The cloud is woven into everything digital these days. In fact, the vast majority of digital services now run on some sort of cloud platform. It’s becoming increasingly rare to come across something that’s running on private servers. Even big banks, institutions and other major organizations are now relying on a mixture of public and private hybrid cloud setups.
That’s great and it just goes to show the massive benefits and potential that the cloud has. If big companies that can afford their own infrastructure, are instead opting for the cloud, it’s just obvious that this approach is better. Then again, doesn’t all of this create too much of a dependency on the cloud?
Lately, this has become a bit of a hot topic. Analysts from various industries have discussed if organizations are becoming too dependent on the cloud and if that’s a risk for them. Also, the cloud isn’t cheap, but the economic times are a bit… cloudy, too. So, what can companies do if they are dependent on the cloud during tough economic periods? We will check that out, too.
Are banks at risk?
A recent feature by the Financial Times focuses on how the cloud is exposing banks to risks. “In July, the Bank for International Settlements said that the financial sector’s increased reliance on cloud computing was “forming single points of failure” and “creating new forms of concentration risk at the technology services level,” says FT.
In 2020 the Bank of England found that more than 65% of UK banks relied on just four cloud services. The Federal Reserve Bank of New York has also warned that if financial services are connected “through a shared vulnerability,” this could cause “shock throughout the network.”
One particular worry is an outage of the cloud service. “We’ve seen how businesses can be seriously compromised by global outages and cyber attacks on cloud service providers like Microsoft or Amazon Web Services,” says Milad Aslaner, head of the technology advisory group for Sentinel One.
Another risk is compromising the “entire digital estate of an organization.” For example, hackers could gain access to a cloud console via a classic phishing attack and gain the credentials of a user with a certain access level. Or they could attack the cloud vendor and gain access via it. Although that is far more difficult it could still lead to some unfortunate events for the bank. This is why Aslaner says “there’s a shared responsibility model between the cloud service provider and the organizations.” Both must work together to make sure the risks are mitigated and as minimal as possible.
The solution isn’t all that different from what companies in other industries should do. For example, the UK’s National Cyber Security Centre advises putting security as or near the top priority when selecting, deploying and using cloud services. This would mean developing a cloud security plan focusing on finding and solving challenges on a continuous basis. Don’t forget to include the risks not only for processes and technologies but for employees, too.
It should come as no surprise that the financial industry is one of the most attacked by hackers. According to IBM, it’s the second for high-price average breaches for 2021. Impacted financial organizations lost an average of $5.97 million per breach. Only the health industry has a higher average loss.
Despite that, IBM supports the idea of financial organizations using the cloud. It recommends they opt for a hybrid cloud model. In order to decrease the cyber risk, they should distribute workloads across on-premises, public and private clouds.
“We work with 19 of the top 20 Fortune 500 banks. While malicious attacks can’t always be avoided, a secure, hybrid cloud environment can help mitigate the risk and reduce vulnerabilities,” says Prakash Pattni, managing director of digital transformation at IBM Cloud for Financial Services. He also adds that there already are industry-specific clouds built to address their challenges per their unique requirements.
Of course, some aren’t so keen on multi-clouds. Lydia Leong from Gartner reminds them they are expensive, but also says they stifle innovation which is a bit weird. If anything, a multi-cloud approach opens the opportunity for smaller players to attract big clients by offering specific features and services to add to their setups. Leong though thinks the multi-cloud is complex and expensive and negates the business case for the cloud.
Institutions also have issues
Governments also are increasingly using the cloud for their daily operations. According to Gartner, about 50% of US agencies are already actively using cloud services. The other 50% though would be challenging to move to the cloud. Most of them are more specific and/or not so IT invested. One challenge is observability or ensuring there’s enough network visibility and tools to monitor and manage the cloud properly.
“Observability is a modern approach to monitoring that provides complete visibility and context across the full stack of infrastructure, applications and the customer experience. This approach is designed to provide teams with the visibility and insights needed whether they are optimizing IT services, migrating to the cloud, or building new cloud-native applications,” reports the Federal News Network.
According to a survey by Splunk, almost 80% of public organizations still are at the beginning stages of understanding and using observability tools. Observability can help decrease the fear of being too dependent on the cloud. That fear comes from the notion that the cloud is something distant and things happen beyond the eyes or control of the users. Well, observability solves this as it gives you the complete picture of what’s going on in your cloud environment.
It provides end-to-end visibility, and it can be applied to hybrid setups, too. There are plenty of observability solutions out there already and new ones are popping up often. Splunk’s survey shows that observability does matter and can change the perception and use of the cloud. It found that public organizations are less confident about meeting their SLAs (service level agreements) for app availability – just 22% of them think they can. In contrast, 48% of private companies are confident they can.
One of the reasons is that many public sector organizations are using hybrid clouds. They are more fragmented and thus more of a challenge to monitor properly. Therefore, inefficiencies tend to remain “hidden” for longer and issues can arise more often. Observability can solve this by giving more insight and helping organizations proactively find possible issues and tackle them beforehand.
Benefits of observability
Observability brings some key benefits, says InfoWorld. Companies can and should use them to the fullest. Here are some of the main ways this method can help companies and give them additional value.
The first one is trends. Observability gives companies the ability to gain insight into the performance of their cloud services and features over longer periods. And they can see specifically when and where the weak points of issues are to tackle them accordingly.
Next, analysis. It goes hand in hand with the trend data. After all what it is for if not to be analyzed and go beyond simple monitoring. Gaining valuable insights is critical. And this approach allows you to find correlations even between items that don’t seem connected but can be a cause of issues. For example, why all of a sudden, your sales are dropping and whether or not that has something to do with the fact that a specific module is working slower than usual.
Next, tracking. Observability also has all the features of classic monitoring. This means getting data in real time, but also building on top of that with actionable insight. This goes hand in hand with the learning benefit which opens the door for better automation and advanced AI systems to help get the most out of your cloud setup.
Final two benefits – alerting and action. They are pretty obvious, too. Observability gives systems the ability to tackle issues and alert them appropriately. For example, separating alerts by priority – something that needs attention as a preemptive measure or something that requires immediate action.
Preparing for the economic headwinds
According to Bloomberg’s forecasts, the probability of a recession over the next 12 months is 47.5%. It was just 30% in October 2022. A lot of organizations are now starting to prepare for such an event and the dependency on the cloud is again a hot topic. Companies can’t really stop using the cloud now as a lot of them have their entire business processes moved to it. Scaling down is also not really an option for a lot of them. Again, some workloads just need a certain level of resources.
With that said, it’s not impossible to better manage your cloud usage and setup during a recession, IoTForAll notes. A survey by Wanclouds says that 81% of American IT leaders have already received orders to either not increase cloud spending or even reduce it.
But as noted, that’s easier said than done. So, IT managers must get creative to achieve the balance of optimizing costs but keeping productivity at the needed level. Especially when 53% of us IT leaders say they have come across unexpected cloud costs and spent more than they planned for the first half of 2022. This is a clear sign that a lot of companies are still getting in tune with what the cloud truly offers and are struggling to learn everything about it.
The key and proper way to optimize cloud costs are… yes, real-time insights over the entire cloud usage. Again, we are coming back to observability to gather and apply data and measure accordingly.
Also, don’t neglect the disaster recovery plan. It’s easy to get tempted and slash costs via it, but it can be a very costly mistake. Instead, focus on it and make sure you have a plan on what to do if some form of disaster or breach happens. Key goals: prevent data loss and ensure that any downtime to be as short as possible. Still, nearly two-thirds of businesses experienced a data loss in 2021. 31% of them also had downtime or service unavailability for up to 10 hours, which spelled the end for some companies.
So, don’t neglect the disaster recovery plan even during a recession as it can save your business. For sure, you can optimize it, too. In fact, there are now specialized services that will help you out by automating a lot of the processes for backups and first actions in case of a disaster.