TALKING

Vendor lock-in is no longer a hypothetical threat; it’ s a hard commercial reality. Many cloud contracts, especially those with hyperscalers, are complex, opaque, and heavily skewed in favour of the provider. Once signed, businesses often find themselves locked into long-term agreements that are expensive( and technically daunting) to exit. These arrangements are rarely presented as such at the outset of commercial conversations.

Now, consider the implications of being tied into multiple such contracts, each with limited flexibility and punitive exit costs. This is difficult enough for a CFO, not to mention the critical questions it raises for CISOs such as: How do you maintain agility? How do you retain control? How do you manage the commercial risk?

One answer lies in the concept of economic sovereignty, which means having the ability to make independent, cost-efficient decisions about where and how workloads are run. Like national sovereignty in policymaking, this organisational autonomy is becoming essential in avoiding the systemic risks of cloud dependency.

But before we look at how to build this kind of resilience, it’ s important to understand what’ s at stake and why getting it right is not just a matter of strategy, but, in some cases, company survival. difficult to uphold when systems are distributed across different vendors. Availability, in particular, becomes vulnerable. Security solutions and protocols can vary significantly between providers, and these mismatches create gaps. These gaps are precisely the weaknesses that attackers look to exploit.

These challenges often emerge well after initial onboarding. By that point, vendor lock-in has taken hold, and for organisations with multiple cloud platforms, the cost of moving away from providers that no longer serve the business can be prohibitive.

For CISOs, the implications are clear. Cloud risk is no longer limited to data breaches or technical resilience. It increasingly encompasses strategic and financial considerations. Cost predictability, contractual flexibility and the freedom to adapt must be core criteria when assessing any multi-cloud ecosystem and not just technical performance alone.

What makes this an issue for CISOs, and not just a business concern?

CISOs are there to ensure the survivability and resilience of the business. Their role requires managing a wider risk profile and supporting the CFO in ensuring the organisation has a plan for commercial risks and threats to operations.

Security isn’ t just about preventing attacks – it is about making sure the organisation has visibility to a wide range of threats that may impact operations.

Building resilience into multicloud strategies

John Bradshaw, Akamai’ s Director of Cloud Computing Technology and Strategy EMEA

What are the risks facing CISOs?

For CISOs navigating a multi-cloud landscape, the risks are layered and increasingly complex. One of the most visible threats remains the headline-grabbing cyberattack such as breaches in which sensitive data is compromised due to gaps in security between cloud providers. With such incidents growing in both frequency and prominence, maintaining robust defences against these threats continues to be a top priority.

Yet beyond these high-profile attacks lies a more persistent challenge: achieving consistent security standards across a fragmented cloud environment. The core principles of cybersecurity, often defined by the CIA triad( Confidentiality, Integrity, and Availability) are

Given the range of risks outlined above, it’ s clear that CISOs must take a far more strategic and forwardlooking approach when evaluating their organisation’ s multicloud systems. This isn’ t just about performance or uptime. It’ s about preparing for disruption, especially the kind that arrives without warning.

What happens, for example, if a cloud provider is suddenly subjected to new government tariffs, regulatory scrutiny, or even outright bans? These may seem like distant scenarios, but the geopolitics of technology in today’ s world are moving quickly. Cloud infrastructure is increasingly a national security concern, and providers can quickly find themselves caught in the crossfire. For CISOs, that means planning for exits even before a contract is signed.

www. intelligentcio. com INTELLIGENTCIO EUROPE 35