James Henderson

Cloud concentration risk opens door for enterprise alternatives

The risk associated with dependence on a single cloud vendor or platform is becoming real for an enterprise market motivated to mitigate rising continuity, control and compliance challenges.

Despite long-standing debates between private, public and hybrid environments – and industry-wide consensus on the importance of multi-cloud – businesses are now formalising the liabilities of pursuing an ‘eggs in one basket’ approach to modernisation.

According to Gartner, this concern has now been cited as a top five risk by 62% of organisations for the second consecutive quarter running – placing fourth among more than 20 ongoing challenges.

“The risk associated with cloud concentration is fast losing its ‘emerging’ status as it’s becoming a widely recognised risk for most enterprises,” said Ran Xu, Director of Legal Risk and Compliance at Gartner. “Many organisations are now in a position where they would face severe disruption in the event of the failure of a single provider.”

Adam Selipsky (AWS), Satya Nadella (Microsoft) and Thomas Kurian (Google Cloud)

As noted by Xu, cloud concentration risk has originated as a result of many organisations pursuing a consolidated IT strategy, focusing efforts on a “handful of strategic providers” in a move designed to reduce complexity, and therefore also risk, cost and skill requirements.

Compounding the problem, a handful of hyperscale vendors dominate global and regional markets – chiefly Amazon Web Services (AWS), Microsoft and Google Cloud – with superior technical capabilities, business reach and partner ecosystems.

“Where organisations have chosen to go the route of hosting their IT services in public clouds, there aren’t many obvious ways to avoid concentration risk while keeping the benefits of cloud services,” Xu added.

“Moreover, regulations at the country and subnational level diverge on concentration risk, anti-competition, data sovereignty and privacy rules pertaining to cloud services – further complicating the picture.”

According to Xu, the three main potential consequences of cloud concentration risk are:

  • Wide incident ‘blast radius’: The more applications (and business processes) depend on a particular cloud provider, the greater the potential breadth of impact of a cloud service issue, which may heighten business continuity concerns.
  • High vendor dependence: Concentrated dependency on a particular vendor can reduce future technology options and allow vendors to exert significant influence over the organisation’s technology future.
  • Regulatory compliance failures: Organisations may be unable to meet regulatory demands to address concentration risk across different regulatory bodies, which may have different approaches to concentration risk.

“Currently, if the benefits of public cloud use are considered strategically important to a business, there are not many obvious solutions to remove the risk altogether,” Xu outlined.

“That’s why it’s especially important that businesses have a well-considered continuity plan to put into action should they face any major cloud service issues.”

(Credit: Gartner)

In surveying 294 risk executives on “emerging risk or over-the-horizon risks” – published via Gartner’s 3Q23 Emerging Risk Report – findings contain detailed information on the possible impact, time frame, level of attention, perceived opportunities and more for 20 emerging risks.

Third-party viability and mass generative artificial intelligence (AI) availability both make the top five for a second consecutive quarter as well, with third-party viability topping the list on both occasions.

“Third-party viability’s continued position reflects ongoing shifts in supply chain networks, uneven inflationary effects and continued labour pressures stoking fears that third-parties may become insolvent,” Xu added.

“Mass generative AI availability is concerning risk leaders because almost everyone now has easy access to AI models with nascent (or non-existent) guidelines in place.”

Exploring alternative cloud options

Despite notable risks, end-user spending on public cloud services is forecast to grow 20.4% during the next 12 months. At a global level, that translates to a total investment of approximately $678.8 billion in USD, up from $563.6 billion in 2023.

Within this context, all segments of the cloud market are expected see growth in 2024 – infrastructure-as-a-service (IaaS) is forecast to experience the highest spending spike at 26.6%, followed by platform-as-a-service (PaaS) at 21.5%.

“Cloud has become essentially indispensable,” said Sid Nag, Vice President Analyst at Gartner. “However, that doesn’t mean cloud innovation can stop or even slow. The tables are turning for cloud providers as cloud models no longer drive business outcomes, but rather, business outcomes shape cloud models.”

During the next four years – up until 2027 – 50% of critical enterprise applications are expected to reside outside of centralised public cloud locations, according to Gartner.

As cloud and data centre markets evolve – accelerated by heightened interest in migrating workloads – many enterprise organisations will struggle to identify the right partners and solutions.

“Enterprises are beginning to seek placement for workloads that have not migrated to the public cloud,” said Dennis Smith, Distinguished VP Analyst at Gartner.

“This represents approximately 70% of all workloads, but the growing number of vendors, technologies and overlapping markets makes it difficult to identify the optimal infrastructure choice for an organisation’s unique circumstances and needs.”

For Smith, many options exist for enterprises seeking infrastructure services for their workloads that now reside on-premises, spanning vendor server virtualisation offerings to a full suite of services provided by public cloud providers.

To determine appropriate placement strategies, Smith recommended the need for businesses to firstly evaluate infrastructure requirements, before embracing hybrid capabilities and selecting the right ecosystem partners and solutions.

“Enterprises need hybrid capabilities and always will,” Smith noted. “While public clouds deliver many benefits, such as innovation, agility and scalability, their utility can be limited when deployed outside the locations chosen by public cloud providers.”


Inform your opinion with executive guidance, in-depth analysis and business commentary.