The Tide is Turning
For years, the prevailing wisdom in IT strategy pointed in one direction: to the cloud. The narrative was one of inevitable, wholesale migration. Yet, new research from BARC indicates a significant change in this trend. A recent study on data sovereignty in practice reveals that 19% of companies plan to increase their on-premises investments, while another 13% have either slowed or completely stopped their cloud migrations.
This shift is not a retreat from innovation, but a move towards a more mature and balanced architectural strategy. The primary force driving this change is not cost, but control. As organizations grapple with an increasingly complex web of regulations and geopolitical uncertainties, the need for data sovereignty has become a critical business imperative. BARC defines data sovereignty as the ability of an organization to have full control over its data, including where it is stored, how it is processed, and who can access it, in compliance with the legal and regulatory requirements of the jurisdictions in which it operates. A move to hybrid cloud models (a combination of public and private cloud) is a direct response to the strategic need to regain that control.
The ‘Why’: The Four Key Drivers of Data Sovereignty
The shift towards hybrid strategies is not based on a single issue but is driven by a confluence of external pressures, as identified by the BARC research. While geopolitical uncertainty is a significant factor, the study reveals that the primary driver is a broader and more immediate concern for most organizations.
Based on the study data from 300 enterprises, four key factors have propelled data sovereignty to the top of the corporate agenda:
- New Legal and Regulatory Requirements (69%): The most significant driver is the increasingly complex and stringent landscape of data-related legislation. Regulations like the EU’s GDPR, NIS2 Directive, and the upcoming AI Act impose strict rules on how data is handled, processed, and protected, compelling organizations to adopt architectures that guarantee compliance.
- Political Developments in the USA (46%): Nearly half of the respondents cite geopolitical factors, specifically developments in the United States such as the CLOUD Act, as a major influence. This has created significant uncertainty and risk for companies operating globally, forcing them to re-evaluate storing data in jurisdictions where it may be subject to foreign government access.
- Cybersecurity (42%): The constant and evolving threat of cyberattacks is a powerful motivator. By bringing critical data back within their own security perimeters, companies aim to gain more direct control over their defenses and better protect their most valuable digital assets.
- Dependency on Public Cloud Providers (40%): A significant portion of organizations express concern about strategic dependency on a small number of hyperscale cloud providers. This concern is not just about vendor lock-in but also about architectural flexibility and the influence and ability to intervene of the American government, prompting a move towards more balanced, hybrid models.
The ‘How’: The High-Level Strategy
Faced with these regulatory, geopolitical, and security-related pressures, the market is coalescing around a clear strategic response. According to the BARC study, the most common measure being implemented by far is the strengthening of a hybrid cloud strategy, with 51% of companies actively pursuing this path.
This approach represents a strategic middle ground, allowing organizations to balance the benefits of public cloud services—such as scalability and innovation—with the security and control of on-premises or private cloud infrastructure. Successfully implementing this strategy, however, goes beyond infrastructure. It requires a more disciplined approach to the data itself, which is why organizations are looking for new ways to apply established concepts in a bid to find frameworks that ensure control and governance across distributed systems. One of these concepts, which has recently risen to fame, is the Data Product.
This adds a new layer of complexity, as many companies are already struggling to operationalize the Data Product concept. The new focus on data sovereignty adds both new challenges and new opportunities to their efforts, requiring that the path to operationalization be adjusted to meet these evolving demands.
Conclusion & A Look Ahead
The finding that more than half of the companies surveyed are planning to strengthen their hybrid cloud strategies marks a pivotal moment in the evolution of enterprise IT. It signals a move away from a “cloud-only” ideology towards more mature, balanced architectures that seek to reconcile the drive for innovation with the non-negotiable requirement for control. This is not a step backward, but a strategic realignment based on a clear-eyed assessment of the current regulatory and geopolitical landscape.
However, a high-level strategy is not an implementation blueprint. As is so often the case, the devil is in the details. Successfully implementing this strategy, however, goes beyond infrastructure. It requires a more disciplined approach to the data itself. While established architectures like the data lakehouse remain foundational, BARC research shows that companies are also adopting newer concepts like data mesh and data fabric to improve control across distributed systems. This often involves leveraging data catalogs and data intelligence platforms, and rethinking data as a manageable data product—frameworks that, while powerful, add a new layer of complexity to the challenge of operationalization.
The critical question is no longer if a hybrid approach is necessary, but how to execute it effectively without sacrificing agility or creating unmanageable complexity. How do you decide which data stays and which data goes? How do you manage security and governance consistently across different environments?
We explored these complex operational questions in a webinar that featured an in-depth discussion with a guest panel. Their practical insights on implementing hybrid strategies, the role of regional cloud providers, and the application of concepts like Data Products are available in a detailed follow-up article for BARC+ subscribers, who can also access the full webinar recording and other curated resources.