Cloud

For years, cloud conversations were driven by momentum. Moving fast mattered more than moving deliberately. Cloud was positioned as inevitable, cheaper, and inherently better. Essentially, it’s been billed as a tide organisations are expected to ride, whether they truly understood it or not. But that era looks to be coming to a close.

What has fundamentally changed over the last 12–18 months is not cloud technology itself, but the seriousness with which organisations now view it. Cloud has matured into critical infrastructure, and with that maturity comes a more stringent set of questions: Who controls it? How resilient is it? And what happens when things go wrong?

Cloud isn’t interesting because it is new. Instead, it matters because it now carries real consequences.

Sovereignty has moved from compliance to continuity

For many European organisations, sovereignty was once treated as a regulatory concern — important, but largely theoretical. GDPR compliance could be documented, audited, and handed off to legal teams. Today, sovereignty has become operational, and that shift has changed the conversation entirely.

Organisations aren’t just asking whether their cloud strategy is compliant. They’re asking whether their business could continue operating if access to physical infrastructure were lost due to cyberattacks, geopolitical disruption, or even simple operational failure.

This has led to a more nuanced view of the cloud. On-premises environments, often assumed to offer greater control, are deeply tied to geography. Lose access to a site, and you lose everything. Cloud, when designed properly, allows workloads to move across regions while remaining within European borders, shifting from Sweden to Germany or the Netherlands without breaching compliance.

In that sense, cloud doesn’t inherently weaken sovereignty. Poor architecture does.

Hyperscalers such as Microsoft and Google have clearly recognised this shift, investing heavily in European entities, sovereign cloud models, and region-specific operational structures. But the availability of these offerings doesn’t solve the problem on its own. Sovereignty only exists if organisations actively design for it.

The security argument has quietly flipped

Security remains one of the most emotionally charged objections to cloud, yet recent evidence increasingly undermines the assumption that on-premises automatically means safer.

Large-scale breaches across healthcare and public services have repeatedly exposed a difficult truth: many organisations lack visibility into their own environments. In some cases, they cannot determine when data was accessed, by whom, or for how long.

Cloud platforms now provide monitoring, threat detection, and security tooling at a scale most on-prem environments can’t replicate. And while this doesn’t make cloud automatically secure, it does mean the baseline has shifted.

Cloud was never cheaper

One of the most common delusions in cloud adoption is the belief that cloud is inherently cheaper. Lift-and-shift migrations are still sold as quick wins, and when promised savings fail to materialise, cloud itself is blamed. But the reality is far less convenient.

Running legacy architectures unchanged in a hyperscaler environment simply recreates inefficiencies, and often at a higher cost. Financial benefits only appear when organisations modernise applications, rethink scaling models, and embrace consumption-based design.

What has changed is the speed at which this transformation is possible. AI-driven tooling is lowering the effort needed to refactor applications, translate proprietary technologies, and redesign architectures. But AI does not remove responsibility. It accelerates outcomes, both good and bad.

AI is a stress test, not a shortcut

AI has become central to cloud strategies almost overnight. Every hyperscaler now offers an expanding catalogue of models: open-source, proprietary, managed, and self-hosted. The temptation is to integrate quickly and worry about the consequences later, but that approach rarely ends well.

AI systems are still software. They require versioning, testing, benchmarking, cost controls, and governance. Treating AI as something separate from engineering discipline creates fragile architectures that are difficult to evolve once priorities change.

The real risk is not choosing the wrong model today, but building systems that make switching tomorrow too expensive.

FinOps has become a maturity test

Cloud flexibility is a major perk, but flexibility without discipline can become a liability. Pricing models evolve constantly. Discounts, commitments, and bundled services change. Without visibility and accountability, organisations can easily lose control.

Cloud maturity is now inseparable from FinOps maturity. Organisations that understand usage patterns, allocate spend clearly, and evaluate ROI consistently can scale with confidence. Those that don’t are forced into reactive cost-cutting that undermines trust in cloud altogether.

By 2026, FinOps will no longer be a specialist concern. It will be a defining capability.

Compliance should remove friction — not add it

Sovereignty and compliance are often blamed for slowing innovation, but in practice the opposite is true when they are automated.

Modern cloud platforms provide policy-driven guardrails that prevent non-compliant actions before they occur. When these are in place, teams can innovate within clear boundaries instead of reopening the same risk debates for every initiative.

The real bottleneck is uncertainty, not regulation.

Hybrid and multi-cloud require realism, not ideology

The idealised vision of workloads moving seamlessly between cloud providers rarely materialises. Identity, security, and platform services are still deeply provider-specific, and forced uniformity often leads to lesser outcomes.

Mature organisations accept these differences. They design for consistency where it matters – governance, security, compliance – while allowing platforms to retain their strengths.

Hybrid and multi-cloud are strategies, not ideals.

The biggest failure is hesitation

Most cloud failures are cultural and operational, not technical.

Endless proofs of concept, half-hearted adoption, and reluctance to fully commit keep organisations stuck between worlds. Cloud is treated as an experiment when it should be a decision.

Cloud works. What sets the leaders apart is execution.

Those that build strong foundations early (security, compliance, observability, and cost governance) move faster later. Stop running endless proofs of concept. Those that succeed now are the ones willing to commit. So, stop testing and start building.

 

The biggest delusion is ‘move to cloud and costs drop on day one’. Lift-and-shift doesn’t cut spend automatically. Cloud only creates value when you change the architecture, not when you copy-paste legacy into a new bill.