Looking into the global cloud market, John Dinsdale, a chief analyst and research director at Synergy, aptly noted that in 2017 the cloud became “the new normal.” His Sinergy research shows a steady growth of cloud vendor revenues that now peak at $180 billion with a 24% annual growth rate. The LogicMonitor’s Cloud Vision 2020: The Future of the Cloud Study echoes stating that 83% of enterprise workloads will be shifted to the cloud by 2020.
It’s clear that the industry is maturing, but adoption is still impeded by numerous concerns arising around data security, associated costs, vendor lock-in, hybrid and multi-cloud complexity, as well as connectivity issues.
We took time to compile a list of the fears haunting potential cloud adopters today and looked into the solutions that the industry offers. As it turns out, addressing the risks of cloud computing takes a good deal of cloud adopters’ dedication and strategic planning to avoid the pitfalls, since the full responsibility can’t be shifted purely to cloud service providers. At the same time, cloud vendors themselves are investing in R&D to innovate and fix the burning issues.
Now, let’s take a closer look at top five risks, and how both enterprises and vendors are going about them.
Information security concerns are among the main reasons for companies to think that cloud computing is not a safe option for them. It’s not even a matter of trusting a cloud vendor: companies from regulated industries such as banking and healthcare just can’t afford hosting their data in the cloud for the fear of sensitive data breaches.
There is an opinion though that data security in the cloud is more of the client’s responsibility as it largely depends on security measures adopted on the client’s side. It’s true that security in the cloud differs from on-premises one, information security expert Troy Hunt explains, but it boils down to what security protection framework you put up around your cloud solution.
Be it on-premises or cloud software, it can still be prone to human errors and damage by malicious users who may sneak through due to poor identity and access management practices. To take preemptive measures, organizations need to pay closer attention to how they enforce data security within their corporate cultures.
Yet when it comes to data privacy and compliance, the cloud definitely beats on-premises systems. As cloud vendors must keep up with security and compliance innovations, their products stay updated on new legislation. For regulated businesses struggling with GDPR, HIPAA and other regulations, cloud platforms can enforce automated compliance workflows and alleviate providers’ liability for breaches.
Deciding whether they should move to the cloud or not, companies need to consider a whole range of factors. Just because cloud computing is commonly known as a cheaper option doesn’t mean it will be cost-efficient for you as well. On the other hand, there are different incremental costs of implementing and maintaining your own system, which can make the cloud a more reasonable option.
First, consider how your organization is going to grow in the next year, two years, five years. With the number of your cloud users climbing up, will the license costs still make sense? Although you will be still saving on infrastructure costs, SaaS, PaaS, and IaaS subscriptions will grow in proportion to your growing user base and data storage needs.
Second, look at your available IT resources, whether they are in-house or outsourced. If you cannot afford running a regular team of developers, testers, and support specialists, it’s quite reasonable to go for a cloud-based solution. In the latter case, you will only need your dedicated cloud-savvy team to configure your virtual infrastructure and customize the solution as needed. In this scenario, you wouldn’t need to create updates and patches for your system on your own—it will be your cloud vendor’s responsibility.
Third, think about the time to market that’s actually the gap between the moment when you kick off your development project and the moment you start getting any value from the system. For companies that want to see immediate ROI, cloud solutions can offer that much earlier compared to traditional on-premises setups.
In one of our projects, the customer wanted to set up a system for on-demand processing of large data volumes. They made a decision based on their essential requirements such as time to market, high performance, and scalability, and, all considered, went for the cloud. What would be your essential requirements?
Paul Johnston of ServerlessDays argues that there’s little risk of getting in a situation where you would need to switch vendors: cloud tech giants such as Microsoft, IBM, and AWS aren’t going anywhere, and enterprises are likely to use their services anyway.
On the other side of this debate is Nicholas Carr, author of Does IT Matter? Back in 2013, he was cited calling us all ‘guinea pigs’ of the cloud, with no way to go round discontinued cloud services if they take place.
As it happens, the truth is somewhere in-between.
For now, it’s mostly B2C cloud products that hit the headlines with their shutdown announcements. Think of Garmin Cloud storage discontinued this May, or of the CrashPlan for Home backup service that was closed for consumers and refurbished for businesses instead. In both cases, though, users were given from two to three months to fetch their data and find another relevant cloud service provider.
Of course, for enterprises things would get much more complicated. Regardless of how low the probability of an enterprise-grade cloud platform shutdown is, companies need to take important precautions to protect against vendor lock-in and associated risks of cloud computing:
It’s worth noting that on-premises platforms also face their end of support, although it concerns particular versions of such software. Microsoft SharePoint is an obvious case, with three of its older versions now awaiting their extended support to end anytime from 2020 to 2026. Here too, migration to a newer SharePoint version or a cloud option takes thorough strategic thinking and weighing down all pros and cons before making a decision.
Cloud environments are known for their notorious complexity in the enterprise setting. They can feature single cloud applications, cloud services, hosted solutions, as well as private and public clouds all at the same time. The State of the Cloud Survey by RightScale shows that on average companies are using 4.8 clouds. Such multi-cloud ecosystems may turn into an incomprehensible mess of disparate apps and platforms that share no common user interface, lack data consistency, and thus obliterate analytical potential.
However, such downsides mostly come from poor planning. Starting from the cloud solution architecture and network topology to interoperability mechanics, multi-cloud environments need to be thought out by experts who would take into account all the project specifics.
Integration, scalability, and disaster recovery challenges common to any cloud environment get magnified in hybrid setups.
Still, Network World called 2018 the year of hybrid cloud adoption. It seems that companies value the flexibility of this model that allows keeping all the business-critical applications under your own private cloud hood while scaling other workflows in the public one. This demand also gave rise to interconnection providers which help to build bridges directly between public and private clouds in hybrid environments.
Ironically, the very thing that makes the cloud possible—internet connection—is often overlooked in cloud implementations. Somehow, this no-brainer just doesn’t seem worthy of attention in comparison to other potential issues like security, compliance, or interoperability. Yet, broken connection can cause data losses and even business damage in case the cloud is critical to operations.
Service outages can also result in downtime and disconnection. There’s still no unity though as to who should take the full responsibility for cloud outages—the owner or the service provider. The Truth in Cloud report by Veritas shows that 59% of business and IT decision makers believe it’s the service provider’s obligation to deal with downtimes, while 83% included outage protection in these obligations. In reality, these responsibilities for data recovery should be shared, while immediate recovery actions are within a cloud solution owner’s control if they take a “proactive stance to application uptime in the cloud,” Veritas adds.
This connectivity and uptime challenge grows more intimidating for companies with distributed multi-cloud environments, where data needs to travel without limits between different cloud platforms and enterprise data centers.
That said, onboarding a network manager would be a legit first step, but there are more complex solutions coming up to address connectivity-related latency and performance issues in hybrid clouds. Right now, Google is one of the vendors setting up its direct cloud connectivity services for this purpose.
When it comes to geographically distributed cloud nodes, location does matter. Here, local content delivery networks or specialized edge data centers offer more options for enterprises to speed up their cloud network response times.
Cloud computing is one of the most complex young disciplines that still puzzles its potential adopters. Its very diversity with public, private and hybrid clouds available, together with near-scandalous headlines on cloud threats, may create a rather bleak picture.
However, what looks like cloud-related risks becomes more like a mix of challenges and misconceptions. In each of these ‘risky’ aspects—security, cost of ownership, vendor lock-in, management difficulties, and connectivity, the maturing industry is coming up with adequate solutions.
That said, cloud service providers recognize the imperatives and fears of today’s enterprises, and work to bridge the gaps, be it with GDPR-compliant data processing or direct connectivity for hybrid clouds.
We hope this overview suggested a few things to consider and avoid possible pitfalls when going for the cloud.