9 myths about cloud computing – what will still be true in 2025

Insights, Insights

Florian Faesecke

–

4. February 2025

Cloud computing in transition

Cloud computing is evolving rapidly – what was state of the art yesterday may be outdated tomorrow. As a result, new myths are constantly emerging: half-truths or outdated assumptions that unsettle IT decision-makers. Yet the cloud will be more relevant than ever for companies in 2025: From green IT and artificial intelligence (AI) to global networking, current developments are driving cloud technologies to the heart of business strategies. Gartner estimates that 90% of all companies worldwide will be using hybrid cloud services by 2027. Widespread adoption is also steadily improving the level of maturity: cloud services are now seen as an important enabler for innovation, agility and even sustainability. Nevertheless, some myths persist. In the following, we examine nine widespread cloud myths and examine what will really be true in 2025 – based on facts and with a view to the requirements of business users.

Cloudfalke consultant working focused on a MacBook with a branded coffee mug on the desk

Myth 1: “Cloud is not more environmentally friendly than your own servers.”

Fact: Modern cloud data centers are far more energy-efficient than typical on-premises server rooms and can significantly reduce the carbon footprint of IT. Hyperscale cloud providers achieve extremely low PUE values (Power Usage Effectiveness) through advanced design. For example, the global average PUE of AWS data centers in 2023 was just 1.15 (best data center: 1.04). Other cloud giants also achieve average PUE values of around 1.1 (Google ~1.10; Meta ~1.08).

By comparison, the industry average across all data centers stagnated at around 1.58 in 2023 – older company-owned server rooms are often even higher, which means that significantly more energy is lost there for cooling and infrastructure. The higher efficiency of the cloud adds up to considerable savings: According to an analysis by Accenture, companies can reduce their CO₂ emissions by over 84% simply by migrating to a public cloud. These CO₂ emissions can be reduced even further through further optimization. Overall, data centers account for around 1% of global electricity consumption, despite the explosive growth of digital services – an indication that efficiency gains at least partially compensate for the additional consumption.

Cloud providers are also investing heavily in renewable energy and sustainable architecture. Amazon Web Services, for example, has announced that its data center operations are already fully offset by renewable energy. Even if such statements need to be critically questioned, they show a clear trend: the large cloud data centers are obtaining a growing proportion of their electricity from solar, wind and hydroelectric power and are focusing on CO₂-reducing innovations (such as waste heat recovery or “green” cooling systems). Green IT is therefore not an empty promise: With a conscious choice of provider and architecture, the cloud can be more ecologically beneficial than your own server room.

Myth 2: “Only large companies can afford AI in the cloud.”

Fact: Thanks to cloud services, artificial intelligence has long since arrived at companies of all sizes. Cloud platforms offer ready-made AI services – from image and speech recognition to predefined machine learning models – “out of the box”, without the need to employ huge data centers or data science teams. This has led to a broad democratization of AI: According to McKinsey, for example, 72% of companies worldwide now use AI technologies (driven in particular by the boom in generative AI). A year ago, this figure was only around half as high, but the increase is enormous. Growth is being driven by offerings from large cloud providers that provide AI functions as a service (e.g. text recognition, chatbots or predictive analytics on demand).

Experts emphasize that AI in the cloud levels the playing field between small and large companies. Almost 80% of SMEs see this technology as a game changer for their business. Of course, AI still requires know-how (for the correct application of the tools) and is not a sure-fire success. But the hurdle to using AI productively has fallen drastically thanks to cloud computing.

Myth 3: “I lose control of my data and systems in the cloud.”

Fact: Nowadays, companies can effectively manage their cloud resources and retain control over their data, provided they use the right strategies. Although the physical infrastructure lies with a cloud provider, cloud users have numerous tools at their disposal to control access, security and costs.

One key aspect is data sovereignty: leading cloud providers enable Bring Your Own Key (BYOK) – whereby the customer retains their own encryption keys. This means that the encrypted data remains under the customer’s control, even in the cloud. The implementation of BYOK ensures that no one (not even the provider) can read the content without a key. This massively increases security. In addition, companies can determine the region in which their data is stored (keyword: data residency). For example, it can be ensured that all sensitive data is stored in a German or European data center.

Today, there are also extensive governance options for cloud operations themselves. Cloud management portals offer real-time insight into resources, authorizations and usage data. Finely granular identity and access management rules can be used to define exactly who in the company is allowed to perform which actions in the cloud. In addition, more and more companies are relying on automated guardrails, for example to ensure security guidelines or budget limits by technical means. It is important to set up appropriate processes – such as regular audits of the cloud configuration and cloud security training. The cloud is then not a legal vacuum, but an environment that is just as controllable as your own data center – with the advantage that modern monitoring and encryption tools even make it easier to maintain an overview.

Myth 4: “Cloud and compliance (e.g. GDPR) are mutually exclusive.”

Fact: With careful provider selection and settings, cloud services can be operated in compliance with data protection and regulatory requirements. Although laws such as the European General Data Protection Regulation (GDPR) place high demands on the handling of personal data, cloud providers have responded to this and offer numerous compliance tools. Today, there are even official industry standards for data protection in the cloud: at the beginning of 2024, the EU Cloud Code of Conduct was approved by the European Data Protection Authority (EDPB) and recognized as a GDPR compliance solution for cloud service providers. The code defines strict data protection standards that cloud providers must adhere to in order to demonstrate GDPR compliance. For cloud users, this means greater transparency and trust: A look at the certificate (e.g. in the CSA STAR Registry) shows whether the selected cloud service complies with European data protection rules.

An often overlooked point: cloud computing does not automatically mean a loss of control over data protection, on the contrary. It is a myth that the cloud is fundamentally bad or risky for data protection – in fact, data can often be protected much better in the cloud than on traditional systems, and compliance requirements can be easily met with a sensible approach.

Of course, companies must exercise due diligence. This includes, among other things: Concluding order processing contracts with cloud providers, carrying out data protection impact assessments for sensitive data and ongoing monitoring of provider compliance (checking certifications such as ISO 27001, C5, SOC 2 etc.). Leading providers such as Microsoft, AWS and Google regularly publish compliance reports and undergo audits. There are government clouds or industry clouds with additional security for special requirements (such as confidentiality or critical infrastructures). Practice shows that cloud services can be configured and used in such a way that they comply with the relevant data protection laws – numerous authorities and banks are leading the way. There are hardly any insurmountable obstacles as long as the provider and customer address the issues together (keyword: shared responsibility model). Companies should therefore no longer see cloud compliance as an exclusion criterion, but as a manageable task that can be solved with existing tools and guidelines.

Myth 5: “Cloud is ultimately more expensive and only hides costs.”

Fact: The question of cloud costs depends heavily on cloud management – if left unchecked, use will be more expensive than expected. But those who approach the cloud correctly can achieve significant savings. A blanket statement “cloud is always cheaper” or “always more expensive” falls short of the mark. The reality in 2025: many companies are reporting cost benefits from the cloud, primarily due to better capacity utilization and the elimination of hardware investments. Accenture analyzed hundreds of cloud projects and found that switching to the public cloud can result in average savings of 30-40% in total cost of ownership (TCO) – thanks to flexible scaling, the elimination of excess capacity and more efficient infrastructure. At the same time, another key figure warns: on average, around 30-32% of cloud expenditure is wasted – i.e. paid for unused or incorrectly dimensioned resources – if no active cost management is carried out. These seemingly contradictory facts show that Cost efficiency in the cloud is not automatic, but the result of good management.

In recent years, cloud cost management (FinOps) has therefore become a central discipline in every Cloud Center of Excellence (CCoE). It is also fitting that cost control was named as the biggest cloud challenge for the first time in a major survey in 2023 – ahead of security. With the right tools, expenditure can be made transparent, budgets can be allocated per team (showback/chargeback) and automatic warnings can be sent in the event of overruns. These measures are having an effect: the use of functions such as auto-scaling (automatic shutdown of unneeded resources) and reserved instances/savings plans is increasing in order to reduce running costs.

It is important to uncover and manage hidden costs at an early stage. These include, for example, data transfer costs (egress fees), license costs in the cloud or expenses for the network connection. Best practices recommend a cloud cost strategy: for example, deciding on a workload-specific basis what should be moved to the cloud (not every legacy system workflow is worthwhile) and continuous monitoring. Our experience shows that interdisciplinary FinOps teams from IT and controlling are worth their weight in gold here in order to combine both technical fine-tuning and commercial planning.

So the myth of the expensive cloud is only true if you let the cloud run “on autopilot”. With a well-designed cloud roadmap, on the other hand, considerable efficiency gains can be achieved – and the flexibility and speed of innovation that the cloud brings are the bonus on top.

Myth 6: “Cloud is less secure than on-premise.”

Fact: Cloud security has made enormous progress in recent years – if used correctly, the cloud can be at least as secure as your own data center, and often even more secure. Cloud providers invest billions in security, employ large teams of experts and meet strict certifications, but those who rely on this alone can sometimes be in for a nasty surprise. It is therefore essential to understand who is responsible for what when it comes to cloud security. The shared responsibility model provides the answer to this question:

The cloud provider secures the basic infrastructure (physical security, isolation of customer environments, basic updates, etc.),
the customer must secure and configure their data and applications correctly (e.g. access protection, activate encryption, set security groups correctly). If established best practices are followed here, cloud environments are extremely robust.

Cloud providers take care of their part of the responsibility by implementing concepts such as zero trust, end-to-end encryption, automated threat detection and ongoing security patches of the infrastructure, which individual companies could hardly achieve with this level of consistency. The result is that most security incidents in the cloud are not due to gaps at the providers, but to misconfigurations or omissions on the part of customers. Gartner predicts that by 2025, 99% of cloud security incidents will be the fault of the customer. The most common causes here are incorrectly set access rights or unprotected interfaces.

It is interesting to note that corporate decision-makers now tend to see security as a strength of the cloud: In a recent CxO survey, 60% of respondents cited security as the biggest advantage of cloud use – ahead of cost savings or scalability. This change in perception is no coincidence: many companies have experienced that cloud providers can react more quickly to new threats, for example. For example, when critical vulnerabilities (such as Heartbleed or Log4Shell) become known, cloud providers often patch their platform worldwide within hours, while on-premise administrators in individual companies often need days or weeks to catch all systems.

Despite all the progress made, IT security must not be neglected – but this was and is just as true for on-premise. Overall, it is clear that larger cloud platforms achieve a level of security that many individual companies can only achieve on-prem with a disproportionate amount of effort. The biggest risks are no longer a lack of cloud security, but almost always configuration errors. However, this can also be effectively countered with training and the tools mentioned.

Myth 7: “Multi-cloud is the only way to avoid vendor lock-in.”

Fact: Dependence on a single cloud provider (vendor lock-in) must be kept in mind – but multi-cloud as a panacea is neither always sensible nor always necessary. Spreading all workloads across several providers always deprives you of the negotiating power you need to get a really good discount. So instead of running every application in a different cloud, good architecture and planning is the way to maintain flexibility. With the right approach, the specific strengths of a preferred cloud provider can be utilized while still maintaining the promised openness and flexibility of the cloud.

What does such an architecture look like? For example, open standards and portable technologies should be used. Container orchestration such as Kubernetes allows workloads to be moved between cloud environments as required, as it introduces an abstraction layer. The “separation of concerns” principle – modularizing applications in layers instead of interweaving them closely with proprietary services – is also proving its worth. Studies show that monolithic, point-to-point integrated applications are more likely to end up in the lock-in trap, while a decoupled architecture (with separate data, integration and application layers) is more flexible, cost-effective and future-proof. It is crucial to consciously decide where you want to get involved with a provider’s proprietary solutions and where you want to remain neutral. This avoids an unwanted lock-in, while leaving room for negotiation and achieving efficiency by specializing in a preferred platform.

Myth 8: “Companies are turning their backs on the cloud trend – the future is on-premises again.”

Fact: Recently, isolated cases of so-called “cloud repatriation”-the process of moving workloads from the cloud back to on-premises data centers-have made headlines. Some interpret these cases as evidence of a broader shift away from the cloud. In reality, these are exceptions and tactical adjustments, not a mass movement. According to Gartner, the hype about widespread cloud repatriation is largely fueled by traditional on-premises vendors-a “false narrative” intended to create the impression of a broad-based exodus from the cloud. The data tells a different story: most companies have never moved cloud workloads back to on-premises. When dissatisfaction arises with specific cloud projects, organizations are more likely to address issues selectively rather than abandon their entire cloud strategy.

Market analyses from IDC confirm that while some large enterprises do repatriate certain workloads, this almost always happens within the framework of a broader hybrid cloud strategy-not as a complete rejection of cloud services. Overall, cloud adoption continues to rise: spending on public cloud is growing at a double-digit annual rate, and there is no sign of decline. Decision-makers should therefore not be unsettled by headlines. The cloud remains a central pillar of IT strategy – the key is to choose the right environment (cloud or on-premises) for each application and to treat failures as learning opportunities, not as a reason to turn back the clock.

Myth 9: “If everything runs in the cloud, I no longer need my own IT department.”

Fact: Cloud computing is transforming the responsibilities of internal IT teams, but it does not make them obsolete-on the contrary, cloud expertise is more in demand than ever. Instead of installing and patching servers, IT professionals in the cloud era focus on architecture, integration, governance, and optimizing cloud usage. The demand for specialized roles such as cloud architects, DevOps engineers, and cloud security experts remains high and continues to grow. Many organizations face a shortage of skilled professionals in this area, which can delay or simplify projects and even cause companies to miss financial targets due to the lack of cloud expertise.

Internal IT teams now act as brokers and managers of cloud services. They advise business units on suitable solutions, monitor compliance with security and cost policies, and continue to develop applications-often now as cloud-native solutions. With the cloud automating routine tasks like hardware maintenance and backups, IT staff can focus more on value-adding activities. However, this shift requires continuous learning: skills in areas such as Kubernetes, Infrastructure as Code, CI/CD, and cloud security are now essential for a forward-looking IT department.Companies are therefore investing heavily in training and reskilling their employees or bringing in external experts.

Overall, the cloud is creating more new job profiles than it is eliminating old ones. Cloud and DevOps professionals are among the most sought-after IT roles in the coming years. The myth that IT can be “downsized” after a cloud migration overlooks the complexity of cloud projects themselves. It is better to let internal IT grow alongside the cloud. The collaboration between business and IT is becoming even more important to align cloud initiatives with business needs, requiring people with the right skills.

The good news: routine work is reduced, and IT can become a greater driver of innovation-but this requires the right know-how. The widespread shortage of these skills shows that cloud-savvy employees are among the most valuable resources in the digital economy. Rather than “rationalizing them away,” companies should do everything they can to develop and retain this talent. Cloud without competent people is of little use. Internal IT is therefore not obsolete, but as important as ever-its field of activity has simply evolved.

Conclusion: A Sober Look at the Cloud – and Clear Recommendations for Action

Cloud computing is no longer just an option for businesses in 2025; it is a business-critical reality. As the myths discussed here show, the cloud is neither a universal remedy nor inherently risky. Instead, it offers enormous potential-provided companies approach it consciously and strategically:

Strengthen cloud competencies: Investing in training and cloud specialists secures long-term success. The demand for skilled professionals in cloud architecture, security, and operations continues to rise, making expertise a key competitive factor.
Ensure compliance: Establish governance structures, regularly review data protection mechanisms, and consistently improve compliance processes. Leading cloud providers offer extensive compliance certifications and tools to help meet regulatory requirements.
Actively manage costs: Proactive cloud cost management (FinOps) helps avoid hidden cost traps. Pay-as-you-go models and regular optimization of cloud resources can significantly reduce IT expenses over time.
Enhance cloud security: Targeted security measures and ongoing training minimize risks and improve overall security. Best practices include adopting Zero Trust architectures, enforcing multi-factor authentication, and continuous monitoring for misconfigurations and vulnerabilities.