Risks of public clouds

Illustration Cloud-Risiken

Anyone who relies on cloud solutions must first and foremost place a certain amount of trust in the cloud provider. Cloud systems are affected by the same risks as other IT systems, such as malfunctions, failures, attacks, operating errors or misuse. In addition, there are cloud-specific risks which arise from the structures of a cloud.

Cloud-specific risks include:

  • Lack of data security: This primarily concerns the secure transmission of data via a network, secure access permissions for the data or protection against accidental deletion or modification of data.
  • Inadequate data protection:
  • Compliance with the legal regulations for the handling of data, in particular with EU data protection directives, must be ensured. The location of the servers on which the data is stored plays an important role in this regard. According to the EU directives, companies are also obliged to erase certain data at regular intervals.
  • Unwanted duplication and distribution of data: Usually, it is not apparent where data is processed. Processing or storage can also be distributed, especially if a cloud provider sources parts of its resources externally.
  • Lack of transparency of data storage: In general, users cannot check the physical storage of data. For example, it is difficult to check whether the data has been properly stored or erased.
  • Limited possibilities of control: Control of data processing via corresponding protocols and documentation is subject to the provider’s discretion; users must be provided with an explicit possibility of control, or must rely on the data and documents provided.
  • Dependence on the cloud provider: The user depends on the provider’s reliability to provide the agreed services and handle the data appropriately.
  • Unauthorised profiling and disclosure of data: Particularly through on-demand use, some data is logged in cloud computing for invoicing purposes. It cannot be ruled out that a provider creates usage profiles. Content data can also be viewed and analysed. Unauthorised disclosure to third parties is possible as well.
  • Risk of vendor lock-in: This term refers to the unwanted connection to a provider when cloud services cannot be easily replaced by an equivalent solution. This situation occurs when proprietary technologies are used that are incompatible with those of competitors. Contractual restrictions can also lead to vendor lock-in, for example, if the extraction of (large) amounts of data from a cloud application leads to (high) compensation payments.


Back to overview