Commercial risks

Commercial risks

You’ve seen some of the security risks associated with the cloud. But, from a commercial perspective, is the cloud always better?

There are many reasons organisations opt for a cloud-based IT solution: increase availability, flexible scalability, and, of course, lower costs.

Photo showing a staff member indicating to line chart readout on screen.

How much does it cost?

An organisation which has its own private servers on-premises has to purchase the hardware up front. This capital expenditure (Capex) is often quite significant, and staff will need to be hired or trained to maintain and run the servers. Also, over time, parts will fail or become obsolete, and so upgrades need to be purchased.

The attraction of the cloud is that all these costs are handed over to the cloud provider, and an organisation only has the operation expenditure (OpEx) of paying for the cloud resources they use. This way an organisation can have the same IT services but with none of the Capex.

The attraction of this kind of business model is clear, but it also poses one of the biggest commercial risks of cloud computing.

What are the commercial risks of the cloud?

Only having OpEx is attractive in the short term as large amounts of capital doesn’t need to be provided up-front when launching a new service. But OpEx can be variable and sometimes hard to predict as it will depend on the demand for cloud resources. If there’s a mismatch between the income generated by the new service and the cost of the cloud resources consumed, then cash flow can be adversely affected.

There’s also another more fundamental problem. As an organisation comes to rely on a cloud provider’s services, it will gradually lose the in-house resources and skills to provide those services. This makes it harder to move away from a cloud solution should they want to.

This problem is made worse by the likelihood that, to make efficient use of the cloud provider’s services over time, the organisation will increasingly integrate its business applications with the application programming interfaces, or APIs, of the provider. This could also make it harder to migrate services from one provider to another.

How can you mitigate the risk?

However, having plans to up-skill internal resource and or a digital transformation strategy to maintain and manage cloud services, will make it easier to move away from the cloud provider in future – which avoids the problem of vendor lock-in.

So, perhaps the most important thing for an organisation to have in place before moving to the cloud is an exit strategy.

What’s next?

Next up, you’re going to take a look at some enhanced cloud service controls.


In this Course on virtualisation and cloud computing, you will learn about the advantages of the cloud, how it works and cloud model types. You will also explore the security and privacy issues, commercial risks, and service controls involved in cloud computing and virtualisation.

About the Author
Learning Paths

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.