiated at £50K to £250K annually. On-premise support from vendors such as SAP and Oracle typically costs 15 to 22 percent of licensing annually. SLA requirements mandate premium support tiers on both platforms. A mid-market enterprise moving a business-critical ERP to cloud will incur £30K to £100K annually in cloud provider support alone. Over 5 years, the comparison can differ by £150K to £500K and is often ignored when building the business case.
● Medium Risk
15. You have estimated change management, training, and organisational adoption costs to transition users from legacy to new systems or interfaces.
Cloud migrations often introduce new user interfaces, workflows, and capabilities. Change management — communications, training, help desk expansion, adoption support — typically costs 10 to 15 percent of the total migration project. For a £2M migration project, change management budgets £200K to £300K; many enterprises allocate only 2 to 5 percent and suffer poor adoption, extended support escalation, and productivity loss. User training for 500 employees at £500 to £1,000 per person adds £250K to £500K. An adoption crisis can push costs an additional £100K to £300K and delay financial benefits by 6 to 12 months.
● Medium Risk
Section 4: Compliance, Risk, and Strategic Fit
Strategic TCO considerations extend beyond immediate costs: data sovereignty, regulatory risk, vendor dependency, and misalignment with business strategy can inflict hidden financial penalties. Enterprises in regulated industries or those with strict data residency requirements often discover that cloud savings evaporate when compliance, security, and risk costs are fully accounted for.
16. You have modelled data residency and data sovereignty costs if regulatory requirements such as GDPR, HIPAA, or local data residency laws mandate data storage in specific geographic regions.
GDPR, PDPA, HIPAA, and local data residency laws restrict where data can be stored and processed. Cloud providers charge premiums for data residency: AWS EU-West and Azure EU-West cost more than US regions, and Australia data residency carries 30 to 50 percent premiums. Some nations restrict foreign cloud and mandate local infrastructure, eliminating cloud entirely. A £500K annual EU-based cloud bill increases 15 to 25 percent for compliance with data residency, adding £75K to £125K annually or £375K to £625K over 5 years. Failure to model this cost undermines the entire comparison.
● High Risk
17. You have assessed the strategic risk and switching costs if your chosen cloud vendor increases pricing, discontinues your chosen service, or changes commercial terms materially.
Vendor consolidation, service deprecation, and price increases are not hypothetical. Enterprises building on a single cloud provider face lock-in through proprietary services, APIs, and data formats. Multi-cloud hedging adds 15 to 30 percent to operational and management costs. The insurance cost of vendor diversification — redundant deployments, cross-platform engineering — totals £100K to £300K annually for enterprises managing £1M or more in cloud spend. Single-vendor concentration should be quantified as a risk premium in any fair TCO comparison.
● Medium Risk
18. You have quantified the cost of potential performance degradation, latency, or user experience issues if cloud deployment introduces unpredictable network or application performance.
Cloud introduces network latency and variable performance. For latency-sensitive applications such as financial trading and real-time analytics, cloud introduces 10 to 100ms additional latency. User experience degradation can reduce productivity by 2 to 5 percent and revenue by 0.5 to 2 percent depending on the application type. Performance SLAs require multi-region deployment, load balancing, and failover automation — adding £100K to £300K to implementation and £50K to £100K annually to operations. These costs are frequently absent from TCO models and, when added, worsen the cloud comparison by 10 to 20 percent.
● Medium Risk
19. You have evaluated the cost of vendor audits, compliance verification, and security incident response if your cloud provider suffers a breach or faces regulatory action.
Cloud provider security incidents are rare but costly. When a provider experiences a breach affecting your data, enterprise response costs include breach notification, regulatory fines potentially reaching millions under GDPR, legal fees, and reputational recovery. Insurance for cyber and errors-and-omissions may increase 10 to 50 percent post-breach. Vendor audits, penetration testing contracts, and compliance verification cost £50,000 to £150,000 annually for large enterprises. Post-incident costs, if they occur, can exceed £1M to £10M and are a legitimate tail-risk cost that should be included in any rigorous TCO.
● Medium Risk
20. You have compared the NPV and payback timelines of cloud versus on-premise at your organisation's corporate discount rate, accounting for CapEx versus OpEx tax treatment.
Financing matters. On-premise CapEx is amortised and depreciated, reducing taxable income, while cloud OpEx is expensed immediately. In high-tax regimes, depreciation of £500K per year saves £125K to £105K in taxes annually. Over 5 years, tax-adjusted NPV can favour on-premise by £625K or more when discounted at 12 percent. At discount rates above 15 percent, on-premise NPV typically improves; below 8 percent, cloud usually wins. Applying a flat assumption without NPV analysis at your actual corporate discount rate can overstate cloud value by 15 to 25 percentage points.
● Medium Risk
Ready to optimise your AI contract and cost position?
Download our AI Platform Contract Negotiation Guide — covering all major vendors, pricing structures, and negotiation tactics.Next Steps
Score your confirmed items against the benchmarks above. If you are in the High Exposure or Partial Governance bands, prioritise the items flagged High Risk — these represent the most common sources of material overspend and are addressable within a single procurement or FinOps cycle.
Redress Compliance works exclusively on the buyer side, with no vendor affiliations. Our GenAI advisory practice has benchmarked AI costs, negotiated enterprise AI contracts, and built governance frameworks across 500+ enterprise engagements. Contact us for a confidential review of your AI cost and contract position.