Securing the Fragmentation of the Modern Enterprise: The Data Hosting Conundrum

By Ste Nadin - Chief Architect

May 14, 2026 4 Minute Read

As a global business, where do you run services and hold data?

Well, this used to be a relatively simple answer as it would probably have been wherever your data center was, or more recently the location of your cloud service. Today, the landscape is fractured and complex.

Three critical shifts have driven this complexity and forced a pause or even a reversal in the ‘cloud-first’ transformation:

1. Global Sovereignty & Compliance: We are facing rising regulations that demand data hosting within specific regions. Whether it’s providing services to governments via protected, in-region hosting (like FedRamp in the US or Sovereign Cloud in Europe) or protecting Personal Information (PII) under laws like GDPR or DPDPA, regional requirements now dictate hosting location.
2. Cloud Instability: Major cloud providers have experienced significant outages in recent years, leaving firms that rely solely on them unable to operate. Reliance on a single service is no longer a viable risk strategy.
3. Cost realities of cloud hosting: The expectation that moving to the cloud would eliminate expensive data centers and save costs hasn’t materialized. The reality is that the predicted capability to switch services off when not needed hasn’t been achieved, and the monthly costs for hosting and data storage have pushed the Total Cost of Ownership (TCO) far higher than traditional hosting models.

This convergence of factors has led most enterprises to question their cloud journey. Many have paused their transformation, while some have fully reversed course, repatriating data and services back to local data centers, or moving toward complex multi-cloud and pinned multi-region strategies. The result? A fragmented enterprise hosting landscape that infrastructure, network, and data teams struggle to manage and secure.

What this means for security

Being able to secure data and services in each of these hosting locations has been available for some time, with different vendors offering specific solutions for cloud and / or on-premise solutions.

But do you want to manage a set of different security services for each of your hosting points separately? 

As enterprise complexity grows, security teams must ensure that the same policies and capabilities are applied across all data center and cloud positions to maintain a consistent business security posture. Managing this across disparate tools inevitably increases your attack surface.

Crucially, managing policy via traditional cloud-controlled security systems often breaks sovereignty regulations. Storing and transmitting global policy from a cloud location back into geographically restricted data centers or geo-position clouds is a regulatory non-starter. Furthermore, if you rely on the cloud for policy enforcement and decision-making, the associated egress costs will quickly spiral out of control.

It’s not about Hybrid, but Total Protection 

So, this leads us to the “hybrid solution.” An opportunity to bring full coverage from your traditional SSE capability across your entire landscape. 

My personal view is hybrid in itself is muddying the water, in that this is potentially looking for product vendors to try and expand their traditional cloud services to on-premise or vice versa. But as discussed this could either break the regulations or not be cost effective.

There is also another problem in that not all of these hosting positions are the same and what you need to protect them can be very different and actually need deep experience in how this can be done.

Really we need to think about bringing this together to provide total protection across the enterprise landscape. This shifts the focus from protection at a technical level to achieving business level outcomes, while proving the additional capability that each of the hosting endpoints needs to ensure these outcomes can be met.

How can you do this?

1. Deep, Endpoint-Specific Experience: Look for a vendor with history and experience delivering native solutions for each endpoint. Your data center solution must truly understand on-premise challenges, not just be a cloud port on an appliance. Likewise, cloud solutions must be truly cloud native, understanding the unique challenges of that environment.
2. Rich, Outcome-Based Security Policy: Policy must move beyond a simple set of check boxes. While simplicity is needed for basic setup, the solution must allow you to go deeper and tackle unique enterprise network challenges. Define top-level principles based on business outcomes, but have the flexibility to express detailed rules specific to the endpoint you are protecting.
3. Flexible Policy Management: The solution must provide flexible means to manage and synchronize policy to meet your requirements. This could be a cloud-managed policy distributed to other enforcement points, policy managed from a secure on-premise node that only sends relevant elements to the cloud, or even all on-premise enforcement points syncing via a mesh.
4. Endpoint-Agnostic Services: The security service must offer a rich set of capabilities (DLP, RBI, ZTNA, Inline Policy Firewall, etc.) that can be run directly in the required endpoint to meet regulatory needs.
5. Built-in Cost Awareness: The solution must be cost aware. You shouldn’t incur additional costs for data egress or be forced to pay for network capabilities you have already provisioned. The solution should be aware of your existing network and only incur appropriate costs.

Putting all of these together really means you need to be looking for a solution that truly understands the real-world issues that enterprises face rather than a clean theoretical future that will never come.

At Skyhigh Security we have decades of experience of delivering both on-premise and cloud native solutions using rich functional policy. We are constantly driving forward providing options for where services need to operate, while providing license models that recognise your already invested networks.

If you want to find out more, come and have a conversation with us, and find out how we are approaching this to solve the real world enterprise level problems today. 

Back to Blogs