Businesses use the cloud to manage risk but are they also concentrating it?

June 3rd, 2021 | by Alfred Siew
Businesses use the cloud to manage risk but are they also concentrating it?

Empty shelves during the peak of the pandemic this past year have exposed the idea of keeping just enough supplies to reduce inventory costs and keep prices competitive.

As a great article in the New York Times this week showed, this “lean” concept first developed in Just In Time manufacturing in Japan is something that doesn’t build resilience when an unlikely event strikes.

But things won’t change, it explains, because consumers won’t pay the added price for resilience when they are not in a crisis.

In an ironic way, that lesson could apply to businesses now hoping onto the cloud quickly to manage their risks. It is no empty boast to say that the cloud has kept things going during lockdowns, from food deliveries to government e-services.

By offering security, scalability and cost effectiveness, public cloud services such as Amazon Web Services, Microsoft Azure and Google Cloud have demonstrated during this crisis that they are the way forward for a digital economy.

There is just no way that even the largest companies can do everything themselves, from managing the complexity of their infrastructure to enabling massive spikes in digital transactions.

Yet, herein lies the problem. In the same way that Just In Time ensured that businesses are not saddled with inventory and seemingly reduced their exposure, going on the cloud also brings new issues.

Chief among them is the idea of concentrated risk. Yes, going on the cloud is distributing that risk from, say, your own data centre or on-premise server, but eventually, as more of your operations reside in a single cloud provider, the risk gets moved to the new setup.

In other words, you depend on a single cloud provider for most of your digital business needs. Despite service level guarantees that are often in the multiple 9s, there is no such thing as a failsafe solution, as anyone knows.

Some businesses try to manage a hybrid cloud, so some of their most sensitive data that may be required by government regulators to be kept in-country are still stored in their own data warehouses.

However, if you ask any large company that does business digitally, it’d be a surprise if much of their day-to-day operations isn’t already running from a single cloud service provider.

Now, this is not to knock any of the public cloud services for their reliability. Running an instance on an AWS server, with properly configured settings, is probably less risky than spinning up your own server in your office and leaving it poorly maintained over time.

However, there are other risks. Resilience against cyber attacks and downtime is one, but less obvious risks involve, say, a change in ownership of the cloud service or the technical direction it might take in future. Vendor lock-in is another oft-cited concern.

Unlike buying a phone, you can’t simply switch from one cloud service to another. With all that data stored on one cloud, you might be tempting fate to summarily move it to another cloud.

If moving from on-premise to the cloud is hard, imagine what it would be like taking the less travelled path of moving from one public cloud to another.

Yes, there are a growing number of tools to help that move. And some of Google Cloud’s utilities are expected to work on other clouds, for example.

However, if you ask any chief information officer who values his job, he would advise you against switching cloud providers without good reason.

This is also one reason why, despite all the hype, a multi-cloud setup isn’t as easy as it is on paper.

Research firm Gartner said in 2019 that 81 per cent of public cloud users it surveyed used two or more providers. How many, though, freely move data and workloads across the clouds?

Or are they using multiple clouds for different purposes, say, for development of different services? How can the data be easily ported across the multiple public clouds, for example? You won’t get easy answers.

Again, speak to any IT leader, and the concerns are the same – ensuring the business isn’t disrupted because there’s an issue with data integrity or apps breaking.

So, when going on the cloud, many businesses are still sticking with one provider for their core operations, thus concentrating that risk with it. The risk is still smaller than if you ran your own servers, sure, but over time it grows too as you bring more services onboard.

In a polarised world, the options for technology partners might also narrow. In other words, even more risks concentrated on a fixed pool of suppliers.

It’d be a surprise if an American company that worked on cutting-edge chipmaking processes used a cloud service from, say, Alibaba or Huawei, for example.

The way forward may be to use each cloud for its unique value-add. Think of Microsoft Azure and its business intelligence tools or Google Cloud and its analytics tools.

That said, it isn’t a simple task orchestrating all the processes across the clouds, either. So, ultimately, there need to be more tools and expertise in the market to bring up the confidence level for many businesses to go multi-cloud.

The pandemic has driven many to take the first step to place their digital operations in the cloud. While this initially distributes risk, they have to ultimately ask themselves if they are concentrating that risk with one cloud provider.

They have to think long term. Either a eventual move to a multi-cloud setup or a hybrid cloud model where some of their data and processes are in-house might be needed.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.