By 2018, the private cloud market will be worth almost $70 billion, according to a report from Technology Business Research and reported by eWeek, while cloud-based security services are predicted to reach more than $3 billion in 2015.

Despite these gains, however, there are struggles: Information Management points to research that found that 88 percent of companies adopting the cloud experienced at least one “unexpected challenge,” and on average survey respondents used three cloud vendors to find the right mix of pricing and services. In a world where cloud is a must-have but struggles come with the territory, how do companies get the most of their investment? What can be prevented, and what must be overcome?

The Security Struggle

Security. The bane of any IT admin’s professional life and the oft-cited reason for companies to limit cloud use or avoid deployments entirely. First, the bad news: There are security difficulties in the cloud.

The good news? This cloud security struggle isn’t any different than problems faced by local IT admins—it’s simply on different ground. Want to help prevent security issues in the cloud? Move early and in small steps, testing the waters to find out which mix of security services best meets your needs. Already facing a significant security challenge? Consider that in many cases, large public clouds or managed cloud services have access to a host of security knowledge and experience, something local IT simply don’t have time to manage or obtain. In other words, the real struggles here are not moving to the cloud when it makes financial sense, or relying on legacy systems to handle new challenges.

The Compliance Challenge

The increasing amount of scrutiny on cloud-based resources can make any company shy away from making the move from local stacks to public or private deployments.

Consider the challenge of a PCI DSS-compliant cloud. As noted by Forbes, the responsibility for protecting payment card data doesn’t rest with merchants or banks alone but any company who takes, stores or transmits this information—currently, there are 288 PCI DSS controls in place to govern both data at rest and data in transit. As a result, many corporations believe the cloud either can’t meet their compliance needs or that the move from in-house systems to cloud alternatives would prove too complex.

Prevention here means thoroughly evaluating potential service providers and third-party vendors to ensure they meet compliance standards. Reliable partners should ‘bake in’ this kind of compliance and consider it an intrinsic part of their system rather than a burdensome add-on. Overcoming this challenge is actually enabled by the cloud, since it’s a safe bet that PCI and other compliance standards will only become more complicated as attacks on consumer data evolve. Compliance in the cloud gives the ability to scale up dedicated resources on demand, rather than relying on local stacks to make up the difference.

The Downtime Difficulty

Downtime presents another cloud challenge. While local servers must be periodically fixed, patched, upgraded or retired, all resulting in unavoidable downtime, cloud deployments carry the risk of potential downtime. Preventing downtime problems starts with an iron-clad SLA which clearly lays out the responsibilities of a provider in the event of downtime, from how data will be backed up and restored to what happens in the event of actual data loss. Overcoming this challenge depends on intelligent deployment. If critical data moves to the cloud, always keep a copy at the local level, either on server or physical media. It’s also worth investing in an active fail-over solution that automatically spins up in the event of a disaster—this way, if either local or cloud servers go down, you’ll be prepared.

Moving to the cloud isn’t just about IT; it’s now part of any bottom-line discussion. Struggles can’t be avoided, but it’s possible to prevent and overcome.