Cloud computing – hosting and running applications, data and workload through a third party over public internet services – has been the basis of organisational working practices for the last two decades, but it seems as if businesses and IT teams are starting to fall out of love with the concept.

A recent study by Citrix suggests 25 per cent of UK organisations – and 42 per cent of US firms – are either considering moving or have already migrated at least half of their cloud-based workloads out of a hyperscale public cloud platform back to on-premises infrastructures. Another report by Flexera finds that 89 per cent of companies are now following a multi-cloud strategy, making use of public and private clouds, or a hybrid of the two.

Further evidence of this trend can be seen in the emergence of integration services from major cloud providers like Microsoft, Amazon and Google, such as Azure Arc, AWS Outposts and Google Anthos, which aim to help clients manage applications across hybrid and on-premises environments.

There are various reasons behind this trend. “In the early days, cloud repatriations were often a response to unsuccessful migrations; now they more often reflect changes in market pricing,” says Adrian Bradley, head of cloud transformation at KPMG UK. “The inflation of labour costs, energy prices and the cost of the hardware underpinning AI are all driving up data centre fees. For some organisations, repatriation changes the balance in the relative cost and value of on-premise or hybrid architectures compared to public clouds.”

Many large hardware manufacturers now offer op-ex-based pricing models that provide a viable commercial alternative to the hyperscalers, says Jim Oulton, senior director in the cloud and DevOps practice at Synechron. “These allow customers to avoid large capital outlays while also benefiting from some of the pay-as-you-go features traditionally only found on public cloud,” he says.

But there’s also a desire for greater control, says Terry Storrar, managing director of Leaseweb UK. “A key driver behind repatriating part or all of an IT infrastructure away from public cloud is the need to customise the environment in which applications, data or services sit,” he says. “This could be for security or compliance purposes, as sometimes there is a need for granular control more suited to a private cloud. Typically, this could be for locking down highly confidential data, intellectual property or where there is a need to meet industry-specific compliance standards.”

Another concern is the difficulty public cloud environments can have with more challenging workloads. “For complex or regulated workloads, a simple ‘lift and shift’ onto the cloud won’t work,” says Sandip Channa, chief technology officer at managed services provider, CSI. “Behind every cloud repatriation story lies unmet, or wildly frustrated, expectations where platforms have struggled to deliver on their promise in the eyes of scaling enterprises.”

This can lead to almost continuous change and iteration within technology and development teams, says James Haworth, head of managed cloud and security services at A&O IT Group. “This constant evolution, although fostering innovation, can leave a trail of legacy platforms that are never decommissioned,” he warns. “These outdated systems continue to incur costs and introduce security risks due to unmanaged data.”

Destination of choice

The use of various forms of private cloud or co-located data centres is the most common model for organisations looking to repatriate from public clouds, says Bradley. “Enterprises often value the low latency, the ability to dictate and audit security, and perceive they have more direct control of how and where data is stored,” he says.

“It also allows them to minimise transformation cost by retaining legacy elements of their IT architecture. For some enterprises, this is a sensible trade-off between investment cost and value, especially if the price of transformation is particularly high, if they are margin-challenged, or where the value derived from the workloads is minimal.”

Another emerging alternative within the private cloud environment, says Peter Pugh-Jones, director of financial services at Confluent, is the Bring Your Own Cloud (BYOC) model, should neither fully managed nor self-managed cloud services work for organisations. “The customer retains control of the data layer, while ceding the control layer to the partner of their choice,” he says. “At its best, BYOC should allow a business to protect and manage its data, only allowing its partner access to metadata, and managing security within its own virtual private cloud.”

Any organisation considering cloud repatriation needs to develop a clear roadmap, says Channa. “It will most likely be a case of auditing, with precision, what workloads can – and should – exist in public cloud platforms, and which would benefit from being repatriated and vice versa,” he says. “It’s not a simple case of exiting every workload all at once.”

Those bringing elements back in-house will need to ensure their security and compliance infrastructure meets regulatory standards such as GDPR, warns Shane Maher, managing director at Intelliworx. “Key steps include replicating robust identity and access management, encryption and network security, along with implementing tools like firewalls, SIEM and endpoint protection.”

Organisations should consider regular risk assessments, thorough infrastructure audits, advanced threat detection systems and comprehensive incident response plans, adds Simon Bennett, chief technology officer, private cloud, at Rackspace Technology. “Additionally, developing a comprehensive data migration strategy, maintaining up-to-date patches, employing strong encryption methods for both storage and transmission, and hiring staff with expertise in managing on-premises infrastructure and security systems is crucial,” he says.

Repatriation risks

There are risks that can come with cloud repatriation. James Hollins, Azure presales solution architect at Advania, highlights the potential to disrupt key services. “Building from scratch on-premises could be complex and risky, especially for organisations that have been heavily invested in cloud-based solutions,” he says.

“Organisations accustomed to cloud-first environments may need to acquire or retrain staff to manage on-premises infrastructure, as they will have spent the last few years maintaining and operating in a cloud-first world with a specific skillset.” Repatriation can lead to higher licensing costs for third-party software that many businesses do not anticipate or budget for, he adds.

Transitioning away from public clouds can also result in a more complex infrastructure architecture, advises Haworth. “Organisations may find themselves dealing with multiple vendors and platforms, creating a scenario often referred to as having ‘several throats to choke’ instead of a single point of accountability,” he says. “This fragmentation can make it challenging to manage the infrastructure effectively.”

Then there’s the risk of missing out on innovation from hyperscale public cloud providers, and a lack of flexibility. “Hyperscale cloud continues to deliver the broadest range of enterprise-ready innovation,” says Bradley. “Being unable to access it can inhibit enterprises’ ability to get value from technology. Where companies significantly change in size and scale, on-premise environments can struggle to keep up.”

The long-term solution for most enterprises will be a hybrid cloud model but this remains some way off, contends Oulton. “The reality is that many critical workloads continue to operate either on-prem or on the public cloud, not in both,” he points out. “True hybrid cloud would offer customers greater negotiating power as well as higher resilience should they need to move workloads in an emergency.”

Read more

Future challenges and innovations in cloud security platforms – Cloud security helps businesses navigate the challenges of cyber threats and the complexities of regulatory demands