Lastest news

Taking control of the cloud

Nov 15, 2018

The exponential rise in the popularity of cloud computing in the past decade proves beyond doubt that it has finally come of age, but organisations need to now learn how to control this technology and make it work for them.

Cloud has many advantages over in-house IT infrastructure and traditional outsourcing services. Cloud is constantly available. Its applications are always up-to-date. It is flexible. It requires little capital investment. You only pay for what you use. It is more secure than many traditional in-house environments. It is the answer to so many problems. Cloud usage has exploded globally and all trends point to this continuing well into the future.

...But it is not perfect. There have been some dramatic failures. For example, a glitch at a major cloud service provider (CSP) in February 2017 caused hundreds of thousands of websites using its services to function badly or not at all for a few hours.

In another case, a CSP providing customer relationship management platforms to businesses suffered major disruptions in May 2016 when a circuit breaker failed. As a result, the CSP’s own customers were unable to use its services for a day and many lost newly inputted data.

Lloyds, the specialist insurer, estimated in a report published in January 2018 that if an extreme cyber incident took a top cloud provider offline for three to six days, it would cost US businesses around $15 billion.

Despite these and other high-profile breakdowns at CSPs, and the risk of even worse to come as pointed out by Lloyds, CSPs’ customers – individuals, companies and other organisations – have generally remained undeterred. It is because the benefits of cloud are too important to ignore.

The US Department of Commerce’s National Institute of Standards and Technology’s (NIST) famous definition is too long to reproduce here in full, but the nub of it is that “cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources”. The “network” is usually the public internet, but private networks are also used. One of the computer scientists who wrote that definition described the benefits as “cost savings, energy savings, rapid deployment and customer empowerment”.

That is why cloud adoption continues on an upward trajectory. The worldwide public cloud services market for CSPs is projected to grow by 21% to $186 billion in total revenues in 2018, up from $154 billion in 2017, according to Gartner. The research firm expects revenues to grow another 63% over the next three years to reach $303 billion by 2021.

So cloud is here to stay, and it is going to get much bigger. Yet potential pitfalls await unwary users, both during the adoption period and day-to-day running. I have already highlighted some of the problems affecting providers of cloud services, but corporate customers face a different set of self-inflicted risks. They need to know what they are. It is imperative they take steps to minimise those risks as well as maximise the opportunities, if they are to maintain control in the cloud.

Being in control is what it is all about. Even though cloud services are now at a high level of maturity, companies using them still bear the eventual risks and responsibilities if things go amiss.

Maintaining control in the cloud therefore means creating a sound strategy for adoption and management. This includes selecting the right provider and getting the best contract terms.

It means ensuring that staff adjusts to all the procedural and cultural changes that cloud entails. If staff do not adapt, many of the benefits of cloud will not be realised and errors are likely to be made.

It means integrating old and new technology to ensure that the cloud can work in the company’s legacy environment. In the vast majority of cases, IT failures are more likely to happen at the cloud user end than at the cloud provider end.

And it means managing operational risk and compliance. Although a company can outsource its IT, it cannot outsource its risk management, legal and regulatory obligations.

Colm McDonnell is a Partner and Head of Risk Advisory in Deloitte. You can read the full report here.