Cloud adoption drivers and barriers

Most major enterprises continue to migrate to the cloud. Many new systems are being built directly as cloud services and software is increasingly offered "as-a-Service" from the cloud. While there are strong drivers for the adoption of cloud services, there are also important risks and barriers.

This page provides a basic overview of the advantages and disadvantages of cloud computing.

Advantages of cloud computing

  • Cost - The most important driver for cloud adoption is cost reduction. CIOs are under tremendous pressure to minimize costs. Some sources claim up to 12x cost savings by moving services to cloud.

  • Reliability - Cloud services are designed with redundancy and fault tolerance and have lots of Internet bandwidth, making them fairly tolerant to e.g. Distributed Denial-of-Service Attacks.

  • Skills - Moving services to the cloud can simplify on-premises infrastructure and can eliminate many specialized system administrator roles, such as database administration. Fewer specialized skills are required in the IT department.

  • Scalability - The elasticity of the cloud can improve performance, especially at times of peak load (e.g. when a product launch causes greater demand than expected).

  • Outsourcing - Moving to cloud services is part of the bigger trend of IT outsourcing. IT is increasingly seen as a necessary part of running the business, not as a core competence that must be in-house.

  • Managed services - Increasingly, enterprises just want to buy a solution that is already fully deployed and integrated with other services they use. They are wary of engaging in complex integration projects and having permanent staff involved in maintaining applications and infrastructure.

Disadvantages of cloud computing

  • Security - The most cited barrier is security. There is concern over the security of the cloud service providers themselves (e.g. their insiders may be able to access customer resources), isolation of tenants, patching and cybersecurity practices of the service provider, and concern over the security and reliability of the connection to the cloud service.

  • Privacy - Cloud services may be subject to surveillance and corporate or state espionage. Many countries have laws forcing CSPs to hand over customer data to local intelligence agencies, which commonly share intelligence with allied countries. This violates privacy, but also makes access codes and critical data available to other countries for cyberwarfare and for boosting their own competitiveness.

  • Vendor lock - Many cloud services try to subtly make it very difficult to stop using their services. This takes many forms, such as data lock-in (not able to easily extract company's data from the service/application), software lock-in (the application or software is not available from anyone else and extensive retraining would be required), platform lock-in (the applications run on a platform that, in all its complexity, is expensive to maintain yourself or not available from multiple vendors), API lock-in (integrations, deployment mechanisms etc. use proprietary APIs). It is very common for companies to say they use open source, but in practice have many ways to lock customers in.

  • Provider viability - Cloud service provision benefits from economics of scale, and it is difficult for small players to find a competitive differentiator. It can be expected that many smaller players will disappear. Even for established players, their service offering may change, causing discontinuities outside the customer's control as services are phased out or modified.

  • Expertise - The availability of people with expertise in cloud services, software development for the cloud, and DevOps is still limited, though improving.