Biggest Risks of Cloud Computing and How to Mitigate Them

Cloud-based IT environments are now the norm in businesses of all sizes. Security and complexity risks come with the territory, but it’s possible to mitigate them all.

By Michael Brenner

By Michael Brenner December 3, 2024

Among the over 3,400 global IT professionals surveyed for the latest Nutanix Enterprise Cloud Index report, 90% said they’re taking a “cloud smart” approach to their infrastructure strategy for each of their applications. That’s made hybrid and multicloud environments the de facto infrastructure standard.

These hybrid multicloud environments, which pair on-prem data centers with public cloud services from multiple providers, are impactful for several reasons. They help improve team productivity, rapidly scale IT infrastructure, secure data, reduce operational costs, and ultimately create business value.

However, the combination of scale, speed, and convenience can lead to more complexity. The Flexera State of the Cloud 2024 report found managing cloud spend was the top challenge in cloud computing for organizations of all sizes. Security, managing licenses, and a lack of resources and expertise were also common concerns. 

Additionally, the report found more companies are using GenAI cloud services, with 85% at least experimenting with newer GenAI capabilities. A small subset of respondents (8%) are prioritizing sustainability over costs, though about three in ten (29%) are equally prioritizing the two.  

As cloud technology continues to evolve at a breakneck pace, people may continue to worry about these concerns. The good news? There are ways to mitigate all of them.

Complexity and Costs

Organizations are struggling to keep up the pace of their operations and scale up to increasing customer demands. The Flexera report also found that 89% of enterprises today have a multicloud architecture in place, with about three-quarters of those being hybrid cloud environments.

These hybrid multicloud solutions are an evolution of spreading out workloads over cloud and on-premises data centers. 

Yet deploying, maintaining, and upgrading IT infrastructure increases complexity. There’s a growing need for skilled staff, more training for specialists, and additional maintenance. Those upgrades all cost money.

Worldwide spending on public cloud services is expected to reach $805 billion by the end of 2024 and double by 2028, according to IDC

RELATED

Easy Alternative for Migrating or Extending to Public Cloud

While that cost might seem staggering, there are billions upon billions of applications using enormous amounts of data spread out across the world. Individual organizations often have more control over their cloud spending.

As with anything else in an organization, adoption and championing of cloud computing must come from the top. 

The good news: It shouldn’t be hard to get the C-suite excited about cloud possibilities. The level of innovation the cloud supports is unparalleled.

“Looking forward, the cloud model remains incredibly well positioned to serve customer needs for innovation in application development and deployment, including as data, artificial intelligence/machine learning (AI/ML), and edge needs continue to define the forefront of innovation," said Eileen Smith, Group Vice President, Data & Analytics at IDC in the research firm’s 2024 Spending Guide.

The next step is to be more deliberate in developing a cloud strategy. Many tools automate cloud operations such as tracking and monitoring, application testing, and critical tasks like backup and recovery. Use them for governance, security, and cost optimization.

Nutanix’s 2024 Enterprise Cloud Index found that 89% of organizations believe moving workloads to a different cloud environment is costly and time-consuming. That means choosing the right architecture for an application during the planning phase. Keep documentation of these decisions – and the reasoning behind them – so there’s foundational knowledge in place during future attempts to reduce costs. 

RELATED

How AI and Cloud Computing Together Drive Change

Public clouds frequently offer leaner and smaller service packages while allowing for on-demand, pay-as-you-go upgrades. Hybrid clouds, on the other hand, let organizations choose between a CAPEX or OPEX operations and billing model. Implementing per-service log rate limiting can minimize the risk of an unexpected spike during larger projects.

Using a solution like Nutanix Cloud Clusters (NC2) is another way to reduce the operational complexity of hybrid multiclouds with consistent IT operations, intelligent workload placement, and increased cost-efficiency. Not only does it reduce public cloud costs, but it also extends on-prem security policies, access controls, and user permissions—all crucial elements to improving security.

Security Breaches and Unauthorized Data Access

Multicloud adoption remains high, and SaaS is on the rise, with 60% of companies in a Thales Cloud Security study using at least 25 SaaS applications. That can lead to different types of attacks on cloud infrastructure and the organization as a whole.

Verizon analyzed over 30,000 real-world security incidents for its latest Data Breach Investigations Report, confirming 10,626 as data breaches, a record high.

Of course, these attacks can prove costly, with the average cost of a data breach in 2024 reaching $4.88 million – also an all-time high.

While bad actors may try to infiltrate the cloud, it’s typically the data itself they’re most interested in. It being stored on an application in the cloud doesn’t necessarily make it more vulnerable, and organizations can minimize damage by taking the proper precautions.

Hybrid multicloud IT strategies use solutions from several providers and in different environments. Organizations must employ universal data management, protection, security, and monitoring tools to ensure interoperability across platforms. IBM reported that using security AI and automation in prevention to complement their people can save companies an average of $2.2 million during an attack. 

RELATED

To Cloud and Back Again

Perhaps just as important is the need for organizations to regularly educate their workforce. The majority of data breaches can be traced back to humans. Verizon found that 68% of breaches involved a human element. Malicious actors are getting more sophisticated in their attacks, and they use a combination of authority, urgency, and fear. Their hope is often to exploit a vulnerability left by a human, whether directly or indirectly.

Many companies start with a zero-trust security framework that requires all users to be continuously authenticated and authorized for every action they take. Using an authenticator app is more secure than receiving an SMS or email notification.

Operationalizing cyber defense in active, online systems is another sound strategy – and organizations like the Defense Intelligence Agency (DIA) and Central Intelligence Agency (CIA) are making it a priority. Operationalization uses AI and machine learning to model what abnormal behavior looks like, improving decision-making and incident response. These types of assessments can identify areas of focus within cybersecurity.

“We look at the health of the cybersecurity environments that agencies are connecting to JWICS,” said DIA CIO Doug Cossa, referring to the Joint Worldwide Intelligence Communication System, the Department of Defense’s secure intranet system. 

“That goes to everything from red teaming to looking at the current state of infrastructure, of end of life, whether it’s patching or providing a risk assessment based on those findings.”

A few other steps to consider:

  • Focus on the basics and IT security best practices. Use strong passwords and enable multi-factor authentication. Encrypt data at all levels, including at rest, to ensure it remains secure even if stolen.

  • Understand potential security risks. Only work with providers who have a proven track record of security. Additionally, grow the organization’s command of modern cloud security solutions, like advanced encryption techniques and CNAPP.

  • Put in place a cloud management strategy that defines performance and security benchmarks for all cloud technologies. Evaluate every application from a security perspective before deployment.

Non-compliance with Regulations and Laws

Many industries, especially health, finance, legal, and telecom, as well as the government, regulate the working of organizations in their space. These regulations cover data, transactions, IT operations, and other business functions.

For example, HIPAA requires all healthcare providers to protect patient data confidentiality. Similarly, PCI-DSS mandates that all businesses that accept credit cards need to safeguard customer data.

Companies operating in these industries need to establish controls and checks on the data storage, transfer, and access methods that they use. They also need to maintain stringent thresholds of uptime while provisioning for backups and data recovery. In several cases, outsourcing these functions to a third party or service provider may not be allowed, especially if that provider is headquartered in a different country.

As a result, many companies cannot use public clouds for business-critical workloads or data storage. Those that can must ensure the vendors they rely on maintain a minimum level of compliance. They need to have policies and procedures in place for incident response; even then, if a breach occurs at the cloud service provider, the company might still be liable.

RELATED

Migrating to Public Cloud Helps Scotland Better Manage Country’s Land and Natural Resources

New or updated regulations will likely arise as newer technology becomes more commonplace. At present, AI, virtual reality, blockchain, and robotics are all closer to the Wild West than stringently regulated. Organizations must be diligent to stay on top of trends within these areas and remain up to speed on laws that may impact them.

Know the regulations and make sure all organizational tools, resources, and processes fully comply with them. This due diligence is an ongoing process. As new regulations come into effect, such as state-specific data privacy laws, remaining compliant is a must.

Overlooking a compliance issue can occur when IT teams don’t understand how those regulations can negatively impact them or the organization. This is why continuous training and re-skilling of IT teams is critical. It encourages discussion, critical thinking and a desire for ongoing education. Automated workflows can also help consistently enforce policies and keep the organization adhering to regulatory requirements.

The level of preparation extends outside company walls. Ensure all vendors and service providers meet applicable standards and possess valid certificates and documents. 

Insufficient Monitoring and Lack of Control

Like any deployment, one of the goals of using the cloud is better control over performance, quality, and outcomes. When the organization fails to establish control over these operational facets, it has a direct, detrimental effect on business continuity.

Further, an organization relies on a cloud vendor to maintain QoS at all times for its public cloud or public cloud components of its hybrid cloud environment. When things go wrong, recovery depends on the promptness of the provider’s actions.

Other organizations may discover an educational challenge. IT administrators must learn cloud-specific strategies and skills and then transfer that knowledge to their teams, which can be a time-consuming—albeit vital—part of the process.

Implement a cloud management platform that abstracts the underlying architecture of different cloud systems and gives a ‘single pane of glass’ control to admins. The unified hybrid multicloud, which offers a common cloud operating model across environments, is a critical component to success. 

RELATED

When Workloads Are in the Wrong Place

Additionally, when selecting a cloud vendor, ask what guarantees they can offer in terms of compute, storage, and network performance and their line of action when disaster strikes. Put these down in the Service Level Agreement (SLA). Understand that risk is always shared in the public cloud and exactly how it’s shared with a specific vendor.

Consider building or managing a private cloud when security, ownership, and performance take precedence over immediate capital expenditure. 

Monitoring is another area where AI can help. With intelligent monitoring, an AI model can analyze performance metrics and computing logs, proactively identifying areas for improvement. AI also enables automated incident responses and can analyze data more regularly than humans, delivering optimization recommendations for operational processes, from monitoring to more streamlined workflows.

Why Cloud Technology Remains a Top Choice

The cloud remains one of the biggest drivers of digital transformation because of the adaptability, accessibility, scalability, resilience, and flexibility it offers to businesses. It has enabled the development and adoption of new, disruptive technologies that have led to profound changes in the processes, competencies, and business models of companies.

Particularly with hybrid cloud solutions, organizations are able to tailor their infrastructure to their particular needs. They can enjoy a more seamless integration of environments, a stronger security framework, quick and easy mobility for applications, and cloud control planes to monitor everything in one place.

RELATED

Importance of AI Data Storage Performance

Such transformations don’t come without their share of risks. However, these risks can be mitigated to a great extent with a little forethought and planning. That will remain true even with the proliferation of newer technologies.

For example, as GenAI becomes more prevalent, the cloud will continue to take advantage of its capabilities. We’ve already seen how companies are using GenAI to analyze spending habits to optimize costs and dynamically adjust load management. Expect AI to power even more software- and platform-as-a-service models from public cloud providers.  

“We're seeing all sorts of use cases for generative AI, in terms of productivity, customer service, and marketing," said Kevin Young, Cloud Transformation Leader and Partner, Deloitte Canada

"We believe AI will be the 'killer app' for cloud adoption, and this year, it got put on steroids.”

Editors note: This article was originally published July 13, 2020 then updated on December 13, 2021 and in December 2024.

Michael Brenner is a keynote speaker, author and CEO of Marketing Insider Group. Michael has written hundreds of articles on sites such as Forbes, Entrepreneur Magazine, and The Guardian and he speaks at dozens of leadership conferences each year covering topics such as marketing, leadership, technology and business strategy. Follow him @BrennerMichael.

© 2024 Nutanix, Inc. All rights reserved. For additional information and important legal disclaimers, please go here.

Related Articles