Businesses are relinquishing control to cloud giants like AWS, Microsoft, and Google, leading to concerns about being trapped in proprietary “captivity clouds” that make it challenging to switch providers, warns an expert. New research conducted by Forrester Consulting reveals that almost 40 percent of organizations admit losing control over their IT and security environments.
Despite the operational and financial benefits of cloud platforms, the study, which surveyed 449 global IT decision makers, indicates that migrating on-premises systems to infrastructure providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) often becomes a one-way journey. While these cloud providers offer a range of cloud-hosted services for digitally transformed environments, Forrester found that once businesses commit to rebuilding their infrastructure on one of these platforms, they become tied to that provider’s application strategy.
Similarly, software-as-a-service (SaaS) application providers often operate on one cloud ecosystem, which may not align with the cloud platform their customers are using. Consequently, customers may have limited visibility into the backend operations and must rely on the security, data governance, and infrastructure resilience practices of these providers to meet governance, regulatory, and compliance requirements.
Several challenges exacerbate this situation, including the proliferation of applications (cited by two-thirds of respondents), an increase in application locations (62 percent), the shift from on-premises to the cloud (54 percent), and the rise of remote and hybrid workforces (49 percent).
Raymond Maisano, Head of Cloudflare ANZ, likened this predicament to the famous “Hotel California” song – a place where you can check in but never leave. He emphasized that organizations accustomed to controlling their security and connectivity through on-premises infrastructure are now struggling to manage their cloud environments effectively.
While cloud providers offer APIs to help customers integrate their cloud services, manipulating data flows and control points across different providers can be a significant challenge due to varying approaches to policy control. Each provider, such as AWS, Microsoft, Google, and Salesforce, has its unique control mechanisms, which can hinder flexibility and innovation.
The lack of control across business infrastructures is a growing issue, preventing IT and security teams from monitoring their environments effectively. A survey by ISACA found that Oceania firms, in particular, face challenges securing digitally transformed environments, with 65 percent reporting security understaffing and 61 percent claiming they are underfunded. Cyberattack volumes have increased for 56 percent of Oceania respondents in the past year, while only 36 percent are confident in their ability to detect and respond to cyber threats.
This situation raises concerns about the underreporting of cybercrime in Oceania, with 78 percent believing that organizations in the region are not adequately disclosing cyber incidents. These issues have direct implications for governance, regulatory, and compliance (GRC) requirements, including prudential standards and changes to privacy laws.
As cloud giants introduce generative AI tools within their ecosystems, like AWS’s Amazon Bedrock, preserving choice and flexibility is crucial. Maintaining a “single control plane of security and policy” can enable customers to apply consistent management policies, regardless of where each application runs. While AI offers opportunities to enhance data openness and intelligence, there is a risk that AI could also become another walled garden within cloud ecosystems.
