97% of mid-market companies migrating some workloads out of public cloud, says research

Performance and data sovereignty top concerns

New research suggests a more targeted, pragmatic approach to cloud strategy from mid-market enterprise.

Research commissioned by MSP Node4 has revealed that 97% of mid-market companies (defined here as those employing between 500 and 5000 people) plan to migrate some workloads out of their public cloud environments over the next 12 months.

The majority (49%) plan to remove a few specific applications and workloads. At the other end of the spectrum, 5% plan to repatriate all their cloud applications.

The research suggests a gradual evolution of cloud strategy, with a move away from a cloud first strategy to a more targeted, pragmatic ‘cloud appropriate’ approach where organisations focus on the workload itself rather than the infrastructure it runs on.

“Mid-market organisations are entering a new phase of cloud strategy—one defined by pragmatism, not dogma,” comments Richard Moseley, CEO, Node4. “Most still have a substantial footprint of on-premises infrastructure and applications running in the public cloud. This demonstrates a clear preference for hybrid environments and a shift from cloud-first to cloud-appropriate. We believe this will be the mid-market’s default setting for the foreseeable future.”

Performance considerations is the most frequently cited reason for migrating selected applications away from public cloud environment. These performance considerations can have multiple causes, but the most common reasons were lift and shift workloads that were unsuited to the public cloud, applications that have been modernised but aren’t performing as expected and user frustrations from latency in SaaS applications.

Data sovereignty (30%) was the second most likely reason to repatriate workloads from public cloud environments. The complexities of compliance with regulations such as DORA and GDPR explain part of this but the findings are likely to reflect a growing unease about control, jurisdiction and the wisdom of continuing to trust US Big Tech in the face of its enmeshment with a US administration which is undermining international free trade, uninterested in European defence and seemingly incapable of following basic cybersecurity protocols.

The saliency of data sovereignty as an issue in this survey is underlined by the fact that Microsoft, Amazon and Google have all now made public announcements on providing sovereign cloud services to worried European citizens and companies. Digital sovereignty was a key part of the announcement of the EU International Digital Strategy last week.

Other reasons for repatriation include risk management (29%), technical limitations (27%), cost optimisation (26%), compliance (26%), and security (21%).

Interestingly, the report suggests that respondents who run primarily on-premises infrastructure are more confident in preventing and responding to cyberattacks than those with fully cloud-based infrastructure.

Whilst most mid-market organisations would struggle to replicate the physical security and access configurations available in public cloud, commentary from within the research suggest a perceived loss of control, complexity, limited visibility and skills gaps, all of which are going to detrimentally effect the ability of mid-market businesses really understand the shared responsibility model of cloud security and maximise their cybersecurity protections within public cloud.

Richard Mosely concludes: “Public cloud still plays a vital role for the mid-market, but it’s no longer the default. Our data shows mid-market leaders are optimising for performance, compliance, and more direct control.”