Cloud computing isn’t going anywhere, but it is undergoing significant change. Challenges such as GDPR data-compliance requirements, massive DDoS attacks and containers are set to reshape the way businesses use the cloud.

The cloud has always been evolving. A decade ago when cloud computing became popular, most cloud infrastructure was limited to virtual servers.

Fast-forward to today and cloud-service offerings are much richer. You can run bare-metal servers in the public cloud. You can take advantage of a suite of built-in monitoring and management tools. You can leverage new technologies such as serverless computing to deploy software in ways that were virtually unheard of just a few years ago.

The number of cloud providers has grown, too. Virtually every major technology company now runs its own public cloud — from Red Hat and Oracle to Adobe and IBM.

Yet despite these changes to the cloud ecosystem over the past several years, the channel has yet to encounter challenges that completely modify the way companies use the cloud. Cloud strategies have evolved, but they have not been totally reworked.

More momentous change may now be afoot. Over the past couple of years, novel developments very significantly have changed – or are set to change – who can use the cloud, and what they can use it for.

Consider the following new forces in cloud computing.

GDPR Compliance Requirements

The European Union’s General Data Protection Regulation, or GDPR, imposes a litany of new compliance requirements on technology companies. The requirements include, but are not limited to, secure management of consumers’ data in the cloud.

Data privacy and compliance regulations are nothing new, of course. But the significance of the GDPR is that its requirements are so spectacularly broad. They are poised to impact companies across the globe, not just those that operate in the E.U.

This is because, in general, the GDPR requirements apply to any company that has a presence in or serves customers who operate anywhere in the European Union. Even if the services you provide don’t involve Europe in any way, you may still be subject to GDPR requirements if your customer has a presence of some kind in Europe.

In other words, as MSPAlliance’s Charles Weaver writes, “If you have a customer with any presence in Europe, your managed-services practice could very well be covered by GDPR.”

Because the GDPR mandates practices such as controlling the physical location of data and ensuring that users can erase data permanently, it places a potentially heavy burden on the ability of impacted organizations to use public cloud resources. Guaranteeing users’ privacy is more difficult for organizations that use the public cloud because they lack direct control over the servers that host the data and can’t always make firm promises about how and where it is stored, or when it is deleted.

The GDPR doesn’t mean most organizations will have to avoid using the cloud anymore. It’s not that radical. It’s also unclear, as of now, how aggressively the E.U. will enforce the GDPR requirements. There is reason to believe that the law’s main target is large American tech companies, and that regulators won’t be looking to shut down MSP operations because of the way they use the cloud.

Still, the GDPR makes the cloud significantly more complicated for organizations that are compliance-aware. For many, it requires a rethinking of the way they leverage the cloud, and it will prevent at least some from using the cloud at all in certain contexts.

DDoS Attacks

You might be surprised to learn that distributed-denial-of-service (DDoS) attacks have been happening for almost a half-century. Over the past couple of years, however, they have assumed unprecedented scale and caused significant disruption to cloud services.

The Dyn DNS attack of 2016, which took down a number of AWS-hosted websites, is the best-known example. It exposed the cloud’s “soft underbelly,” as InfoWorld’s Fahmida Rashid wrote.

At the outset of the cloud age, one of the most powerful arguments in favor of moving to the cloud was that your workloads would be more reliable. Infrastructure failures and scalability limitations wouldn’t make your websites or services go down. But the prevalence of DDoS attacks means that is no longer such a safe bet. And although anti-DDoS services provide some protection, they are not perfect. The best defense against DDoS threats is to adopt a multi-cloud strategy, but that is expensive and adds management complexity.

Some organizations may decide it’s not worth it, and will migrate back to on-premise hosting. A DDoS attack could target on-premise infrastructure, too, but only if a specific organization’s infrastructure were targeted. On the public cloud, a much larger group of users can be impacted by targeting the cloud platform.

Containers

You might not think containers will have a negative impact on how organizations use the cloud. Virtually every major public-cloud provider now offers a hosted container service, such as AWS ECS and Azure AKS. Yet these services pose a challenge to the cloud because they restrict the way businesses can run containers. With a hosted container service, your freedom to choose which tools to use for orchestration, container image hosting and more, is limited to what the cloud host offers.

Limited choice is not a good thing from many business’ perspective — especially in an age when DevOps and open source predominate.

If a hosted container service from a cloud provider is not attractive, organizations might decide to run containers on premises. In addition, as workloads migrate to containers, organizations are less dependent on virtual machines, which remain the bread and butter of cloud-computing services. By extension, the cloud becomes less important.