Mid-market UK companies shift towards selective cloud repatriation amid security and compliance concerns

A new industry survey reveals that 97% of mid-market UK firms are planning to move some workloads away from public cloud just a year after widespread adoption, embracing hybrid and private cloud models to address security, compliance, and control concerns while seeking operational resilience.

Recent data indicates a notable shift in cloud strategy among mid-market UK companies, with an overwhelming majority—97%—planning to migrate some workloads away from public cloud environments within the next twelve months. However, rather than a wholesale retreat from the public cloud, this shift tends to be partial and highly selective. While 43% of organisations intend to repatriate significant portions of their applications, nearly half—49%—plan to move only specific workloads, reflecting a more pragmatic, workload-appropriate approach rather than abandoning the cloud entirely.

This nuanced reassessment comes amid growing recognition that the one-size-fits-all “cloud-first” mindset is no longer viable. Industry experts, including Node4’s Chief Technology Officer Mark Skelton, suggest mid-market businesses are refining their cloud strategies to optimise infrastructure performance, compliance, and control. This trend aligns with IDC findings, which report that 88% of cloud consumers are now deploying or actively operating hybrid cloud environments, blending on-premises and cloud resources to better suit specific IT needs.

Several key drivers underpin this partial repatriation. Foremost is a desire among organisations to reclaim control and reduce risk, especially where initial lift-and-shift migrations to the cloud have failed to deliver expected business growth or cost efficiencies. These missteps often involved moving applications unsuited for public cloud or misconfigured workloads, leading to performance issues, budgetary pressures, and internal friction between IT teams and senior leadership.

Data sovereignty and regulatory compliance concerns also loom large, particularly with the increasing scrutiny brought by frameworks such as the Digital Operational Resilience Act (DORA), the General Data Protection Regulation (GDPR), and the US Cloud Act. Many mid-market firms are worried about storing sensitive data—especially HR and financial information—on servers managed by US companies, fearing potential government access under the Cloud Act even if data resides outside the US. This legal complexity is driving some organisations to repatriate sensitive workloads back to on-premises infrastructure or UK-based cloud providers to boost compliance assurance.

Cybersecurity challenges are another significant factor. While public cloud providers offer advanced security tools, confidence in their effective deployment appears uneven. Data shows that 90% of organisations relying mostly on on-premises infrastructure feel confident in their cyber defences, compared to around 75% of those fully cloud-based, with roughly 10% of cloud-first companies expressing no confidence at all. This counterintuitive disparity suggests that security assurance depends heavily on the skills and resources available to manage and automate cybersecurity measures effectively. Given the prevalent shortage of IT skills—more than 90% of mid-market organisations report shortages, particularly in cybersecurity—some firms prefer on-premises solutions that may be less sophisticated but more manageable internally.

This evolving landscape mirrors wider industry observations. Reports from the Information Services Group (ISG) and others note a strong preference among UK enterprises for private and hybrid cloud models, driven by demands for enhanced security, regulatory compliance, and greater infrastructural control. Economically, inflation and budget constraints are prompting firms to seek more predictable costs and optimise resource allocation, further reinforcing hybrid approaches that combine the benefits of both public and private clouds.

Looking ahead, the UK’s hybrid cloud market is projected to expand rapidly, with forecasts estimating growth from USD 5.1 billion in 2023 to nearly USD 14 billion by 2030, at a healthy compound annual growth rate of 15.2%. This growth reflects the broader trend among mid-market companies to ditch uniform public cloud strategies in favour of tailored, balanced infrastructures that foster efficiency, agility, and resilience.

Ultimately, the trend towards partial cloud repatriation underscores the importance for businesses to carefully assess workload requirements, compliance needs, and internal capabilities when designing their cloud strategies. Organisations that strike the right balance—leveraging cloud benefits while maintaining control and confidence—will be better positioned to unlock operational gains and navigate an increasingly complex technology and regulatory environment.

📌 Reference Map:

Source: Noah Wire Services