Post-cloud strategy: what comes after hyperscale?

Cloud computing concept image showing a cloud with interconnected pink-colored data points. — (Image credit: Getty Images)

All of the major cloud service providers have built vast global infrastructure networks that allow enterprises to centralise workloads and reduce infrastructure overheads. The assumption has always been simple: bigger cloud platforms meant greater efficiency and resilience, enabling businesses to innovate at speed. balance cost, control, and performance.

But as explored in Part 1 of this series, that model is beginning to change. Rising cloud costs and the growing demands of AI workloads are forcing enterprises to rethink where applications and data should live.

Now, other powerful forces are reshaping enterprise infrastructure strategy. Sovereignty, geopolitical instability, and increasingly strict regulatory requirements are driving organizations toward more distributed, regional, and policy-aware cloud environments.

This article, the second in the three-part series Post-Cloud Strategy: What Comes After Hyperscale?, considers how sovereignty and security concerns are accelerating the rise of regional cloud providers and sovereign cloud initiatives. Part three, Hybrid by Design: Architecting the Next Enterprise Stack, will explore how enterprises are designing resilient hybrid and multi-cloud architectures that

Sovereignty is becoming a board-level concern

Data sovereignty has evolved far beyond a compliance checkbox. Increasingly, it is shaping strategic infrastructure decisions at the highest levels of enterprise leadership.

Alexandra Thorer, chief growth officer at BCS Consultancy, says enterprises are moving away from the idea of cloud as a single, borderless platform. “Across the market, organizations are increasingly seen moving away from purely centralised cloud models and toward more regionally segmented architectures,” she says. “Rather than treating cloud as a uniform global layer, many enterprises now design around jurisdictional boundaries, particularly where regulatory scrutiny is highest.”

That shift is especially visible in Europe, where concerns around cross-border data transfers and digital autonomy are intensifying. Adam Low, chief technology officer at Wire, says enterprise cloud strategies are now being shaped as much by governance and risk as by technical performance.

“Cloud strategies have fundamentally shifted from a sole focus on cost and scalability to a greater emphasis on control and risk,” Low explains. “Organizations are paying closer attention to where their data resides, who can access it, and which legal frameworks apply. This is driving increased adoption of hybrid and multi-cloud models, with greater emphasis on jurisdiction, governance, and resilience.”

One of the biggest areas of confusion is the distinction between regional cloud infrastructure and genuinely sovereign cloud environments. Regional cloud offerings may guarantee that data remains inside a specific geography, but sovereign cloud models go much further, focusing on operational governance and jurisdictional independence.

“In practice, the distinction is often framed less around location and more around control,” Thorer says. “There is a growing expectation, particularly among regulated industries, that a sovereign cloud should limit exposure to foreign legal frameworks, restrict administrative access to locally governed personnel, and provide greater transparency into operational processes.”

Speaking to ITPro, Mark Boost, CEO at Civo, argues that many organizations are only now beginning to recognize the long-term risks of relying heavily on foreign-owned cloud infrastructure.“Sovereignty is about jurisdictional control, rather than where a data centre is based,” Boost explains. “Even if data is stored in the UK, if your data is held by a US provider, it can be accessed by US authorities under the US Cloud Act. This means it is never truly sovereign.”

For many enterprises, sovereignty concerns are no longer theoretical. They are directly influencing workload placement and long-term infrastructure planning.

Geopolitical instability is reshaping infrastructure decisions

The cloud industry was originally built around the idea of abstracting global infrastructure. Increasingly, however, geopolitical tensions are reintroducing geography into enterprise IT strategy. Organizations are becoming more cautious about concentrating workloads in a specific jurisdiction or relying too heavily on a small number of hyperscale providers.

BCS Consultancy’s Thorer says enterprises are paying far closer attention to geopolitical risk than they were even a few years ago.“There is evidence of increased attention to jurisdictional risk, including concerns around sanctions, data access laws, and political stability,” she explains. “In some cases, this is leading to diversification strategies, avoiding concentration of data or workloads in a single geography or under a single provider.”

Those concerns are accelerating demand for regional cloud providers and sovereign infrastructure initiatives designed to reduce dependency on foreign-controlled platforms. Boost believes geopolitical instability has fundamentally changed how organizations think about cloud dependency.

The growing importance of digital sovereignty is also influencing government policy. Across Europe, governments are increasingly encouraging local cloud ecosystems, sovereign AI initiatives, and national investments in digital infrastructure. Mike Hoy, CTO at Pulsant, says enterprises are already responding to the changing environment by reassessing their dependence on public cloud.

“Within the UK, compliance with sovereignty and residency regulations is becoming the dominant factor in cloud strategies,” Hoy says. “The most immediate and obvious impact is the continued flight from public cloud.”

At the same time, hyperscalers are adapting rather than retreating. Many are introducing localized governance controls and sovereign cloud partnerships in response to growing customer demand for greater transparency and jurisdictional control. The result is an increasingly layered cloud market where organizations mix hyperscale services with sovereign infrastructure, regional providers, private cloud, and edge environments depending on workload sensitivity and operational priorities.

Security is no longer defined by scale alone

For several years, hyperscalers positioned scale as one of their greatest security advantages. Their enormous investments in cybersecurity resilience engineering and threat intelligence created a perception that global cloud platforms inherently offered the safest environments.

That advantage still matters. However, sovereignty concerns are reshaping how enterprises think about security itself. Organizations are increasingly evaluating not just whether infrastructure is technically secure, but whether they retain sufficient visibility, governance, and legal control over their data and operations.

Wire’s Adam Low says sovereign cloud models are forcing enterprises to rethink the relationship between security and control. “Global providers benefit from scale and highly mature security capabilities,” he says. “Sovereign and regional approaches can offer comparable levels of security when properly designed and operated. The trade-offs concern who takes greater responsibility for the security architecture and implementation.”

That creates a difficult balancing act for enterprise IT leaders. Hyperscalers provide vast security ecosystems, but sovereign environments may offer stronger alignment with local governance and reduced exposure to foreign legal frameworks. As a result, many enterprises are now adopting blended approaches in which sensitive workloads remain within sovereign or private infrastructure while other services continue to run on public cloud platforms.

Thorer says the market increasingly views security as a set of trade-offs rather than an absolute choice. “Sovereign and regional solutions are often associated with greater control over data access and reduced exposure to external jurisdictions,” she explains.

“At the same time, some organizations express concerns about the relative maturity of security capabilities, particularly when compared with the scale of investment and threat intelligence available to global providers.”

AI is adding even more urgency to these discussions. AI inference and machine learning workloads are generating enormous amounts of sensitive data, often requiring localized processing and lower-latency infrastructure. Tim Pfaelzer, SVP and general manager, EMEA at Veeam, says sovereignty requirements are intensifying operational complexity inside already fragmented data environments.

“Sovereign cloud initiatives are emerging as a way to address this by giving organizations greater control over data residency, governance, and regulatory alignment,” he says.

“Yet, for many enterprises, these initiatives increase the risk of fragmentation and siloes. Data is already scattered across hybrid and multi-cloud environments, so sovereign requirements simply add another layer of complexity to an existing problem.”

That challenge is pushing enterprises toward more portable and workload-aware infrastructure strategies that deliver the secure cloud services businesses need to meet their expanding data challenges.

The future cloud market will be hybrid and policy-aware

The rise of the sovereign cloud does not signal the collapse of hyperscale computing. Instead, it reflects a broader evolution in how enterprises think about infrastructure. Businesses are becoming more selective and policy-driven about where workloads should run. Rather than defaulting automatically to public cloud environments, enterprises are distributing applications based on compliance, resilience, latency, performance, and geopolitical exposure.

Mark Pestridge, managing director at Telehouse Europe, says the market is entering a more mature phase of cloud adoption. “The biggest change is that sovereignty has moved from a legal consideration to an infrastructure design decision,” Pestridge says. “Workloads are being placed more deliberately, with sensitive data often kept in-country while less sensitive services remain distributed across larger cloud platforms.”

That philosophy increasingly defines the emerging post-cloud era.

Pulsant’s CTO Mike Hoy believes the future will be driven not by abandoning hyperscalers, but by building more intelligent hybrid architectures. “Over the next three to five years, the UK will head into a multi-cloud, sovereignty-led era rather than a wholesale shift away from hyperscalers,” Hoy says. “It will be driven by decisions about where to place sensitive workloads, compliance, resilience, and operational control.”

Ultimately, enterprises are recognizing that no single infrastructure model can satisfy every requirement simultaneously. The future enterprise stack will likely combine hyperscale cloud platforms, sovereign cloud environments, edge computing, private infrastructure, and regional providers in carefully orchestrated hybrid architectures.

As explored in Part 1 of this series, the cloud-first era is evolving into something far more nuanced. The next phase of enterprise infrastructure strategy will not be defined purely by scale, but by flexibility, resilience, governance, and control.

Part 3 of Post-Cloud Strategy: What Comes After Hyperscale? explores how IT leaders are designing hybrid-by-default architectures that balance cost, performance, operational resilience, and sovereignty across increasingly distributed environments.

David Howell is a freelance writer, journalist, broadcaster and content creator helping enterprises communicate.

Focussing on business and technology, he has a particular interest in how enterprises are using technology to connect with their customers using AI, VR and mobile innovation.

His work over the past 30 years has appeared in the national press and a diverse range of business and technology publications. You can follow David on LinkedIn.