Governments cling to private cloud despite inexorable public cloud adoption
- Reference: 1743762905
- News link: https://www.theregister.co.uk/2025/04/04/public_sector_private_cloud/
- Source link:
36 percent said their organization still operates an internal private cloud as their primary platform
Around the world, cloud-first policies such as those adopted by the US, UK, and South Korea are driving adoption, according to Forrester Research's new report, " [1]The State Of Cloud In Government ," based on its 2024 Cloud Survey.
But it finds that the public cloud operators aren't having it all their way. While 80 percent of decision-makers in government bodies report using a hybrid cloud arrangement, 36 percent said their organization still operates an internal private cloud as their primary platform.
Security is still seen as the biggest issue in cloud procurement, although curiously, this was cited as both the top reason for adopting public cloud (by 34 percent of respondents in the survey) and the chief concern about adopting it (by 28 percent of respondents), perhaps because of the loss of control in handing over organizational workloads to what is basically just someone else's computer.
Forrester says that what public sector bodies most value from the public cloud is scale, and help in meeting compliance regulations, but also responsiveness – giving them the flexibility to quickly deploy extra resources as needed in the event of an unexpected crisis or policy change.
[2]
Government organizations also see it as a route to digital modernization, tackling problems like technical debt as part of the process of moving workloads to the cloud. The survey found that 29 percent of decision-makers indicated that modernizing core applications was among their most likely initiatives for the next 12 months.
[3]
[4]
However, there are also concerns that the complexity of managing cloud networks and a lack of aligned internal governance could impact operations.
The report says that systems integrators and managed service providers play a key role in government cloud initiatives, helping to fill skill gaps through education and training programs, and by providing managed services in support of operations.
[5]
Forrester notes that hyperscalers are aggressively courting government bodies with their ability to offer more capabilities and services than traditional on-premises options.
[6]Heterogeneous stacks, ransomware, and ITaaS: A DR nightmare
[7]UK government told to get a grip on £23B tech spend
[8]Delicious irony as Euro alliance pumps €1M of Microsoft's money into open source cloud federation tech
[9]Even Google struggles to balance fast-but-pricey flash and cheap-but-slow hard disks
One thing it doesn't mention, however, is that those companies typically use the lure of hefty discounts to draw in public sector bodies and lock them in to multi-year contracts, as was revealed by the recent [10]investigation into the cloud market by the UK's Competition and Markets Authority (CMA).
The report also notes that some of the hyperscalers offer services designed to meet specific requirements, such as cloud regions dedicated to US government organizations, operated by AWS, Microsoft, and Oracle.
Forrester claims that local cloud service providers (CSPs) continue to win contracts for economic, legal, or national security reasons, yet also finds that public bodies generally choose hyperscalers for the wide range of services on offer. Smaller providers only tend to win if regulatory or political concerns are in play or they are a good fit for a particular niche use case, it says.
But sometimes this can backfire. In Britain, the collapse of local provider UKCloud in 2022 caused [11]business continuity issues for a number of public sector agencies, including local governments, police forces, and even the Ministry of Defence.
[12]
Nevertheless, some governments, such as France and Japan, are investing in and subsidizing local alternatives to the global cloud giants in order to create domestic champions and avoid complete dependence on foreign firms. This has no doubt been given [13]extra impetus in light of recent events. ®
Get our [14]Tech Resources
[1] https://www.forrester.com/report/the-state-of-cloud-in-government-2025/RES182262
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/paasiaas&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z_ACIbVhSZ2ySD3sB9OSOAAAA0I&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/paasiaas&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z_ACIbVhSZ2ySD3sB9OSOAAAA0I&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/paasiaas&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z_ACIbVhSZ2ySD3sB9OSOAAAA0I&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/paasiaas&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z_ACIbVhSZ2ySD3sB9OSOAAAA0I&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/04/03/heterogeneity_itaas_ransomware_disaster_recovery/
[7] https://www.theregister.com/2025/04/03/uk_government_told_to_get/
[8] https://www.theregister.com/2025/04/01/cispe_fulcrum_donation/
[9] https://www.theregister.com/2025/03/27/google_l4_storage_performance_improvements/
[10] https://www.theregister.com/2025/03/06/cma_overlooks_factors_hurting_small/
[11] https://www.theregister.com/2025/03/03/collapse_of_ukcloud_hurt_govt/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/paasiaas&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z_ACIbVhSZ2ySD3sB9OSOAAAA0I&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[13] https://www.theregister.com/2025/03/17/european_tech_sovereign_fund/
[14] https://whitepapers.theregister.com/
Re: Of course they do!
and it's not just government, your regulator of your industry may well have requirements around data retention within the legal jurisdiction they operate so that they can access, by court order if required, the data directly.
Controversial opinion
Private cloud is absolutely fine for some work loads - and can be significantly cheaper.
Public cloud costs can easily spill out of control - you're paying for convenience and features. Given a lot of work has gone into automating build and deploy, many services and functions can be put into private cloud without compromising on ease of use or robustness of service.
Unless you have a global scale project (hint: most local councils and indeed many government departments don't), there is not much justification for tying yourself to an expensive service that is designed for global scale projects.
The value here is ensuring your architectural decisions are made by an engineer and not by the sales person for a cloud provider.
Re: Controversial opinion
Fully agree here. Sales people should only be allowed into the discussion once requirements have been written in stone along with any permitted variation. The sales people can then show Yes/No answers (with evidence) for which bits their product can do along with absolute pricing along with any variation they may be able to offer.
Sadly we all know that the approach is to find out which supplier has the friendliest sales people and then let them define how your data should be handled/stored
Re: Controversial opinion
I know of one £400 million project (that failed) that was essentially tendered on the basis of which provider could make the puffed up Directors feel most important.
We all know the deal - Oracle, SAP, Capita or whoever send round a team of unusually leather-tanned guys in very expensive suits, and they tell senior management how they are in the same league as all the big guys. Senior management then agree the deal and leave little details like architectural decisions and actual implementation to be decided at a later date - having accidentally dictated that the company must use the most inappropriate and expensive platform possible. With added consultants sprinkled on top.
Success Factors
tackling problems like technical debt as part of the process of moving workloads to the cloud.
Nothing increases the likelihood of success than adding more complexity ("fixing" technical debt) to an already-complex migration project. /sarcasm
Given the events of the past couple of days
Mmm, my little corner of the public sector is starting to twitch about the whole notion of public cloud and 'murican ownership. Now much like turning a supertanker nothing's immediately going to happen but a principle that has been at the top of the list for quite a few years now and not to be questioned is suddenly looking a bit shaky so everything old may just start to become new again, who knows.
Re: Given the events of the past couple of days
who knew! We're busy pulling back from the Cloud, well sort of. Going from native Azure to Nutanix NC2 running in Azure which should save us quite a bit. Could save even more if we moved everything back to on-prem!
National security
Private cloud is a no-brainer where national security is concerned: keep the attack surface in the family.
Re: National security
Tell that to a LOT of public sector management AND consultants trying to look clever. I've had huge arguments with consultants who insist on "cloud everything" even when you present them with the costs & security implications.
ANYTHING you can do in the cloud, you can do on prem if designed right and willing to slap finance & procurement
Cloud first is insane
When the Chinese and Russians were stomping around azure for SIX MONTHS before anyone found out. With random price rises & inevitable outsourcing & offshoring.
Cloud = hacked..it's as simple as that. Your SaaS provider that charges for SSO or doesn't tell you where the data is stored. Or can't guarantee backups because " we've got triple redundancy" to Google consistently deleting entire organisations setups.
Now the guys who've never stepped into a server room or DC are going to cry like little children but an on prem setup is cheaper, stable in pricing AND I know EXACTLY who to slap when it goes tits . I was able to price up an entire infrastructure for a local council with hardware, Hosting, licences, etc & over 3 years it's was 35% the cost of azure & that was BEFORE MSs price rises a couple of years back.
Microshit lost the SQL as a service for the whole of south America for 10 hours because one of their discount Dan engineers didn't bother testing an update script. Now imagine you're a 500 person or even 1000 person company hitting heads with MS support trying to get YOUR service up & running while they are prioritising larger customers.
And if the orange baboon insists on cloud providers giving access to US security services to UK/EU based customer data? Can you say MS/AWS/GCP won't let them? At least on prem I can tell any intelligence service to go fuck itself
Of course they do!
As a non-US government you CANNOT put quite a number of things into an US cloud. Same goes for China-Cloud and so on.
Some data has to stay within your regional borders, with 100% control over infrastructure as private cloud (quite often with VPN requirement). The US-Cloud leaks are way too common, and we only see the tip of it in the news, so the US government(s) will be forced to do the same soon.