From infrastructure-as-a-service (Iaas) all the way up to software-as-a-service (SaaS), more and more companies are heading into the cloud.

There are plenty of good reasons. Using a cloud offering can often reduce a company’s technology capex, and pay-as-you-go pricing is an attractive proposition for companies burned in the past by large, expensive technology initiatives.

The cloud, of course, isn’t perfect. Massive outages have showed that poor application architecture can be a killer in the cloud, for instance, and there are plenty more areas for concern.

In a blog post entitled “Why We Should Not Use The Cloud”, Gartner analyst Andrea Di Maio highlights some of them:

  • Hosting data through a third party could cede some of a company’s competitive advantages.
  • A company takes on risk when it puts all its eggs in one basket, and a bankruptcy, security disaster or terrorist attack could be fatal to a business.
  • The internet could, contrary to popular expectation, become more expensive, making the cloud less attractive economically.
  • Using cloud providers in other countries arguably helps economic development elsewhere at the cost of economic development at home.

The first three points are all legitimate. The cloud, as promising and potentially game-changing as it is, is home to significant risk.

Case in point: Ning, a provider of hosted social networks, has apparently been compromised. Early reports indicate that 100m user accounts may have been vulnerable to a cookie injection that those who discovered it claim Ning ignored. Clearly, those opting to use Ning instead of building (or licensing and hosting) their own social networking platform probably liked the idea of paying for their social network as a service for as little as $2.95 per month, but wouldn’t like the idea of their social networks being wide open to hackers and scammers.

But the problem here really isn’t the cloud. It’s how companies are choosing to use it, and how they’re using it in practice.

Unfortunately, too many organizations don’t know what they don’t know, and they don’t care about what they don’t know. So they put everything into the cloud not recognizing that such an action requires certain knowledge and skill. What’s more: many organizations don’t perform adequate due diligence when evaluating cloud providers.

Whether you’re looking for an IaaS provider to host an application you’ve built, or purchasing a SaaS solution, understanding the cloud and doing due diligence on the companies you’re considering is crucial. Punting and praying for the best isn’t enough.

Gartner’s Di Maio suggests “the move to cloud computing is inevitable and necessary”, which is true for many organizations, but in the debate over whether to use the cloud or not, it’s important not to lose sight of the fact that the cloud is going to win doesn’t mean that all the companies that choose to use it will. Indeed, those that don’t obtain knowledge and perform the due diligence required are likely to fail.