Blog
Digital sovereignty in practice: rethinking cloud, on‑prem and hybrid models
In an unpredictable global environment, organisations are beginning to ask what they can realistically do to regain control over their data. This article takes a practical look at the on‑prem versus cloud debate in the context of increasing discussions around digital sovereignty, exploring what has changed, what is now possible, and how organisations can begin to rebalance their portfolios without pursuing a full cloud exit.
Jump to:
- Revisiting the on‑prem and cloud debate
- The limits of cloud adoption
- Why on‑prem has become viable again
- On-prem vs the cloud: the financial aspect
- Why a full cloud exit is unrealistic
Revisiting the on‑prem and cloud debate
Over the years, companies have moved between running everything on‑prem and in the cloud. The debate tends to swing like a pendulum, shifting from one extreme to the other. Pre‑2010, it was standard for organisations to operate their own data centres and, while this involved high costs, it gave them full control over their data and infrastructure.
In the 2010s, large providers like Amazon Web Services, Microsoft Azure and Google Cloud disrupted this model by offering scalable infrastructure, prompting many organisations to move significant parts of their IT environments into the cloud.
There is now growing concern about digital sovereignty for European organisations where even when data is stored in the EU, certain legal frameworks may allow authorities in other jurisdictions to request access via service providers. Extraterritorial legislation and geopolitical instability are forcing organisations to rethink not just where data is hosted, but how much control they truly have over access and availability.
Against this backdrop, the pendulum is now starting to swing back: advances in hardware are making on‑prem infrastructure more viable again, and many organisations are beginning to rebalance their environments through hybrid approaches rather than relying entirely on the cloud.
The limits of cloud adoption
Most organisations moved to the cloud for scalability, inspired by examples like large companies expanding during peak periods. However, in practice, very few businesses require this level of dynamic scaling.
Instead, most overestimate their needs, committing to larger resource tiers than necessary and consistently underusing them. Resultingly, cloud usage is often less flexible than expected, with companies effectively oversubscribing and not benefiting from the scalability they initially sought.
Also, when it came to resilience, people thought that the cloud was very strong – the combination of backups, specialised networking, hardware and skills meant that, as far as resilience was concerned, the cloud was assumed to be highly effective.
Why on‑prem has become viable again
The issue is not only that there are challenges with running everything in the cloud, but that the functionality of on-prem has improved dramatically in recent years. Advances in hardware mean organisations can achieve higher performance with fewer resources, often at a lower cost.
Even before the geopolitical situation became more unpredictable, companies were initiating discussion on the pros and cons of going back on-prem. Data centres remain highly relevant, and many of the technologies offered by hyperscalers can now be deployed more easily within an organisation’s own environment.
The on‑prem versus cloud debate also needs to be viewed through the lens of digital sovereignty. This adds a further incentive to rebalance IT environments, return selected workloads on‑prem, and adopt a more deliberate hybrid approach.
Securing IaaS for Cegal
Cegal has taken a strategic step towards a more flexible, innovative IT day-to-day and chose Conscia as its IaaS partner along the way. Conscia’s data centre is located at Green Mountain, outside Stav…
On-prem vs the cloud: the financial aspect
When it comes to the financial realities of moving back on‑prem versus remaining with cloud providers, both options are becoming more expensive and less predictable. The cost of IT infrastructure has risen sharply, and 2026 looks set to be a particularly costly year, with hardware shortages pushing up prices.
Supply chain issues are also slowing delivery times, meaning that infrastructure is not only more expensive but also slower to procure. This is not limited to on‑prem environments. Cloud providers are facing the same pressures, making further price increases highly likely.
On top of this, returning selected workloads on‑prem can offer greater cost certainty. Once deployed, costs are less likely to change unexpectedly, for example when services that were previously included become chargeable under revised licensing or pricing models.
Why a full cloud exit is unrealistic
Despite the increasing viability of on-prem, it is important to be realistic. The majority of programmes European organisations use are cloud-based, Microsoft 365 being a significant example.
Effective cybersecurity today depends, at least in part, on cloud computing. Many security vendors rely on cloud‑based analysis to process data, improve detection and prevent attacks, delivering results in near real time. This level of capability cannot currently be replicated entirely on‑prem.
For this reason, a more balanced and pragmatic approach should be taken. Rather than a full cloud exit, the most realistic path lies somewhere in between. Organisations cannot entirely avoid US technology providers, but they can begin to balance their portfolios, both from a risk perspective and a commercial one.
This is not about completely avoiding large US technology companies but adopting a more diversified vendor strategy. While it may be impractical to replace core network infrastructure, selected cloud workloads can often be moved to European providers, reducing dependency and making it less likely that capability will be disrupted in the future.
IaaS
Experts in Amazon Web Services We are a certified AWS Advanced Consulting Partner and experts in Amazon Web Services (AWS). Our consultants have been approved for the AWS DevOps Competency Program and…
About the author
Lars Erik Braatveit
CTO, Conscia Norway
Lars Erik Braatveit has over 20 years of experience securing businesses, their systems, and services, including delivering security testing to some of the largest organizations in Norway. He currently works as Cyber Security Lead at Conscia Norway.
Related
