New technologies are always a difficult sell. To cite an example from back in 2018, the website Mashable referred to foldable phones as a “short-lived fad”. That comment echoes older sentiments around video games, the internet, cryptocurrency, and even the radio and the telephone. Mercifully, all of these predictions turned up false – and we’re still playing with brief gimmicks decades after their introduction.

The cloud, i.e. a place where things are stored on the internet, has had a similarly rocky upbringing. However, among industry types, the cloud has been considered a necessary development for quite some time. IBM company Taos outlined some lofty goals for the technology more than ten years ago, claiming that most physical hardware will be retired in favour of the cloud by 2020. Cloud would become the newest commodity and we would purchase it “as we do electricity, water, or gasoline”. Of course, at the consumer level, that simply hasn’t happened. The 15GB that comes free with a Google account is more than sufficient for most people’s photo storage needs. Business needs are different, though. The cloud allows for enhanced scalability, disaster recovery, portability, and (supposedly) overall lower operational costs.

Access Management

Let’s look at that latter benefit and consider the coming irony. Two-fifths of cloud-dependent companies are now unable to control the costs associated with running their cloud infrastructure, due to how much their e-commerce divisions have grown. This scenario may imply that the cloud’s functionality declines with increasing use, effectively becoming a burden on any organisation that does its business via the internet. More worrying, especially for customer-facing companies, is that the cloud is becoming a target for malware and similar threats. Online retailers that utilise the cloud ideally require an additional security layer in something called customer identity and access management (or CIAM), which is a kind of authentication in e-commerce, designed to limit just who or what can get inside a business’ most sensitive parts.

So, current trends in e-commerce seem to indicate that at least some stores are pulling back from a completely cloud-based model, the same one that Taos so happily guessed at so many years ago. The potential problems with an unsecured cloud started to appear way back in 2013 when Yahoo was breached by a spear-phishing campaign to the tune of 3bn customer accounts. Since then, Facebook, LinkedIn, the Marriot Hotel chain, and e-commerce firm Alibaba have all suffered attacks on their cloud services. Combined, the number of compromised pieces of user data exceeds 5bn, all of which once lived in the cloud of a multinational company. These incidents are, of course, rare and exceptional but they do demonstrate that the cloud isn’t an infallible thing.

What’s the solution? Much the same as the one required to prevent password loss, namely, education and care. The cloud is not (and never has been) a fad and many of its potential applications are still unrealised. It’s up to IT managers to determine just how insecure they’re willing to let their cloud applications become.