Cloud concentration considered a major emerging risk for firms

The risk associated with dependence on a particular cloud provider for multiple business capabilities is in the top five emerging risks for organisations for the second consecutive quarter, according to a survey by Gartner.

The Gartner Q3 2023 emerging risks report – based on a survey of 204 risk executives – contains information on the possible impact, time frame, level of attention, perceived opportunities and more for 20 emerging risks.

Ran Xu, director of research in the Gartner legal risk & compliance practice, said: “The risk associated with cloud concentration is fast losing its ‘emerging’ status as it is becoming a widely recognized risk for most enterprises. Many organisations are now in a position where they would face severe disruption in the event of the failure of a single provider.”

Third party viability and mass generative AI availability both make the top five for a second consecutive quarter as well, with third-party viability topping the list on both occasions. Xu added: “Third-party viability’s continued position reflects ongoing shifts in supply chain networks, uneven inflationary effects and continued labour pressures stoking fears that third-parties may become insolvent. Mass generative AI availability is concerning risk leaders because almost everyone now has easy access to AI models with nascent (or non-existent) guidelines in place.”

Gartner says that cloud concentration risk has come about because many organisations have opted to focus their IT efforts on a handful of strategic providers in order to reduce IT complexity, and therefore also risk, cost and skill requirements. Compounding the problem, a handful of hyperscale vendors dominate global and regional markets with superior technical capabilities, business reach and partner ecosystems.

Xu said: “Where organisations have chosen to go the route of hosting their IT services in public clouds, there aren’t many obvious ways to avoid concentration risk while keeping the benefits of cloud services. Moreover, regulations at the country and subnational level diverge on concentration risk, anti-competition, data sovereignty and privacy rules pertaining to cloud services, further complicating the picture.”

“Currently, if the benefits of public cloud use are considered strategically important to a business, there are not many obvious solutions to remove the risk altogether. That’s why it is especially important that businesses have a well-considered continuity plan to put into action should they face any major cloud service issues.”

    Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023