Your browser does not allow storing cookies. We recommend enabling them.

Cloud Computing Advantages and Disadvantages

Practically all major enterprises are going into cloud. Many new systems are being built directly as cloud services, and software is increasingly offered as a service from the cloud. While there are strong drivers to adopting cloud services, there are also important risks and barriers.

This page provides an overview of the advantages and disadvantages of cloud computing.

Advantages of Cloud Computing

  • The most important driver for cloud adoption is cost savings. CIOs are under tremendous pressure to reduce cost, and some sources claim up to 12x cost savings by moving services to cloud.
  • Reliability. Cloud services are designed to have redundancy and fault tolerance, and have lots of Internet bandwidth, making them fairly tolerant to Distributed Denial-of-Service Attacks.
  • Moving services to cloud can simplify on-premise infrastructure and can eliminate many specialized system administrator roles (such as database administrators). Many fewer specialized skills are required in the IT organization.
  • Elastic scalability of the cloud can improve performance, especially at times of peak load (e.g., when a product launch causes much more demand than expected).
  • Moving to cloud services is part of a bigger trend in IT outsourcing. IT is increasingly seen as a necessary part of running the business, not as a core competence that must be in-house.
  • Move to managed services. Increasingly, enterprises just want to buy a solution that is already fully deployed and already integrated with other services they use. They are wary of engaging complex integration projects and having permanent staff involved in maintaining applications and instructure.

Disadvantages of Cloud Computing

  • The most cited barrier is security. There is concern over the security of the cloud service providers themselves (e.g., their insiders may be able to access customer resources), isolation of tenants, patching and cybersecurity practices of the service provider, and convern over the security and reliability of the connection to the cloud service.
  • Cloud services are frequently subject to mass surveillance and government espionage. Many countries have laws forcing handing over customer data to local intellingence agencies, which commonly share intelligence with allied countries. This violates privacy, but also makes access codes and critical data available to other countries for cyberware and boosting their own competitiveness.
  • Vendor lock-in. Many cloud services try to subtly make it very difficult to stop using their services. This takes many forms, such as data lock-in (not able to easily extract company's data from the service/application), software lock-in (the application or software is not available from anyone else and extensive retraining would be required), platform lock-in (the applications run on a platfrom that, in all its complexity, is expensive to maintain yourself or not available from multiple vendors), API lock-in (integrations, deployment mechanisms, etc. use proprietary APIs). It is very common for companies to say they use open source, but in practice have many ways to lock customers in.
  • Provider viability. Cloud service provision benefits from economics of scale, and it is difficult for small players to find a competitive differentiator. It can be expected that many smaller players will disappear. Even for established players, their service offering may change, causing discontinuities outside the customer's control as services are phased out or modified.
  • The availability of people with expertise in cloud services, software development for the cloud, and DevOps is still limited, though improving.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now