Good to see this attitude becoming increasingly prevalent. I'm used to being a Cassandra in IT world, and while I'd have greatly preferred being wrong in my 2019 research concerns about data sovereignty, cloud-repatriation, vendor lock-in, and a shifting geopolitical landscape, welp, here we are anyway. I cut my teeth in data center operations and defense contracting, and knew immediately the real cost of public cloud would be the forfeiture of sovereignty to whichever country (and companies) controlled the major providers - surprise surprise, I was right. The solution was never to outsource core government infrastructure to a third party, but to build it in house and recruit the talent needed to keep it running, something easily done on most developed governments' budgets; by outsourcing to public cloud service providers, they traded national sovereignty for empty promises.
Bookmark this comment, because my read is that in five years' time the question won't be whether or not public cloud providers can be trusted, but how to engineer infrastructure on cloud providers you cannot trust. How do you encrypt storage on a cloud platform when you can't trust the vendor's tooling to secure your keys? How do you orchestrate K8s clusters in a provider who knowingly gives a hostile foreign government access to your etcd or network layer? How do you handle data boundaries within your own org when multiple countries with competing standards demand residency of data and infrastructure? I worry it'll be the "Chinese Firewall" problem but on a global scale, as different regions carve out their own digital kingdoms and demand fealty or expulsion.
Bookmark this comment, because my read is that in five years' time the question won't be whether or not public cloud providers can be trusted, but how to engineer infrastructure on cloud providers you cannot trust. How do you encrypt storage on a cloud platform when you can't trust the vendor's tooling to secure your keys? How do you orchestrate K8s clusters in a provider who knowingly gives a hostile foreign government access to your etcd or network layer? How do you handle data boundaries within your own org when multiple countries with competing standards demand residency of data and infrastructure? I worry it'll be the "Chinese Firewall" problem but on a global scale, as different regions carve out their own digital kingdoms and demand fealty or expulsion.