Data repatriation, also referred to as cloud repatriation or the hybridization of cloud storage, involves transferring all data from the cloud back to an on-premises storage system or integrating local and cloud data storage solutions.
By Kris Lovejoy, Global Security and Resiliency
Practice Leader at Kyndryl
For more than a decade, data has been headed in one direction: from servers to the cloud. Based on the promise of lower costs and more flexibility, organizations of all sorts uploaded their data to cloud providers, and according to Forrester, 94% of all enterprises use cloud services.
But now a reversal has begun, and for a complex web of reasons ranging from AI workloads and cost to risk management to geopolitical concerns, enterprises are beginning to remove their data from public cloud providers and return it to data centers, cloud providers in the region or their own servers. This trend, called repatriation, is gathering steam, with 86% of CIOs surveyed by Barclays last year saying they intend to move at least some of their workload from public clouds.
Just as the introduction of cloud platforms impacted the IT landscape, so will data repatriation, as companies seek servers and solutions for hosting their data.
Among U.S. enterprise infrastructure decision-makers, 94% use at least one type of cloud deployment, with the majority being hybrid or multicloud.
The AI catalyst
A major factor driving repatriation is the rise of AI, which creates several challenges when hosted in the cloud. AI requires vast amounts of computing power, and as workloads mature, cloud costs can climb steeply, making local strategic initiatives to build AI centers or on-premises environments more cost-effective for predictable, intensive operations.
When enterprises host their own data, they have more control over the training and use of their AI models. They can fine-tune their hardware for faster data throughput and lower latencies, and they’re not hindered by cloud quotas or throttling policies.
A prominent real-world example of this strategy is 37signals, the software company behind Basecamp and HEY. In late 2022, after spending $3.2 million annually on cloud services, the company began moving its massive infrastructure out of the public cloud and onto its own hardware. CTO David Heinemeier Hansson noted that while renting cloud servers is ideal for startups, it becomes “grotesquely expensive” for established companies with predictable, heavy workloads. By repatriating, 37signals projects it will save approximately $7 million over five years while gaining more control and better performance for its data-intensive applications.
AI also poses security concerns when housed on cloud platforms. It uses huge quantities of data, and unlike other applications, where sensitive data receives special privacy safeguards, AI turns seemingly unimportant data into highly valuable information. Instead of securing just its most valuable data, enterprises must guard all their digital assets, straining existing security systems. Perhaps it’s not surprising that, according to a recent study, only 29% of enterprise leaders are confident in their organization’s ability to manage risks posed by AI.
By its nature, AI creates the potential for data leakage, through exports without proper encryption or internal users connecting to public chatbots. Repatriating data doesn’t remove all the security risks, but it removes the variable of a third-party host.
Digital sovereignty and third-party risk
Third-party risks are a major driver of repatriation. As the global regulatory landscape around data evolves and geopolitical tensions escalate, enterprises are recognizing the value in keeping data close to home. This serves as a hedge against potential disruption incurred by hyperscalers reshuffling how they might show up in markets, including in response to regulations and local government actions. In such cases, any enterprise with data on a cloud would face possible business disruption.
As digital sovereignty becomes more prevalent, enterprises may increasingly be required to repatriate data to regionally based public clouds, data centers or servers.
“
As digital sovereignty becomes more prevalent, enterprises may increasingly be required to repatriate data to regionally based public clouds, data centers or servers.
A proactive path forward
There are other, more mundane reasons for repatriation: Enterprises can struggle connecting their systems in multi-cloud or cross-cloud environments, leading to disappointing results. Other companies may be frustrated with latency issues or paying for more cloud resources than they need.
Organizations should take a more proactive approach rather than reacting to these challenges. The critical first step for any enterprise leader is to commission a data-centric risk assessment. This moves beyond traditional infrastructure analysis to classify data workloads by business impact and geopolitical exposure, creating a strategic map for where assets should reside. Based on this assessment, organizations should run simulations to better understand the risks. For data categorized as high-risk, exploring alternative deployment models is essential; for medium-risk data, developing backup plans can help enhance resilience.
Of course, many enterprises are satisfied with their cloud strategy and have no plans to abandon a successful deployment. Others will repatriate data for certain functions while keeping the rest in the cloud. As is often the case in technology, one solution rarely makes sense for all players. At the same time, organizations considering this shift must grapple with the hidden costs and realities of a rapidly growing data center market — where power constraints, limited physical space, equipment availability, and the need for specialized talent and supporting infrastructure (such as water cooling for high-performance servers) present new layers of complexity.
The pendulum swing from a “cloud-first” mandate to a more nuanced, “workload-appropriate” strategy marks a new chapter in enterprise IT. The decision is no longer a simple binary choice between cloud and on-premises, but a sophisticated balancing act. It requires weighing the performance demands of AI, the escalating complexities of geopolitical risk and the practical constraints of the physical data center.
For years, on-premises data centers have been underfunded as enterprises prioritized the “move to cloud” strategy, leaving many facilities outdated and requiring substantial capital investment to catch up. The rise of generative AI workloads intensifies this challenge, pushing power demands far beyond traditional limits. Standard air-cooled data centers, typically handling 10-12 kW per rack, are ill-equipped for generative AI’s high-density requirements, which can exceed 100 kW per rack. This necessitates advanced water-cooling upgrades to manage heat efficiently, significantly increasing the cost and complexity of repatriation efforts.
Ultimately, the most resilient and successful organizations will treat data location not as a default setting but as a continuous, strategic decision tailored to the unique value and risk profile of each digital asset.
