Data repatriation: Why businesses are backing out of the cloud

There’s been a growing realisation among business leaders that the cloud is not delivering as expected. The ‘lift and shift’ approach that saw the migration of applications lock, stock and barrel into the ether over recent years may have produced early gains, but it’s rapidly become clear that not all operations benefit from being in the cloud. Consequently, many are now not just slowing migration but moving data back out of the cloud and onto the organisation’s premises infrastructure in a movement dubbed data repatriation.

 

This rationalisation is widely regarded as a positive step, indicative of a maturing cloud market whose strengths and weaknesses are more well known. It’s seeing IT teams become much more discerning about the data and processes they choose to migrate, but those decisions are also being influenced by a variety of factors.

 

The need to regain control over their data is one of the most pressing concerns, with organisations more keenly aware of the need for data sovereignty. Growing political tensions, particularly following the extension of FISA, which allows US authorities to seize non-US domiciled data, have caused many to question whether they should continue to use the big three, i.e. AWS, Google and Microsoft Azure, which between them own more than 60% of the market. A survey conducted in June of this year found that more than half of IT leaders in the UK intend to move away from these providers based on political machinations.

 

 

Keeping data close

It’s a matter made more complex by compliance regulations which restrict how data is processed and where it is housed. There is a complex web of legislation governing the transfer of data outside the UK. UK GDPR allows data to flow freely to and from the EU following the European Commission’s adequacy decision post-Brexit; but this is due to expire on 27 December 2025. 

 

Similarly, the UK-US Data Bridge, an extension of the EU-US Data Privacy Framework (DPF), also aims to facilitate data transfer across the Atlantic but requires the US recipient to be DPF certified. Alternatively, the business can use the UK Data International Data Transfer Agreement. However, all of these processing requirements will see costs increase for the business because of the need to carry out due diligence, complete legal documentation and develop compliance strategies, making it easier to store data in the country of origin.

 

Businesses are also disillusioned with the fine print contained in Cloud Service Provider (CSP) contracts, with a major bone of contention being the shared responsibility model. This sees the organisation take responsibility for how its data is secured, managed and accessed, while the CSP is tasked with monitoring the security of the cloud environment and infrastructure. However, there are inevitably grey areas, requiring clear demarcation of who is responsible for what, and as CSPs begin to offer more functionality, those lines are becoming blurred. Who, for example, is responsible for data leakage via an AI LLM?

 

 

Cost control

A chief motivation for bringing data back in-house is, of course, the desire to regain control over costs. Anecdotal evidence points to runaway migration costs, often up to eight times the original estimate due to the complexities of decoupling applications and data, for example. Bandwidth costs have also soared, and this can become particularly painful when the business needs to ramp up traffic due to disaster recovery or to replicate data for analysis.  A survey conducted by Forrester found 72% of IT decision makers had exceeded their cloud budgets in 2024, mainly due to excessive storage, and it’s an issue that is likely to become even more pressing due to AI driving up consumption. 

 

Taking data back in-house, however, is not without its challenges. Organisations will need to identify and invest in the necessary hardware, i.e. servers, storage devices, and networking systems, as well as monitoring and managing these. This will require careful planning and regular reappraisals to keep pace with technological advances.

 

That said, there are real advantages to wrestling back control, such as improved access and availability. Network latency is a real issue in the cloud, causing poor responsiveness in applications, slowing data transfer times and hampering database performance, and that time equals lost revenue for impacted businesses. One need only look at the recent AWS and Cloudflare outages for an example, albeit an extreme one, of how serious an effect downtime can have.

 

 

Owning security

Localising data can therefore improve operational efficiency, but also the ability to bounce back should the business be attacked. Local and offline storage, for example, can reduce the time needed to back up and recover data in the event of an incident. In comparison, cloud backup options are notoriously complex with multiple charges for storage, testing and data transfer, which can see organisations elect a bare-bones backup function, leaving them more exposed.

 

Given these drivers and the benefits of on-premises, it’s perhaps not surprising that we’re seeing some retrenchment as IT teams look to reduce costs and regain control. But it’s a movement that won’t see an extreme swing of the pendulum. Instead, we can expect to see organisations begin to critically appraise which data and applications work best in the cloud and which are best situated on premises, such as sensitive and business-critical data. This optimisation of resources will see a rise in the use of hybrid architectures that deliver the best of both worlds, but also, crucially, will reduce reliance on just one form of computing, resulting in an economy that is much more resilient. 

 

---

 

Jon Fielding is Managing Director, EMEA at Apricorn

 

Main image courtesy of iStockPhoto.com and takasuu