Harmful effects of “cloud concentration” now a key concern for IT leaders

A virtual image of a cloud in light blue on a dark blue background signifying public cloud
(Image credit: Getty Images)

“Cloud concentration” is now among the top risks identified by organizations and could harm long-term innovation and technology goals, new research has found.

Referring to the practice where an organization is heavily reliant on one particular hyperscale provider, cloud concentration was highlighted as one of the top five emerging risks among IT leaders for the second consecutive quarter, according to Gartner.

The study suggested that overdependence on one hyperscaler could cause severe disruption to operations if an incident - such as a security breach or downtime - were to occur at a provider.

Limited options with regard to technologies as a result of cloud concentration could also harm long-term innovation goals, the study found.

Ran Xu, director of research at Gartner’s legal risk and compliance practice, warned that businesses no longer view cloud concentration as an “emerging” risk, and instead view the prospect of disruption as a leading risk consideration.

“The risk associated with cloud concentration is fast losing its ‘emerging’ status as it is becoming a widely recognized risk for most enterprises,” she said.

“Many organizations are now in a position where they would face severe disruption in the event of a failure of a single provider.”

“Cloud concentration” risks

Growing concerns over cloud concentration have arisen due to a sharpened focus among many businesses to consolidate IT operations and direct efforts toward a “handful of strategic providers”, according to Gartner.

This shift has been part of an effort to reduce complexity across IT estates, the consultancy said, as well as to cut costs and contend with evolving skill requirements.

The issue has been further compounded by the fact that a “handful” of hyperscaler vendors dominate global and regional markets, the study found.

In the UK, for example, concerns over the dominance of hyperscale providers such as Google, AWS, and Microsoft, have prompted a regulatory probe into whether their market shares are harming customers and impacting innovation.

“Where organizations have chosen to go the route of hosting their IT services in public clouds, there aren’t many obvious ways to avoid concentration risk while keeping the benefits of cloud services,” said Xu.

“Moreover, regulations at the country and subnational level diverge on concentration risk, anti-competition, data sovereignty and privacy rules pertaining to cloud services – further complicating the picture.”

Gartner specifically highlighted three potential consequences of cloud concentration, including the prospect of a “wide incident blast radius”.

In this instance, the failure of a particular cloud provider could seriously impact business continuity and result in disastrous consequences such as loss of earnings and reputational damage.

“The more applications (and business processes) depend on a particular cloud provider, the greater the potential breadth of impact of a cloud service issue, which may heighten business continuity concerns,” the consultancy said.

“Concentrated dependency” on a specific vendor could also harm future technology options and long-term innovation, the study warned. This culture of dependency means vendors are able to exert “significant influence” over an organization’s future technology strategy.


How Security and User Experience Can Power Your Hybrid Workforce’s Productivity whitepaper

(Image credit: Zscaler)

Reduce security risks while supporting hybrid and remote work


Regulatory compliance challenges were also identified as a harmful effect of cloud concentration, according to Gartner. This is because some regulatory bodies may hold different views of the risks associated with concentration of IT infrastructure.

“Organizations may be unable to meet regulatory demands to address concentration risk across different regulatory bodies, which may have different approaches to concentration risk.”

Xu said the research underlines both the importance of having a “well-considered continuity plan” in the event of an IT provider failure, as well as consideration of alternative cloud strategies.

“Currently, if the benefits of public cloud use are considered strategically important to a business, there are not many obvious solutions to remove the risk altogether,” he said.

Businesses are increasingly diversifying their IT estates amidst a shift to multi-cloud and hybrid cloud practices. Research from Google last year pointed to a growing hybrid cloud shift among organizations, with 48% of tech leaders operating under a “mostly hybrid” setup compared to just 40% in 2020. 

A separate survey from Parallels this month also found that nearly two-thirds (64%) of respondents had implemented hybrid cloud practices over the last year.

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.