Organizations often grapple with whether to rely on internal IT infrastructures or embrace cloud services. Here are some key points emphasizing the importance of maintaining control within an organization’s environment:

  • Security Concerns and Trust
    • Barrier to Adoption: Many IT managers express reservations about cloud adoption due to security concerns. When entrusting data to third-party data centers, the fear of compromising data security, control, and access looms large. OT groups and production teams consider cloud deployment an option because they feel they can sidestep the red tape that IT generates and barriers erected to protect the enterprise. The perceived value of the cloud is overshadowed by the ongoing service costs, year after year.
    • Risk Perception: Organizations worry about security breaches leading to data loss, reputation damage, or unauthorized access to sensitive information. With mounting breaches into online systems, the benefits start to pale in the face of such breaches.
    • Communication Breakdowns: Consolidating vast amounts of data in public clouds raises concerns about communication breakdowns and potential points of failure.
    • Revelations like PRISM: Recent revelations about mass electronic surveillance programs (such as PRISM by the US National Security Agency) add to these apprehensions1.
  • Diverse Cloud Forms and Unforeseen Costs
    • Cloud Variety: A spectrum of cloud computing forms exists, each with distinct characteristics. From public clouds (like AWS, Azure, or Google Cloud) to private clouds and hybrid models, organizations must choose wisely based on their needs.
    • Vendor Relationships: Each cloud vendor has unique relationships with the underlying cloud platform service they are hosted on. These relationships impact performance, security, and costs.
    • Hidden Charges: Unforeseen ingress, egress data, and storage charges can accumulate significantly. Organizations often overlook these until it’s too late, leading to unexpected costs.
  • Risk Assessment and Security Layers
    • Nuanced Understanding: Organizations must grasp the nuances of different cloud forms and deployment models. This understanding enables informed decisions.
    • Visibility Challenges: Lack of visibility into the underlying security layers or protocols creates apprehension. Organizations worry about data exposure and potential enterprise penetration.
    • Accurate Risk Assessment: To mitigate vulnerabilities and data breaches, accurate risk assessment hinges on understanding the intricacies of cloud forms.
  • Vendor Viability and Business Continuity
    • Vendor Dependency: SaaS relies heavily on third-party vendors. If a vendor goes out of business, the service ends abruptly, and data becomes inaccessible. According to a McKinsey & Company study, only 20% of SaaS companies survive their first five years in business. One of the main reasons for SaaS failure is insufficient product fit with the market. In regard to manufacturing, the functionality inherent in almost all SaaS manufacturing monitoring vendors is deficient in their ability to normalize data. The old adage of “garbage in, garbage out”, holds true in most cases, given that data is directly written to the database without validation or normalization. One manufacturer reported that it required two engineers to adjust the data on a daily basis due to incorrect data reporting.
    • Operational Impact: Relying solely on a SaaS system jeopardizes shop floor productivity. Any disruption in service can halt critical operations.
    • Perpetual License Model: In contrast, perpetual license models allow organizations to retain control of their data within the enterprise. Even if a vendor fails, operations continue without immediate impact.
  • SaaS Startup Challenges
      • High Failure Rate: Over the last three years, more than two dozen venture-supported SaaS startups have closed their doors. These closures affected companies that had been operating for several years, highlighting the industry’s challenges.
      • Dynamic Yet Risky: While the SaaS industry is dynamic and promising, it faces inherent risks. Startups must navigate these challenges to survive and thrive.
  • Effective Security Controls
    • Misconfiguration Challenge: Misconfigurations remain a common challenge in cloud services.
    • Seven Key Controls:
      • Access Management: Properly manage user access and permissions. This is usually a cloud service feature and rarely provides robust functionality.
      • Encryption: Encrypt data at rest and in transit. Note there is little to no encryption of data streams from IoT devices, which usually output standard protocols such as MQTT Sparkplug B.
      • Logging and Monitoring: Monitor activities and detect anomalies. This is usually a cloud service feature and rarely provides robust functionality.
      • Patch Management: Keep systems up-to-date with security patches. This is usually a cloud service feature and rarely provides robust functionality.
      • Network Segmentation: Isolate critical components.
      • Identity and Authentication: Implement strong authentication mechanisms.
      • Incident Response: Be prepared to respond swiftly to security incidents3.
  • Internal Controls for Minimizing Risk

In summary, organizations must weigh the benefits of SaaS against the risks, considering vendor viability, unforeseen costs, and the impact on business continuity. A well-informed approach ensures successful adoption of cloud services while mitigating potential pitfalls1. There is no one-size-fits-all answer. Security decisions depend on an organization’s unique context, risk tolerance, and specific requirements. Some IT teams prioritize the flexibility and managed services of the cloud, while others prefer the control of internal infrastructure. In summary, while cost savings are a compelling factor, organizations must invest in robust security practices to mitigate risks associated with cloud adoption12. The decision ultimately depends on an organization’s unique context and risk tolerance. In many cases, leaving the IT job to the internal professionals makes the most sense and ultimately pays off. Having the IT team involved from the beginning is not only a successful approach, but a prudent one, given the potential to risk.