Hidden Cost of Cloud Migration: What ROI Misses
Aidar O.8 min read
In 2021, Andreessen Horowitz calculated that public cloud was costing the top fifty software companies roughly $100 billion in lost market capitalization — a figure they called the "trillion-dollar paradox." Five years later, the paradox has spread from hyperscale software companies to every enterprise that migrated on the promise of cost savings. The decks that justified those migrations consistently missed the same five items.
Cloud migration ROI calculations understate the true cost by 30 to 50 percent because they model infrastructure line items but miss the operational, talent, architectural, and compliance debts that surface eighteen months later — and this gap is structural, not accidental.
Egress fees and the data gravity tax
The first surprise in almost every enterprise cloud bill is the networking charge. Ingress is free. Egress — moving data out of the cloud, between regions, or between services from different providers — is not. A terabyte pulled from AWS S3 to an on-premises system runs between $80 and $90. Multiply that by hourly analytical extracts, weekly backups, cross-region replication for disaster recovery, and inter-service chatter in a microservices architecture, and the monthly networking line becomes a material share of the bill. Flexera's 2024 State of the Cloud Report found that data transfer costs were the single largest source of unexpected overruns for 41 percent of enterprise respondents. The ROI model in the original business case almost never included egress at realistic volumes. The deeper problem is strategic: once data volume reaches a certain threshold, the egress cost of leaving becomes a moat the provider can monetize indefinitely. This is what a16z meant by data gravity — and it is priced into every cloud vendor's long-term model.
The talent premium and the FinOps gap
Cloud engineers cost 30 to 50 percent more than their on-premises counterparts in every regional market we track, including Kazakhstan. The business case treats this as a one-time transition cost — retrain existing staff, hire a few specialists, done. In reality, cloud engineering is a distinct discipline that requires continuous upskilling as the provider shipping cadence outpaces internal training cycles. Then there is the FinOps gap. FinOps — the operating model that allocates cloud costs to business units, enforces tagging discipline, rightsizes workloads, and negotiates commitments — does not exist in most enterprises on day one of migration. It emerges eighteen to twenty-four months later, after the first budget overrun forces the CFO to demand accountability. According to the FinOps Foundation's 2024 State of FinOps report, 49 percent of organizations describe their FinOps practice as "walking" rather than "running." Without a mature FinOps function, cloud spend grows faster than workload — because no one owns the cost.
Lift-and-shift does not unlock what the deck promised
Most enterprise migrations are lift-and-shift by necessity rather than design. The business case assumes re-architected, cloud-native workloads that auto-scale, consume compute only when needed, and leverage managed services. The reality — driven by timeline pressure and the risk profile of rewriting production systems — is that monoliths move to cloud VMs with minimal changes. When a monolithic application runs on a persistent cloud instance sized for peak load, the enterprise pays retail cloud pricing for infrastructure it could have sized more efficiently on-premises. Gartner has noted that 70 to 80 percent of enterprise cloud migrations still begin as lift-and-shift, and that the promised elasticity benefits require re-architecture work that is rarely funded as part of the original migration. The ROI deck assumed the elastic end state. The invoice reflects the static interim state — which often becomes the permanent state.
Reserved instances and the lock-in that was supposed to end
The pricing discounts that make cloud economically competitive — reserved instances, savings plans, enterprise discount programs, committed-use contracts — all require multi-year commitments to specific providers, instance families, and sometimes regions. The discounts are real: 30 to 70 percent off on-demand pricing is common. But the commitment reproduces the exact vendor lock-in that cloud was supposed to escape. Worse, it locks the enterprise in at the provider's architectural choices: if the workload needs to move to a different instance type, different region, or different provider, the committed spend becomes a sunk cost that distorts the next decision. The business case presents these discounts as savings; it rarely models them as strategic debt. For an enterprise that needs architectural flexibility — and any enterprise running a ten-year horizon does — the committed-spend structure is a quiet constraint on every future decision.
Data residency and the architectural debt that hits Kazakhstan hardest
Kazakhstan's Personal Data Protection Law requires certain categories of personal data to be stored and processed within national borders. There is no AWS, Azure, or GCP region inside Kazakhstan. The practical consequence is that any enterprise with regulated data — and that is most enterprises — cannot run a pure public-cloud architecture. The solution is always hybrid: regulated data in local data centers or compliant local cloud providers, non-regulated workloads in international cloud regions, secure connectivity between them. Hybrid architecture is not a free add-on. It adds VPN or dedicated-line costs, two control planes to operate, two security models to maintain, and latency for any workflow that crosses the boundary. The nearest major cloud regions — Frankfurt, Dublin, Mumbai, Singapore — sit 80 to 200 milliseconds away, which changes what is feasible for latency-sensitive applications. None of this appears in the ROI deck, which was usually built from a Western template that assumed a local hyperscale region and no data-residency constraint.
The Counterargument
The standard response is that these are fixable problems, not structural ones — egress can be minimized, FinOps discipline can be built, lift-and-shift can be followed by re-architecture, and hybrid can be designed well.
But the fixability of these problems is not uniform. Egress costs can be reduced by 30 to 50 percent with architectural discipline, but not eliminated. FinOps maturity takes three to five years in most enterprises, and the learning is paid for in overrun budgets during that window. Re-architecture is a second migration — often larger than the first — that few organizations have the political capital to fund after the first one is declared complete. The lock-in of committed spend is mathematically unavoidable if you want the discount. And data residency in Kazakhstan is a regulatory fact, not an architectural preference. The sum of these constraints is not a set of bugs to be fixed. It is the shape of cloud economics at enterprise scale.
So What
Leaders signing cloud migration business cases should demand four things that standard ROI decks rarely include. First, a three-year total cost of ownership model that includes egress at realistic volumes, hybrid connectivity costs, FinOps tooling and headcount, and reserved-instance commitments modeled as both savings and strategic debt. Second, a FinOps operating model defined before migration begins — who owns cost allocation, how tagging is enforced, what the monthly cadence of optimization looks like, and which business unit absorbs overruns. Third, a workload-appropriate migration strategy that explicitly names which workloads will be lifted-and-shifted, which will be re-platformed, which will be re-architected, and which will stay on-premises — with the re-architecture work funded in the same business case, not deferred.
Fourth, and specifically for Kazakhstan, a data residency architecture decision made upfront: which data must stay local, which can reside in international cloud regions, how the boundary is enforced, and what the latency and operational costs of the resulting hybrid look like. These four items do not make cloud migration less attractive. They make the business case honest. Honest business cases survive the eighteen-month mark — when the gap between the deck and the invoice becomes a conversation about what the executive team actually committed to. The cloud is still the right answer for most enterprise workloads. The ROI deck that sold it usually is not.
Frequently Asked Questions
Gartner and Flexera consistently report that enterprises exceed cloud budgets by 20 to 40 percent in the first year post-migration, with some categories of workloads exceeding by more than 50 percent. The primary drivers are egress costs that were not modeled, oversized instances carried over from lift-and-shift migration, and the absence of FinOps discipline to enforce tagging, rightsizing, and commitment management. The overrun usually peaks between months nine and eighteen, after the honeymoon of stable workloads ends and before FinOps maturity catches up.
Flexera's 2024 State of the Cloud Report estimates that approximately 32 percent of enterprise cloud spend is wasted — idle compute, oversized instances, orphaned storage, and commitments that do not match actual consumption patterns. The waste number has been remarkably stable across multiple years of Flexera data, which suggests it reflects a structural feature of cloud economics rather than a transient problem. Mature FinOps practices reduce the waste figure toward 15 to 20 percent but do not eliminate it.
Kazakhstan's Personal Data Protection Law requires certain categories of personal data to be stored and processed within national borders. Because no major hyperscaler operates a region inside Kazakhstan, compliance requires either a local cloud provider or a hybrid architecture that keeps regulated data in local data centers. Both paths add cost that the standard ROI deck does not include: local cloud providers charge a premium relative to international hyperscalers, and hybrid architectures add connectivity, dual control-plane operation, and latency. A realistic Kazakhstan cloud ROI model should add 15 to 25 percent to the infrastructure line and include hybrid operational overhead from day one.
No. The structural issues we describe are not reasons to avoid cloud migration — they are reasons to build an honest business case and a mature operating model around it. Cloud still delivers real benefits: elasticity for variable workloads, access to managed services, faster provisioning, and a continuously improving service catalog that on-premises infrastructure cannot match. The argument of this analysis is not against migration. It is against ROI decks that understate the true cost and leave executive teams unprepared for the invoice that arrives eighteen months later.
Enterprise cloud migration in Kazakhstan carries constraints that Western ROI templates do not model — data residency, hybrid complexity, latency, and a FinOps maturity curve that most organizations underestimate. opengate has walked enterprise clients through three-year TCO models that survive contact with the invoice, including the line items that standard decks omit. If you are sizing a migration business case or auditing one that is already eighteen months in, we can walk you through the items most likely to be missing.
Interested in working together? Contact us now