John Bradshaw, Akamai’ s Director of Cloud Computing Technology and Strategy EMEA, explores the critical challenge for CISOs in achieving consistent security across increasingly complex multicloud deployments, without compromising agility or becoming tied to specific vendors. loud concentration is becoming one of the

Vendor lock-in is no longer a hypothetical threat; it’ s a hard commercial reality. Many cloud contracts, especially those with hyperscalers, are complex, opaque, and heavily skewed in favour of the provider. Once signed, businesses often find themselves locked into long-term agreements that are expensive( and technically daunting) to exit. These arrangements are rarely presented as such at the outset of commercial conversations.

Now, consider the implications of being tied into multiple such contracts, each with limited flexibility and punitive exit costs. This is difficult enough for a CFO, not to mention the critical questions it raises for CISOs such as: How do you maintain agility? How do you retain control? How do you manage the commercial risk?

One answer lies in the concept of economic sovereignty, which means having the ability to make independent, costefficient decisions about where and how workloads are run. Like national sovereignty in policymaking, this organisational autonomy is becoming essential in avoiding the systemic risks of cloud dependency.

But before we look at how to build this kind of resilience, it’ s important to understand what’ s at stake and why getting it right is not just a matter of strategy, but, in some cases, company survival.

What are the risks facing CISOs?

For CISOs navigating a multi-cloud landscape, the risks are layered and increasingly complex. One of the most visible threats remains the headline-grabbing cyberattack such as breaches in which sensitive data is compromised due to gaps in security between cloud providers. With such incidents growing in both frequency and prominence, maintaining robust defences against these threats continues to be a top priority.

Yet beyond these high-profile attacks lies a more persistent challenge: achieving consistent security standards across a fragmented cloud environment. The core principles of cybersecurity, often defined by the CIA triad( Confidentiality, Integrity, and Availability) are difficult to uphold when systems are distributed across different vendors. Availability, in particular, becomes vulnerable. Security solutions and protocols can vary significantly between providers and these mismatches create gaps. These gaps are precisely the weaknesses that attackers look to exploit.

These challenges often emerge well after initial onboarding. By that point, vendor lock-in has taken hold and for organisations with multiple cloud platforms, the cost of moving away from providers that no longer serve the business can be prohibitive.

For CISOs, the implications are clear. Cloud risk is no longer limited to data breaches or technical resilience. It increasingly encompasses strategic and financial considerations. Cost

70 www. intelligentdatacentres. com