This blog post will be all about the common challenges of cloud computing, these are very often the reason why organizations hesitate in adopting the cloud into their strategy as cloud consumers.
Increased Security Vulnerabilities
Moving business data (systems of records) or functions (api’s, web services) to the cloud implicitly means that the cloud consumer has less control and that the responsibility over security becomes shared with the cloud provider. Using a public cloud environment requires an expansion of the trust boundaries and an alignment of the security technologies. Establishing a security architecture outside the organizational boundaries might introduce additional vulnerabilities if the cloud solution itself was not secure by design. Furthermore, there can be overlapping thrust boundaries from different cloud consumers. It can be challenging for the cloud provider to offer security mechanism that accommodate the security requirements of all cloud consumers.
In my opinion a cloud provider should be selected based on security requirements by the cloud consumers in which industry standard must be leading to avoid any unnecessary incompatibility risks.
Reduced Operational Governance Control
When compared to on-premise IT resources, cloud consumers are often given a lower level of governance control. This reduced level of control outside of the organizational boundaries can introduce risks on how a cloud is being operated by the cloud provider but also the connections between cloud consumer and the cloud is a risk that needs to be taken into account (f.e. unreliable cloud provider, unreliable connection between cloud consumer and cloud, cloud provider may be acquired or go out of business). An unreliable cloud provider can also decide to upgrade the SOAP version to 1.2 industry standard which makes the cloud service non-backwards compatible for the current cloud consumers.
In my opinion an organization should never rely on a single cloud provider but should always be cloud provider agnostic by introducing cloud balancing by (architecture) design. Although the level of control is still reduced the risk is mitigated by eliminating a potential vendor lock-in.
Limited Portability between Cloud Providers
The fact that there isn’t any established industry standards yet within the cloud computing industry, individual public cloud providers use proprietary technology. For cloud consumers relying on this proprietary technology it can be challenging to move from one cloud provider to another.
From integration point of perspective this risk can be easily mitigated by introducing an additional standardized API or service with an uniform or standardized service contract that serves as an abstraction layer decoupling the proprietary technology from the cloud service consumer.
Multi-Regional Compliance and Legal Issues
Cloud providers may not always have the information regarding the physical location of the cloud holding the business data (systems of records) or functions (api’s, web services). There might be however industry or government regulations and policies enforcing specific legal requirements. Another regional legal issue is the disclosure of data that is physically located in a country where the risk of data being disclosed is higher than in other countries.
Many cloud providers (f.e. Amazon Web Services or Microsoft Azure) nowadays offer the option to choose a region where the IT resources will be located.