The convergence of COVID-19 and rapid advancements in artificial intelligence has accelerated cloud adoption at a scale few organisations were structurally prepared for. What began as a technology shift has now become a permanent redesign of enterprise operating models, where cloud is no longer an IT consideration but a core business dependency. Many organisations continue to underperform in the cloud due to a persistent issue: cloud decisions are still too often made as technical choices rather than business-critical investments.
This misalignment is where most enterprise cloud risk originates, typically manifesting through the following common pitfalls:
- Unpredictability and weak cost ownership: Financially, consumption-based pricing models introduce structural unpredictability when not governed through mature FinOps capabilities, resulting in cost volatility and weak accountability across business units.
- Assumed rather than engineered resilience: Operationally, cloud environments are frequently assumed to be inherently resilient, when in reality, resilience must be intentionally engineered through architectural design, workload isolation, redundancy patterns and continuous validation.
- Escalating regulatory complexity and embedded vendor lock-in: Regulatory exposure is also increasing as data becomes more distributed across platforms, with frameworks such as POPIA and GDPR demanding far greater precision in data governance and access visibility. At the same time, long-term reliance on single providers without defined portability or exit strategies continues to embed vendor lock-in as a structural enterprise risk rather than a commercial decision.
Practical implementation
Addressing these challenges requires more than optimisation efforts or isolated controls. It requires a deliberate maturity journey that aligns cloud adoption with governance but, most importantly, operational resilience. The crawl, walk, run, fly model provides a practical framework for this progression.
- In the crawl phase, organisations establish governance. They begin by creating clear visibility across their cloud environment so they can understand what exists, how it is being used and where potential blind spots may be forming. This initial control layer allows them to identify early cost drivers and establish a basic understanding of how consumption translates into spend. At the same time, foundational security controls and other requirements are introduced to ensure access is properly managed and the environment is not operating without oversight. The emphasis at this stage is not optimisation, but control and clarity, providing a stable baseline for everything that follows.
- In the walk phase, governance becomes structured and repeatable as organisations move beyond basic visibility by beginning to enforce consistent standards across their cloud environments. Controls are formalised so that different teams and workloads operate within the same rules, reducing fragmentation and improving alignment. Financial accountability is strengthened through FinOps practices, ensuring that cloud consumption is actively linked to business usage. At this stage, governance frameworks should play a more active role to ensure they are practical and aligned with both regulatory and operational risk requirements helping to embed risk considerations into everyday cloud decisions rather than treating them as a separate review function. This includes oversight of cost exposure, access control and compliance obligations. The focus shifts from establishing basic control to embedding consistent accountability across the environment.
- The run phase shifts focus towards optimisation and resilience engineering as organisations move beyond standardised control into improving how their cloud environments actually perform. Architectures are refined to improve efficiency and overall system stability by removing unnecessary complexity and tightening how systems are designed and interact with one another dependencies between systems are reduced to limit cascading failures and improve operational independence. Disaster recovery and continuity capabilities are no longer theoretical and are instead continuously tested under realistic conditions to ensure they will function as expected during disruption. At this stage, resilience becomes an actively managed capability rather than a design assumption.
- The fly phase represents full maturity where multicloud and hybrid strategies are actively optimised for performance, cost and risk, with portability embedded into design and decision-making driven by real-time operational intelligence.
The way forward
Looking ahead to 2026, it is expected that the following defining themes should emerge:
- Enterprise performance alignment: Cloud will increasingly be treated as a board-level performance domain rather than an infrastructure capability. Resilience will be measured through enterprise KPIs such as availability, failover performance and end-to-end service continuity across critical workloads.
- Regulatory-driven architecture: Simultaneously, regulatory pressure and data sovereignty requirements will drive more explicit architectural choices, including jurisdictional controls and advanced encryption ownership models such as bring your own key (BYOK) and hold your own key (HYOK).
- Cost and workload intensity management: The rapid expansion of AI and high-performance workloads will further intensify demand across infrastructure layers making FinOps discipline, workload optimisation and continuous governance essential to maintaining financial and operational stability.
- Multicloud governance maturity: As organisations move deeper into multicloud and hybrid operating models, fragmentation risk will increase unless unified control frameworks are established across identity, security, observability and policy enforcement. In this context, cloud success will depend more on the maturity of governance structures that ensure operational maturity are sustained at enterprise scale.
Ultimately, the organisations that will succeed are not those that adopt cloud the fastest, but those that govern it the most effectively, treating it as a core driver of business performance, resilience and risk management. As cloud continues to evolve, sustained value will depend on disciplined alignment between technology decisions and enterprise accountability.
Share
