CIOs have steadily moved their workloads to the cloud for nearly two decades, often embracing cloud-first or cloud-only policies. But some are reversing course, moving certain workloads and data back from the public cloud to on-premises infrastructure.
The 2025 State of the Cloud Report from Flexera, an IT management software provider, found that 21% of 759 survey respondents repatriated workloads and data, citing cost, security and reliability concerns.
Still, not all CIOs see repatriation as the right answer. Some say they remain firmly committed to cloud environments, arguing that cloud remains the best environment for modern workloads — especially those using AI — as long as systems are properly configured and managed to control costs and maintain security and speed.
So, we asked two CIOs, “What workload would you not move to the cloud again if you were starting over today?”
-
Josh Hamit, senior vice president and CIO at Altra Federal Credit Union and a member of the ISACA Emerging Trends Working Group.
-
Sue Bergamo, a 25-year IT and cybersecurity leader now providing fractional CIO and CISO services through BTE Partners and a trustee with the Boston chapter of the Society for Information Management.
Both answered: none — and explained why.
Their responses, edited for clarity and length, follow.
Josh Hamit, senior vice president and CIO, Altra Federal Credit Union
Hamit: ‘We’ll keep expanding our cloud footprint’
“I have been pondering whether we have moved any workloads into the cloud that we have later regretted, and I honestly cannot think of anything that stands out. That is probably more a result of our cloud strategy taking a gradual approach versus going all-in.
“We still run many of our workloads within our in-house data centers and have gradually started to move and test more systems in the cloud. Some of our critical workloads have not been ‘officially’ supported in the cloud or have not been proven out, so we’ve also had to wait on vendors to ensure their platforms can operate effectively in cloud providers like AWS or Azure. We’re starting to see a lot of progress in that area, so I anticipate we’ll keep expanding our cloud footprint in 2026 and beyond.”
Lean on experienced partners
“What I will add about our cloud journey is that we’ve been very deliberate in working with experienced partners that have helped us navigate migrations. As we’ve leveraged more Microsoft cloud services (e.g., SharePoint Online, OneDrive, Fabric, etc.), we have leaned on partners to help us ensure a solid architectural and secure foundation — for example, setting up Microsoft Purview for data classification and data loss prevention controls. I think that strategy has helped stabilize our cloud migrations and avoid hard lessons learned or even regrets.
“I’m sure a lot of organizations that have gone through a fast-paced migration into the cloud have probably identified workloads that just were not very suitable for the cloud and probably wish they could maybe go back.”
Cloud is ‘where innovation is happening’
“But cloud is definitely something that is absolutely part of our technology and organizational strategy. That’s where the innovation is happening. We’re seeing a lot of capabilities that cloud is offering with direct tie-ins to AI and things that just are much more difficult to do in an on-prem environment.
“Cloud has more scalability and the ability to spin systems up quicker. Those types of capabilities are key to our speed and agility for sure.”
Sue Bergamo, CIO and CISO, BTE Partners
Bergamo: ‘An environment that can expand’
“From my vantage point as a CIO and cloud architect, I would move every workload to the cloud unless it was something seriously top secret. I love everything about the cloud: the enormity of it, the diversity of it, the architecture. It really is the largest data center in the world. But it’s not just a data center; it’s a culmination of data centers. It gives you an environment that can really expand worldwide.”
Configuration is key
“Once you know how it works, it’s no less secure or no more secure than an on-prem environment. Think about it, you’ve got public cloud environments that big companies like Microsoft or Amazon are protecting and then you have your environment within that environment that your company is protecting. So, it’’ almost like a double layer of security as long as you’re doing it the right way.
“You’ve got to have good architects who know how to set the environment up, whether it’s on-prem or in the cloud.
“From a latency perspective, you have to configure and set up the right environment in the cloud for the workload that you have — just like with an on-prem environment. And if you shortchange the server size and the CPU size, you’re going to have latency.
“There can be overage costs with cloud if you don’t configure correctly. The cloud expands based on your workloads and your resource needs, so if you exceed your current environment when it scales, you’re going to have overage charges. But if you configure correctly, you shouldn’t. That’s just like in an on-prem environment: If your workloads exceed the size of your environment, you’ve got to go out and buy more equipment. It’s the same concept with cloud, except it happens virtually.”
