This discussion challenges the long-standing "Cloud First" orthodoxy and reframes infrastructure strategy around a more durable principle: Right workload. Right place. Right time.
As organisations approach the next refresh cycle for aging infrastructure, the focus shifts from default cloud adoption to intentional, workload-level placement decisions that balance cost, risk, performance, and business outcomes. A deliberate infrastructure strategy is only as robust as the data strategy supporting it.
In the New Zealand context, where data sovereignty and the Privacy Act 2020 define the regulatory landscape, the "right place" for a workload should be decided by the nature of the data it processes. To move from a "Cloud First" bias to an intentional placement model, organisations must adopt a structured approach to data and security.
The Core Argument
Cloud First is not a strategy, it is a placement bias. While cloud adoption delivered faster provisioning, elastic scaling, and access to modern platform services, it has also introduced new challenges including cost predictability, operational complexity, data gravity, and regulatory constraints. A sustainable infrastructure strategy recognises that no single environment is optimal for every workload.
Over the past decade, many organisations adopted Cloud First to accelerate transformation and reduce technical debt. Today, many face a second wave of decisions as on-premises infrastructure reaches end of life and cloud spend comes under increased scrutiny. The critical question is no longer ‘Cloud or not?’ but rather: Where should each workload run to deliver the best outcome at the lowest total cost and risk, both today and over its lifecycle? Answering this well requires hybrid and multi-cloud executed with consistent governance, unified operations, and strong financial controls.
Data Classification and Sovereign Requirements
Not all data carries the same risk profile. Before deciding on a landing zone, workloads must be categorised based on their sensitivity and the specific compliance requirements of the New Zealand government and industry bodies.
Public/Unclassified: Suitable for public cloud environments to leverage global scale.
Sensitive/Personal: Requires assessment against New Zealand data residency expectations to ensure legal protections remain within local jurisdiction.
Critical/High-Value: Often better suited to managed private cloud or on-premises environments where physical access and network isolation provide a higher degree of cost and risk certainty.
Managing Data Gravity and Egress Costs
Data gravity describes the phenomenon where data and applications gravitate toward each other. As datasets grow in the public cloud, the cost and complexity of moving that data (egress) or integrating it with on-premises systems increase.
To maintain an economically sustainable strategy, SVB recommends:
Proximity Placement: Locating high-performance compute workloads physically near the primary data store to reduce latency.
Egress Auditing: Regularly reviewing data movement patterns to identify "trapped" data that may be more cost-effectively managed in a private cloud environment.
Unified Security and Governance
An intentional strategy avoids creating "security silos." Whether a workload sits in a public hyperscale data centre or a local New Zealand facility, the security posture must be consistent. This involves:
Identity as the Perimeter: Implementing robust identity and access management (IAM) that follows the user across all environments.
Encryption at Rest and in Transit: Ensuring data is protected regardless of its physical location.
Centralised Visibility: Using unified operations tools to monitor threat vectors across hybrid and multi-cloud estates.
There remains a valid place for on-premises and managed private cloud platforms for workloads that are sensitive to latency, data sovereignty, or predictable cost. Public cloud remains essential for workloads requiring elasticity, global reach, or advanced platform services such as PaaS and AI. The winning operating model is deliberate placement guided by the principle of right workload, right place, right time.
