I love my morning showers, not least because they're a time of profound epiphanies. Fresh from sleep, initial thoughts for the day rattling around my skull after dealing with the messiness of biology, it seems like the brain is far more flexible and receptive to unconventional thinking so early in the day. Oftentimes my OCD is transfixed on a given task for the day ahead, or a meeting I'm dreading, but sometimes I'm blessed with a moment of empty clarity that lets me (metaphorically) sit, shuffle the puzzle pieces around a bit, and see if I can find a new connection.
Today was one such day.
I'd like you to think for a moment on this question: what do technology companies actually sell?
I posed this question to a rather brilliant friend of mine, and they spouted off the usual answers: you're paying for their moat, for their services, for their content, their phones and tablets and operating systems and products. Which, yes, that's all true, but really try to boil it down into a singular, core concept. A single product they're all selling you, cleverly hidden through marketing judo and advertising propaganda, obscured by cameos from famous celebrities and weird advertisements.
They're selling you hosting.
Really chew on that for a moment. Google Workspaces isn't doing anything particularly new, not really. We've had collaboration and productivity software for decades, including web portals to those tools for access from thin clients or underpowered devices for a good twenty years. Amazon Web Services wants you to think it's doing cool, new stuff, but let's be truthful with ourselves: it's often just your on-prem infrastructure migrated into their cloud, maybe with some cost optimizations and reserved instances. Salesforce's CRM, Marketing, Fleet Management, Advertising, and Data Visualization tools aren't new, and modern versions of all the above can still be effectively self-hosted for pennies on the dollar.
What they're really selling you is the hosting, and that's a huge problem.
Sovereignty Not Included
For the blissfully unaware, the world is not in a great place right now. Even my own predictions just a few months ago failed to predict the sheer chaos of the current American Government. Barely a month into the second Trump administration, and the United States has waded into a multitude of Constitutional Crises while (almost certainly now former) allies rethink a new, multi-pole world order post-American Hegemony.
This context is important, because it underpins arguments made by others about the very real risks of our modern technological economy, and the outsourcing of everything possible to a third party - like Thing-as-a-Service vendors. After a decade of screaming that blind cloud and service migrations would wreak havoc on the agency and sovereignty of consumers, companies, and nations all, the "experts" in the room finally got gobsmacked by the reality of a petulant brat and President de facto slashing and burning one of the largest employers and institutions on Earth, the US Federal Government, and the chaos that very swiftly followed. Now these "experts" are bickering behind closed doors about what can be done, why did they trust American Enterprise, how do they uncouple from what may very well be hostile foreign powers without crippling their own technological advantage or, worst case scenario, their entire economy.
The modern technology economy is focused solely around controlling hosting, in the form of services. These services don't have to be good, or even particularly usable - they just have to be, at least on the surface, cheaper to run than their on-premises counterparts. Every company of moderate success has at least one horror story about a piece of on-prem software that fell over, crashed, didn't work with the new operating system, or required extensive (and expensive) consultation for a simple upgrade, and which was latched onto by some salesperson to slickly upsell them on the Thing-as-a-Service "cloud" version with the promise that'll never happen again. Sure, there's lengthy contracts your Legal team reviewed, redlined, sent back, reviewed again, and ultimately signed that claim to protect your IP, your data, your privacy, and your business, and in the moment that seemed good enough.
Except now there's a very real likelihood that most of your Enterprise or Government is effectively renting a patchwork of services indefinitely from cloud vendors, rather than maintaining it themselves in any meaningful capacity. This was the intention all along: to convince you to trade your sovereignty for convenience. Doing so not just gave third-parties control over your business infrastructure, but also enabled them to sell you even more stuff at each renewal in order to keep or increase a "discount" on your account. Again, this was viewed as an acceptable tradeoff at the time, because every company believes that their partners wouldn't violate a legal agreement - and if they did, their Lawyers would sueball them into the ground.
Now it's 2025, and the calculus has changed substantially in favor of Thing-as-a-Service providers. The failed regulatory authorities of the United States (and capture of the government by monied interests) mean corporations have been able to consolidate into fewer and fewer companies with larger and larger service catalogs. Collaboration and Productivity software is effectively a duopoly between Microsoft 365 and Google Workspaces, with most leaders balking at the notion of some patchwork of third-parties or - gasp - self-hosting your stuff on-premises again. The same goes for Public Cloud Service Providers, with AWS, Azure, and GCP hoovering up an estimated 63% of the global market share while everyone else fights for around 1/3rd of the total market. Heck, if we're considering complete product portfolios, you effectively have just five companies commanding the vast majority of modern Government and Enterprise services worldwide:
- Microsoft
- Oracle
- Salesforce
- Amazon
Bit by bit, piece by piece, these juggernauts snapped up competitors and complimentary products alike, all without regulators paying them much mind. One contract at a time, they convinced Governments and Companies both to cede their sovereignty over to them. In the span of thirty years, five companies now command a supply of compute, products, and technologies that outstrip even the capabilities of countries like China or the United States - and that's the entire point. Any entity of any size now lacks sovereignty by default, because the options for running business or government without any of the above broadly do not exist anymore. Generations of leaders, developers, and technology professionals were forced to adopt the above product lines to succeed in their careers, and the talent capable of managing infrastructure in a traditional sense is widely viewed as old, out-of-touch, or just plain "haters" of the new norms.
To be honest, I'm genuinely surprised that it took this long, for this Presidency, for this tantrum, for the world to wake up and realize they walked right into their own Prison Cells. I thought for sure that someone, somewhere, obviously smarter and wiser than me, would have challenged this sooner. Heck, I thought for certain that GDPR in the EU would gradually lead to an era of sovereign cloud-building - only for them to once again naively believe that these Enterprises can be trusted.
Though make no mistake: I always assumed they'd make the wrong choice in the end. When you live a life by the motto "Prepare for the worst, and hope for the best", well, you get used to being proven disgustingly right, a lot of the time.
Locking the Walled Garden
At this point, things seem likely to only get worse from here. History is littered with companies that violated explicit or implicit legal agreements protecting customer assets or IP in order to compete with said customer, so long as the penalty was cheaper than the revenue gains. After all, when your customer's source code runs on your servers, and their encryption keys use your key escrow, and their data is stored in your data centers, and the legal apparatus lacks both the speed and the capability to sufficiently or meaningfully address IP infringement...
...you get the idea.
Still, that seems at least a few years off before someone is so completely brazen as to just outright steal and copy a customer like that. Do I think companies and governments would be foolish to ignore such a threat? You betcha, but I also don't think they care.
Right now, those companies are more focused on locking up their walled gardens to deter customer attrition. Sure, they make headlines for things like cancelling egress charges for customers doing migrations to a competing provider, but that's trivial to do when the likelihood is that they won't actually leave in full, or even if they do, they'll eventually return because some new leader prefers one provider over another since their salesperson is a good friend and has Box Seats for this year's Championships and that one-year discounted rate card is a steal.
Think for a moment why there's such a push from these providers to use their proprietary tooling, like AWS CloudFormation or Azure Functions. Heck, think of the push for Kubernetes everywhere, using their own managed Kubernetes engines of course. The goal is to lock-in business operations into incredibly niche, non-transferable systems designs that all but tether them to that vendor forever. For all the hate being lobbed at Broadcom over their handling of VMware, the practices of the major cloud service providers are arguably worse. At least if I dislike VMware or Hyper-V, I can easily port the disks and VMs to literally anything else; when was the last time you managed to quickly port an EC2 instance to Azure without having to build an entire Packer pipeline to facilitate the conversion? When did you ever move a Kubernetes workload from GKE to bare metal, or OpenShift, or Tanzu without a complete rewrite of the YAML to account for different storage classes and network topologies?
And now that much of the global economy and governments run on these providers, with their software and their products, it's only natural the companies begin sealing the exits while raising prices. Long before the current AI bubble, datacenters were hot commodities all but locked down to only the largest players, all in the service of more capacity for more customers; trying to find colocation or dedicated cages for your kit is increasingly difficult unless you build it yourself or sign an incredibly lengthy contract, often for way more capacity than you need. All of this is by design, pushing and shoving all but the most diehard users into these walled gardens-turned prisons, seizing sovereignty on the way.
As more customers filter in, it becomes harder to escape. What was once a valuable tool has become a necessity, at least in the eyes of Management and Shareholders. After all, when your company inks a deal with GCP or AWS, both of your stocks see a bump - and shareholders love quick, easy bumps.
Reclaiming Sovereignty
This is normally the part where smarter people than me would make an excellent, well-reasoned case for the superior economics of repatriating your workloads back on-premises. I'd like to go one step further than those people (who already make the case for such moves far better than I've been able to in my career thus far) and advocate for repatriation not just of workloads, but of infrastructure itself.
Running your own infrastructure is, I will confess, a gigantic pain in the ass. It's hard. You need folks who know networking, folks who know security, who know virtualization, and servers, and storage, and compute, and power distribution, and HVAC, and cabling techniques. You have to deal with CAPEX forecasting, refresh cycles, hardware lifecycles, support contracts, and vendor representatives. It's a lot. Clicking a button and getting a VM on EC2? Easy. Writing the Powershell code to query your Technology Catalog, use that to populate vSphere tags and build Aria Custom Resource Groups, then stitch it all together into some form of tenancy so someone else can write a Slack bot to deploy virtual machines into your environment using yet another colleague's Ansible pipeline? Fuck me, that shit is HARD, and I would know because I literally did that!
Still, running your own infrastructure also brings a degree of sovereignty with it. You're not shackled to the desires or business agendas of a corporate conglomerate, you can make your own decisions on what's best for you and your specific organizational needs. This is of critical import to Governments, as freeing themselves of dependency on Private Enterprise for essential services means they can do better work with taxpayer dollars. A government that doesn't own its datacenters and all the equipment and infrastructure within them, is ultimately enslaved to whoever does.
Still, this isn't something that can be done overnight, or in a fiscal year. It takes long-term commitment to spending, people, and projects, something a lot of governments struggle with right now. It means a degree of agency as well, trusting the department that builds government datacenters to do a good job without the risk of political micromanagement or taxpayer upheaval; it's a hell of an investment, that will require politicians to sell the idea to taxpayers just as much as it requires more taxpayers to sell the idea to politicians in the face of Corporate lobbying. More likely than not, it involves a multitude of small, gradual migrations as time and budget permits, then snowballing those savings and benefits to bring more work in house. Technology companies will absolutely fight tooth and nail over every percentage point of decline in spend or presence, but others - hardware vendors, software developers, service providers - will gladly step in to help fight back, seeing as how repatriating workloads also gives them more sales and pricing power.
To be clear, repatriation isn't some silver bullet either, and it can be done in a way that's even more harmful than the status quo. I don't think anyone would argue that migrating from Microsoft Azure to a Hyper-V cluster with Windows Server and associated CALs is a better option, since you're still giving Microsoft control over your agency even as you claw back some degree of sovereignty. It's also a fool's errand to suggest Open Source is solely the way forward either, as the community has long faced funding droughts despite widespread exploitation of their software by large enterprises and cloud service providers. No, the way forward is less of a repeatable template of product suites, and more a reckoning of what an organization actually needs, and what its priorities are for support. Maybe Open Source is the way to go for the underlying Operating Systems with a sufficient support contract (a la Ubuntu, RHEL, or SUSE), while proprietary software is necessary for specific functions (e.g., ERP systems). Maybe your budget and resources are too limited to run it yourself, and so outside support really is necessary - until you can figure out a way of sharing the burden with another, likeminded organization. I can't offer easy answers here, because no two organizations have the same needs, risk assessments, goals, or talent pools.
So...cloud is bad?
I'm not saying that. Public Clouds have been a net boon for compute and technological accessibility. No longer do you need a rackmount server and a colocation agreement to run your own website, nor do you have to deal with someone else's tech stack and WYSIWYG editors or templates at obscene upcharges. For $2.50 a month over at Vultr, you could easily prop up a simple Linux VM and run an IRC Daemon or a Mumble server from it; I host this blog on Ghost over at PikaPods, and in the five months it's been ticking away over there, it's cost me about $10.15 in total. Public cloud has enabled more people to pursue hobbies, dreams, and businesses without the gargantuan upfront investment typically required, and that's good.
Let me make this explicitly clear: Public Clouds are a pretty awesome thing, but have the potential to be used for terrible ends. The removal of sovereignty, to me, is arguably the worst possible outcome, and a large part of why the stuff I really care about stays on-premises. It's why I run a Plex server, and buy physical media. It's why I purchase games on GOG when I can, and backup offline installers.
Ownership is sovereignty, and if you don't own your stuff, then someone else owns you.