We have seen significant movements in the tech industry since its inception. The launch of the IBM PC, the CRM revolution, Client/server, the Internet, Cloud, 5G, and AI.

This last one, however, is changing many things, including the balance between Cloud and on-premise deployments. We thought we had kissed data centers goodbye, and it was just the job of hyperscalers to deliver that functionality. Well, that is no longer the case.

Change is underway, driven by four primary factors related to AI: cost considerations, efficiency, security, and sovereignty. Society is retiring from a public Cloud only reality.

Welcome to Cloud Repatriation, the big trend of the next decade. As AI adoption accelerates, customers have no choice but to re-evaluate their infrastructure strategy. Control becomes more critical than ever as GRC (Governance, Risk, and Compliance) shifts from nebulous demands to complex realities backed by legislation and severe penalties for those who take such matters lightly. The allure of the Cloud is not what it once was: a one-size-fits-all miracle.

The writing was on the wall.  Last year, 2024, a Barclays survey revealed that 83% of enterprise CIOs planned to repatriate workloads, a doubling on the previous year.  Additionally, a 2024 Citrix survey confirmed that the level of Cloud repatriation is shockingly high, with 93% of respondents undertaking repatriation in a sample of 1,200 enterprises.

Generative and now agentic AI is the primary driver, and it is not just about cost reduction. It is about two critical drivers: sovereignty and cybersecurity.

Grandview Research, a leading research and analysis firm, states that the global AI market is set to rise at a 36.8% CAGR.

AI workloads are particularly demanding in terms of training, preparation, and deployment to the public. Public clouds carry the indeterminate risk in that it is difficult to predict costs until it's too late. Many data-focused enterprises have saved a considerable amount by repatriating cloud workloads and data. A noteworthy example is Dropbox, which saved $75 million this way.

GDPR and similar regulations underscore the need to repatriate Cloud Services. AI systems are often bathed in personally identifiable information (PII)—a compliance nightmare. Despite significant advancements in cybersecurity, Public Cloud remains a highly sought-after target for breaches.

A 2023 Thales survey reported that 45% of businesses experienced cloud data breaches. These risks are unacceptable in any critical infrastructure, especially in finance, banking, healthcare, military, power grids, and even in crypto and social media, where they become too hard to handle.

Cybersecurity is the primary reason for repatriating AI to the Cloud. With medical diagnostics, fraud prevention, and the risk of criminals hacking into operational technology (OT) systems and water treatment plants to poison water supplies, for instance, it is clear that cyber defense strategies need to change, even in their approach to infrastructure.

Despite the incredible investments cloud providers place in security, the shared responsibility model leaves customers accountable and transfers risk. Misconfigurations are a reality that is hard to shake off, and insider threats, alongside social engineering, will remain the most significant vector for crime until the day when all humans transcend greed and spite.

Most hyperscalers, AWS, Microsoft Azure, and Google Cloud, have invested heavily in security; however, the shared responsibility model leaves companies accountable for securing their digital assets. Misconfigurations, insider threats, and sophisticated social engineering continue to apply risks. In 2023, 95% of IT decision-makers reported a skills gap in cloud security, case in point.

On-premises solutions offer significantly more hands-on security control over the layout and configuration of your data, workloads, and application assets. You can, of course, tailor your firewalling and data encryption (use crypto agility) and, shortly, benefit from your very own Polymorphic Autonomous Cyber Defense. Customer data can remain ringfenced in your own LLM environment and on your data servers. HIPAA regulations are more comfortable with tightly controlled on-premises solutions. GDPR will not tolerate data migration across jurisdictions. All this is more controllable and guaranteed in-house, even though the accountability remains in force either way.

With new attack vectors such as model inversion and data poisoning. On-prem environments allow for nimbler isolation of exposed systems. Securing AI models, algorithms, and customer data becomes a non-negotiable imperative with zero tolerance for risk.

Data sovereignty refers to the principle that data should be stored and processed within the country or region of origin. Public clouds often rely on distributed data centers, which can make it challenging to prove compliance. As a result, companies frequently attempt to operate in a gray area. Sovereignty is a key prerogative, period.

Cloud repatriation activity varies by region, it is driven by dissimilarities in AI adoption and regulation. North America, with a 33.88% share of the global cloud AI market in 2024, leads in repatriation due to strict regulations such as HIPAA and CCPA, as well as a mature AI ecosystem.

The United States leads the global shift in repatriation due to regulations such as HIPAA and CCPA, as well as its relatively more mature AI ecosystem. According to Grandview Research, the USA accounts for almost 34% of the cloud market, which is likely driving the move towards repatriation.

In the Middle East and Asia, high AI adoption in India, combined with the imperative for sovereignty in the Gulf States, fuels the demand for on-premises infrastructure to meet stringent data sovereignty laws. Europe, where GDPR and data residency requirements are rigorous, is seeing growth in Cloud repatriation in larger countries, with an increasing number of large businesses moving cloud workloads back on-premises. Infrastructure providers are all seeing massive forecasted growth in AI Servers and HPC, particularly in AI Edge Computing Data Centers.

Cloud is evolving and will continue to play a central role in the tech stack, but AI is shifting the balance in a way many had not foreseen.

Most nations require Sovereign AI and Cybersecurity, and we need not only to adapt but to lead that charge if we want to grow.

By Carlo Tortora Brayda

Keywords: Agentic AI, AI, Cybersecurity

Follow Us On