By Eyal Arazi, cloud security manager at Radware
Eyal Arazi, cloud security manager at Radware, looks at why organizations once committed to cloud-first and cloud-only strategies are now reevaluating their approach. Learn how two hundred organizations are thinking about a shift back to on-premise and the motivations behind this reversal.
“Cloud migration is over; everyone is in the cloud. And this trend is irreversible. “
But is it really?
In recent years, the business landscape has witnessed a remarkable transformation with the rapid adoption of cloud computing. Companies have moved en masse to the cloud, changing the way they manage and deploy their workloads to take advantage of the promises of unparalleled flexibility, scalability, and cost-efficiency. And while organizations have reaped the benefits, they are also starting to reevaluate their cloud-first and cloud-only strategies and migrate some workloads back on-premise. This u-turn in thinking and events is a process called cloud repatriation.
According to Radware’s 2023 Application Security in a Multi-Cloud World report, two hundred organizations weighed in on this trend, confirming a shift in their security strategies. According to the 2023 data, only 24% of them said they deployed applications on multiple cloud environments. This is down from the 58% of organizations that said they deployed applications across two or more public cloud environments in our 2022 survey. And while 21% of organizations were using three or more cloud environments in 2022, only a negligible percentage seem to be doing so in 2023.
Why companies are making a u-turn
So why are companies making this shift? There are several compelling factors.
Security is one of them. At the same time that multi-cloud deployments are showing signs of decline, concerns about security threats are on the rise. The inability to achieve consistent security policies across multi-clouds topped the list as a problem or extreme problem for 56% of the organizations surveyed in 2023 compared to just 26% in 2022. And security mistakes are costly. According to the survey, downtime due to a successful application DDoS attack costs organizations an average of $6,130 per minute.
Other security areas respondents ranked as problems or extreme problems included protection between platforms (61% in 2023 vs. 38% in 2022), unified visibility (58% in 2023 vs. 41% in 2022) and centralized management (46% in 2023 vs. 34% in 2022).
Security is not, however, the only factor causing companies to rethink their security strategies and move applications and data back on-premise. Other considerations include:
Cost management: While the cloud’s pay-as-you-go model can be cost-effective for variable workloads, it can lead to unexpected expenses when usage spikes. Where predictable workloads are concerned, it can be more cost-efficient to invest in on-premise infrastructure over the long term, rather than paying ongoing cloud service fees.
Performance and latency: Applications requiring low-latency responses or intense computational power can encounter performance bottlenecks in a cloud environment. Running such workloads on-premise can offer more consistent performance and responsiveness.
Data sovereignty and security: Industries with strict regulatory requirements often need to ensure that sensitive data is stored and processed within specific geographic regions to comply with data sovereignty laws. Maintaining control over that data and having physical access to it offers a level of security and compliance that cloud solutions cannot always guarantee.
Complexity and vendor lock-in: Adopting multiple cloud services and platforms can create technical and security complexities. Additionally, concerns about vendor lock-in and potential difficulties in migrating between cloud providers can cause some organizations to consider bringing workloads back in-house.
Changing priorities: As strategic priorities evolve and shift, some workloads can end up being better suited for an on-premise environment. This could be driven by an organizational desire for tighter control, specific performance requirements, or changing business needs.
Resource optimization: Workloads that have stable resource requirements may not fully leverage the cloud’s elasticity. In such cases, dedicated on-premise hardware can have better resource utilization and cost savings profile.
A cloud-also approach
While repatriation to the cloud will continue in 2024, it is not a wholesale withdrawal from the cloud. Instead, companies are weighing a cloud-also approach against a cloud-first or cloud-only approach.
According to our survey, most organizations still deploy applications in a hybrid architecture made up of private and public clouds and on-premise environments. In 2023, nearly three quarters of survey respondents reported still using their on-premises data centers, and 70% are using a private cloud environment. Nearly nine out 10 organizations use a combination of two or three types of environments (on-prem, public cloud, or private cloud), with 46% reporting they use all three in tandem.
When deciding on the optimal deployment strategy for their workloads, the key for organizations going forward is finding the right balance based on their unique business needs. This means carefully defining which workloads go where. While cost is often a motivating factor, it should be weighed along with other important considerations, including operational efficiencies, regulatory requirements, speed and delivering a quality user experience.
About the Author
Eyal Arazi, Cloud Security Manager at Radware
Eyal is a Cloud Security Manager at Radware, where he is responsible for market strategy for Radware’s line of cloud security products. He is originally from Israel, where he served in Unit 8200 of Israeli military intelligence, which is the Israeli equivalent of the NSA. Following his military service, Eyal worked at a number of startups in the areas of information security, computing and big data, and marketing. Eyal has now been with Radware for almost 4 years. He holds a Bachelor’s degree in Management from the Interdisciplinary Center (IDC) Herzliya, and a MBA from the UCLA Anderson School of Management.
Eyal can be reached online at
Company website http://www.radware.com