Companies today see the use of the cloud as the basis for digitization strategies. Overall, however, the challenges of the cloud should not be pushed aside. Cloud computing brings numerous advantages, regardless of their size, that need not be described in detail here. The international providers such as Amazon with AWS, Microsoft with Azure and Google with its cloud address different target groups and have their focus. This way, every organization finds the right partner and a suitable platform. Thanks to scalability and frequently occurring cost advantages, the cloud actually speeds up development processes in companies. Flexibility is an important basis for agility. And the cloud is flexible.
Despite the cloud advantages
Despite all the advantages, disappointment can arise when using the cloud. Because the euphoria associated with going to the cloud often blinds disadvantages and challenges. Contrary to what the providers’ promise, many issues remain the responsibility of the user, i.e. the company. The provider takes care of updating the systems, but this does not necessarily include the maintenance of running applications. And when in doubt, data backup only includes the infrastructure but not the processed and stored data. The user is responsible for identity management, including access rights to apps and infrastructure, which must be by the company’s internal policy. The desire that the cloud provider takes care of everything often remains a dream.
Dependencies and lock-in effects are also among the less obvious downsides of the cloud. If the cloud structures from Google or Amazon have technical problems (whether due to attacks or power outages), the growing dependency of many companies becomes alarmingly clear. If companies want to prevent these provider-side service failures, they can secure their digital offers geo-redundantly via various “Availability Zones”, which entails corresponding costs. Sometimes providers of storage space on the web are just as unable to offer their services as streaming services or content delivery networks.
At such moments, the basic idea behind the development of the Internet is taken to absurdity. After all, the network should be able to intercept faults at a node without problems. The reality is different.
Even if every cloud solution appears to be flexible and scalable, the dependence of the individual company on its chosen provider is growing. The migration to the cloud was associated with investments that would only pay off over time with other savings. This makes it difficult for a CIO to get another budget to switch to a “better” provider. And even if these means are available: the more data has been moved to the cloud and processed there, the more difficult it will be to retrieve or transfer it completely. There is a lack of data portability, the lock-in effect is there.
Going to the cloud was initially associated with the desire to develop new business models or to create the basis for cooperation and more agility. Frequently, however, cost optimization played a crucial role. Saving potential that does not appear at all. The Rightscale report shows, for example, that too many resources are being provisioned. Too many instances and services are being created that are not being used at all. The report says that up to 27 per cent of cloud spending is unnecessary. Admittedly, the number sounds very high. It is a fact, however, that without strict governance and its implementation via processes and tools, instances will not be managed and unnecessary vacancy costs will arise – sometimes on a large scale.
Special requirements for IT security
The challenges that the cloud poses in terms of IT security and data availability are great. Regardless of the contractual arrangement with the cloud provider or concerning the agreements on order processing concluded in the course of the GDPR, the company remains responsible for compliance. The provider is not liable for violations.
Multi-cloud environments and hybrid structures have also been established in many organizations. Most companies cannot administer a proper patchwork of patches from different providers and tools with the necessary care. Regulations and service level agreements are inconsistent; in the event of faults and data breaches, chaos is preprogrammed without a management layer.
To speed up and facilitate onboarding for users, cloud solutions are delivered with a basic set of options and security settings. In practice, however, these are often not sufficient to ensure the integrity of the applications and data. Since the user is responsible for security and data protection towards third parties, extensive adjustment work and in-depth knowledge of security are necessary. From this point of view, too, hybrid and multiple environments pose a challenge. Because to be able to react quickly and appropriately to data leaks and attacks, uniform alarm and reporting functions and a set of rules for access are required that are used by the entire organization and those used by it Includes cloud solutions equally.
The cloud can also turn against a company. Criminals are now also using the advantages of the cloud to intensify their attacks. It becomes even more critical if your cloud infrastructure is attacked directly by misused cloud servers. None of the challenges mentioned can be mastered. So that the advantages of the cloud do not return like a boomerang in the form of security risks, companies have to actively deal with it. A well-thought-out security strategy and the introduction of management layers for the cloud are a start.