Counting on one cloud provider can be risky business. Here's why

The simplicity of relying mostly on a single cloud vendor may seem enticing. Gartner warns against it.
Written by Sabrina Ortiz, Editor
Cloud tech illustration
Andriy Onufriyenko/Getty Images

In the digital age we live in, the cloud has become a cornerstone of many organizations' operations. However, reliance on one cloud provider for multiple business functions can be a risky choice, according to a new Gartner survey. 

For the second quarter in a row, Gartner identified cloud concentration as a top five emerging risk for organizations. The results were based on a survey that asked 294 risk executives about their views on emerging risk. 

Also: Generative AI can't find its own errors. Do we need better prompts?

Many organizations have opted for cloud concentration because focusing their IT efforts on just a handful of providers reduces IT complexity, cost, and skill requirements, according to Gartner. Despite the convenience, there is still a risk cost for that decision. 

"The risk associated with cloud concentration is fast losing its 'emerging' status as it is becoming a widely recognized risk for most enterprises," said Ran Xu, research director at Gartner. "Many organizations are now in a position where they would face severe disruption in the event of the failure of a single provider."

Gartner identifies three main potential consequences of the risk: Wide incident "blast radius," high vendor dependence, and regulatory compliance failures. 

Wide incident "blast radius" refers to the greater impact that a cloud service outage has as more applications and business processes depend on one particular provider. 

Also: Overseeing generative AI: New software leadership roles emerge

The risk with high vendor dependence is that when there is a concentrated dependence on a particular cloud vendor, those providers will be in a position where they can exert significant influence over an organization's technological future, according to Gartner. 

Lastly, organizations may fall into regulatory compliance failures, or as Gartner explains, "may be unable to meet regulatory demands to address concentration risk across different regulatory bodies, which may have different approaches to concentration risk."

The other four emerging risks for quarter three of 2023 are third-party viability, evolving sociopolitical expectations, mass generative AI availability, and personal data regulatory fragmentation. 

Unsurprisingly, third-party viability and mass generative AI availability also made Gartner's top 5 emerging risks for 2023 for the second quarter in a row. 

Editorial standards