The big cloud lie: it’s time to end dependency

Boundless scalability, the highest level of efficiency and security, the guarantee of always being up to date: the cloud promised a rosy digital future. But behind the marketing façade, many businesses are now seeing a very different picture, with rising levels of dependency, soaring costs and loss of control over systems and data.

Tech groups such as Microsoft, SAP, AWS and Google are pushing their customers further and further into the cloud ecosystem. Refusing to comply means losing access to features or to support, or being pressurised into using unfavourable licence terms. These practices are particularly conspicuous at SAP, that has been working in a targeted manner for years to coax on-premise customers into the cloud pledging innovative services. Yet what sounded like progress has turned into an expensive mistake.

Cost pressure instead of cost benefits: the big cloud illusion
Those who have chosen to migrate to the cloud have often had to contend with a bitter reality, which is that the new, allegedly advantageous technology isn’t as shiny as it was purported to be. A closer look reveals that the savings which were pledged time and time again were just pie in the sky. Initially, the price does indeed seem very attractive. However, as soon as all systems and data have been migrated, customers find out about the rate hikes, additional fees and obscure invoice practices. The habit of making customers pay an additional fee for even the most basic features makes it particularly difficult for them to budget, turning allegedly flexible pay-per-use into an unpredictable money pit.

Security and sovereignty in jeopardy
Security is another growing source of risk. Providers use certificates and pledge conformity to woo potential customers, but cracks begin to appear as soon as data has to cross borders. European data protection legislation such as the GDPR collides with American legal concepts that do not reliably preclude access to sensitive data. This leads to regulatory grey areas, a loss of control and operative uncertainty.

The major breaches we have seen over the past few years (e.g. at Microsoft’s cloud business unit) clearly show how vulnerable even so-called safe services are. Cyberattacks, poor communication around security vulnerabilities and the lack of control customers have in critical situations have exposed a major problem: not managing your infrastructure in-house can leave you powerless in the event of a crisis.

Trapped in the ecosystem: the new dependency upon providers
Providers are keen to promote the flexibility and scalability of their system. Yet this promise is also showing cracks. While it is true that in theory it is possible to adjust cloud resources dynamically, the changes tend to be limited to a particular bracket or package. Users who have slightly higher needs are forced to foot a disproportionally higher bill. Those who have more limited needs, however, end up paying for minimum volumes they may not want. The promised leeway is in fact rather limited and can be contingent on pricing structures, the capacity used by other customers or seemingly arbitrary changes to licensing terms.

The lock-in effect is another issue that is even more worrying: many platforms use proprietary data formats, closed interfaces and services that only work seamlessly within a given ecosystem. Switching to a different provider is therefore often not only technically difficult, but also economically unjustifiable. Any change requires new software, training and infrastructure and, in many cases, a complete overhaul. Through initiatives such as the Data Act, the European Union intends to fight this predicament. However, it remains to be seen to what extent American groups are ready to comply with European requirements.

The only way out: hybrid strategies and digital autonomy
But what are the practical implications of these issues? For many, eschewing cloud services entirely simply isn’t an option, but a paradigm shift is definitely needed. Those who do not wish to blindly bow to a ‘one-size-fits-all’ solution will have to diversify their IT strategy. Hybrid models, i.e. combining cloud and on-premise solutions, pave the way to both control and flexibility. They offer businesses a plan B, making them more resilient and avoid them having to rely upon a single provider.
Used software is another option. With models based on the BYOL approach (Bring Your Own License), businesses can continue to use the licenses they already have in different environments. The targeted use of tested ‘second-hand’ software can lead to major cost savings, often without compromising functionality or security. When paired with hybrid infrastructures, they offer a particularly financially sustainable solution.

Dependency in the public sector: a threat to democracy and government
Businesses needing high levels of data protection, the ability to budget their costs and strategic autonomy are those that will benefit most. Processing critical data in-house or having the ability to at least decide where and how this data is stored can help reduce legal and operative risks. This is also relevant for public bodies and authorities, which also have compliance duties. Basic principles such as sovereignty and democratic oversight make it imperative to avoid being dependent upon individual cloud providers. If an American company were to decide to adjust its prices and to discontinue its services, it could massively impact the ability of European institutions to operate.

Although turning to the cloud can make sense in certain scenarios, it should never be a one-way street. Having a secure, efficient and predictable digital infrastructure requires stakeholders to forget the cushy cloud promises and craft their own approach. No doing so would result in seeing what was supposed to be a trailblazing technology turning into a threat to innovation, security and autonomy.

This is no longer about technology, it’s a question of business accountability. Giving up the control over your IT infrastructure and data is a sign of gross negligence. Freeing yourself from unilateral cloud dependency is not only possible: it is absolutely necessary.