A decade ago, the cloud migration message was simple: move everything to the cloud, reduce costs, increase agility, eliminate data centre headaches. For many workloads, this proved true. But for critical infrastructure operators, the everything-in-the-cloud dream is increasingly revealing itself as a nightmare.
The Promise
Cloud adoption offered compelling benefits:
- Capital expenditure converted to operational expenditure
- Infinite scalability on demand
- Someone else's problem for hardware management
- Access to advanced capabilities (AI, analytics) as services
- Geographical redundancy without owning multiple data centres
For general enterprise workloads, these benefits often materialised. But critical infrastructure has different requirements.
The Sovereignty Problem
Sovereignty concerns have moved from theoretical to urgent:
- Data about critical infrastructure flowing to foreign-owned cloud providers
- Cloud regions that may be subject to foreign legal requirements
- Dependencies on vendors whose primary loyalties aren't to Australian interests
- Questions about data access under various international agreements
When the Australian government starts asking hard questions about where critical infrastructure data lives and who can access it, "it's in AWS Sydney region" isn't always a satisfying answer.
The Availability Reality
Cloud providers have excellent aggregate availability. But critical infrastructure operators have discovered:
- Multi-region outages do happen
- Regional issues can affect multiple services simultaneously
- The control plane can fail even when the data plane is fine
- Dependencies on cloud services create new failure modes
When your operational technology depends on cloud services to function, a cloud outage becomes an OT incident. This isn't a risk profile many critical infrastructure operators signed up for.
The Cost Trajectory
Early cloud migrations often showed cost savings. Over time:
- Data egress costs compound unexpectedly
- Premium services become dependencies
- Negotiating leverage decreases as lock-in increases
- Cost optimisation becomes a full-time job
- "Serverless" turns out to have servers, and they're expensive at scale
Many organisations are discovering that cloud costs, over the long term, exceed the costs of well-managed on-premises infrastructure.
The Skills Shift
Cloud adoption was supposed to reduce operational burden. Instead:
- Operations teams now need cloud platform expertise
- Security teams need cloud security skills
- Architecture teams need cloud-native design skills
- Everyone needs FinOps skills to manage costs
The skills requirement didn't decrease—it shifted. And the new skills are often harder to find and retain than traditional infrastructure skills.
The Control Question
Cloud services abstract away control. For many workloads, this is fine. For critical infrastructure:
- You can't inspect the underlying systems
- You can't implement specific security requirements
- You can't audit the physical security of where your data lives
- You can't ensure specific performance characteristics
The loss of control that makes cloud convenient also makes it unsuitable for certain regulatory and operational requirements.
Recognising Reality
This isn't an argument that cloud is bad. Cloud is excellent for many workloads. But the idea that everything should be in the cloud—including critical infrastructure systems—is being tested and found wanting.
Mature organisations are moving toward hybrid architectures that use cloud where it makes sense and maintain on-premises capabilities for workloads that require them. This is harder than pure-cloud or pure-on-premises, but it reflects operational reality.
At Muon Group, we build for this hybrid reality. We're not cloud-first or cloud-never—we're appropriate-for-the-workload. And for critical infrastructure, that often means keeping control where it matters.