Prominent Concerns Accompanying Cloud Deployment

As major cloud providers have come under scrutiny around the world, governments, customers, and civil society seem motivated by many of the same concerns related to the surety of the cloud environment, concentration in the cloud market, dependence on foreign cloud providers, protection of civil liberties, ensuring cloud services are inclusive, and the impact of cloud operations on environmental sustainability.

Surety* of the cloud environment

  • Concentration and dependence: Dependence on cloud services for core functions and concentration of services in the hands of a few hyperscale cloud providers (sharing some common modes of failure) raise concerns over consequences of service disruptions or outages.
  • Supply chain: Similar concerns arise from increasingly blurred lines between cloud providers and their supply chain (for example, telecom companies).
  • Non-cybersecurity risks: Massive focus on cybersecurity diverts some attention from the prospects of other, nonmalicious triggers of failure.
  • Confidentiality and integrity: While much of the focus is on availability disruptions, serious setbacks could also affect integrity and/or confidentiality.
  • Skills deficit: Regulators’ capacity to ascertain surety is limited due to the complexity and opaqueness of the cloud, skills shortage in governments, regulatory fragmentation and narrow institutional remits, and some cloud providers’ reluctance to collaborate.
  • Unclear responsibilities: Providers, their supply chains, customers, and governments have yet to establish a clear division of responsibility and liability for preventing, withstanding, and recovering from all types of cloud setbacks.
  • Challenges for insurers: Insurers are also struggling to understand, model, and bound cloud risks, severely limiting their policy offerings.
  • Challenges for cloud customers: Customers face serious challenges in scoping their dependencies on the cloud (due to lack of transparency, increasing complexity, rapid evolution, unclear responsibilities, and jurisdiction) and bound their second-order effects.

Asymmetry of power and market concentration

  • Unfavorable contracting: Power asymmetry between providers and (most) customers may bias contracts toward providers and large customers and allow for arbitrary modification of the Terms of Services.
  • Customer choice: Market concentration and providers’ business practices (for example, service bundling and acquisition of smaller cloud service providers) diminish customer choices and dependency adjustment options.
  • Cloud overspend: Typical cloud contracts (which have limited predictability in use, cost structures, volume minimums, egress fees, and so on) commonly inflate spending on cloud services, eroding enterprise market capitalization.
  • Vendor lock-in: Companies wishing to revert to on-premises systems or reduce dependence on individual cloud providers find it operationally challenging (in terms of the necessary time, disruption, skills, and expenses). This is compounded by the lack of common standards on portability and limited interoperability between providers.

Foreign dependence 

  • Competition: Sensitivity of cloud-hosted data and algorithms, and the cloud’s potential as an engine of national and regional competitiveness, drives calls for localization and autonomy requirements and export controls.
  • Human rights: The sale of cloud technology to authoritarian regimes may facilitate human rights abuses by government agencies and major companies but may also raise concerns within those governments over such dependence on foreign vendors.

Cloud access

  • Government access: Concentration of personal and other sensitive data in the cloud amplifies the appeal for governments to have access for legitimate purposes (such as national security and law enforcement imperatives) but also to infringe on privacy and basic freedoms. Various governments may also demand access to data in transit.
  • Privacy and commercialization: Free-to-use or cheap consumer cloud deployments and opaque operations raise concerns that users may be unaware or unable to control how their data is stored and used.
  • Inclusion: Fortunes of less affluent communities and nations hinge on inclusive, equitable, and affordable cloud access.

Other impacts of the cloud

  • Sustainability: Cloud infrastructure has a huge carbon footprint as well as other environmental impacts (for example, water usage).

 

* Understood as cloud security, robustness, and resilience.