Text: Michel Heinst, CEO and owner Tech Outlet Ltd
The promise was enticing in its simplicity: no more own servers, no worries about updates or security patches, and infinite scalability available at the push of a button. Those who invested in their own 'hardware' in 2015 were looked at with pity.
However, by 2025, the atmosphere has radically changed. The honeymoon period with the hyperscalers - Amazon Web Services (AWS), Microsoft Azure, and Google Cloud - is definitively over. What began as a flirtation with flexibility and modernization has turned into a stifling marriage for many Dutch organizations, characterized by vendor lock-in, unpredictable cost explosions, and a fundamental lack of control over their own data.
IDC predicts that by 2026, as many as 65% of enterprises will switch to a hybrid model, where data processing and AI tasks are moved back to edge or on-premise environments. McKinsey notes a clear trend shift: CIOs in Europe are shifting their focus from pure cloud adoption to digital sovereignty and cost control.
This report analyzes not only the numbers but also the human and organizational stories behind this movement. Why does a successful SaaS entrepreneur choose to leave the cloud for dedicated servers? Why does the Dutch government shudder at the thought of American data seizures? And is it technically and financially feasible to regain control?
This article is part of a series. The first part, The Legal Reality, went online last Tuesday.
The Great Cloud Exodus, Part II: The Vulnerability of Centralization – Security and Continuity
All roads lead to Rome. This also applies to the digital highway: most systems are managed by a handful of companies. In recent years, we have often seen what a hack or mistake at such a company can do. In this part, we look at examples from recent years and what we can learn from them.
CrowdStrike: The Blue Screens of Doom
On July 19, 2024, the world woke up to a digital infarction of unprecedented scale. A faulty update from security company CrowdStrike, which was automatically rolled out to millions of Windows systems, caused global chaos. Approximately 8.5 million systems crashed and displayed the infamous 'Blue Screen of Death'.
The impact was physically felt and disruptive:
- Aviation: Schiphol and other major airports came to a standstill. Flights were canceled, baggage systems failed
- Healthcare: Hospitals had to postpone surgeries because electronic patient records were inaccessible
- Business: Banks, supermarkets, and media companies went dark
This incident exposed the fragility of the modern, intertwined cloud architecture. The complexity of managed services, where updates are automatically pushed without the intervention of local administrators, means that a mistake at one supplier can have catastrophic consequences.
In a traditional on-premise environment, an administrator often tests updates first in a controlled test environment before they are rolled out company-wide. In the cloud-driven 'always-up-to-date' culture, that control is often relinquished to the vendor.
The Hack at the National Police
In September 2024, an incident occurred that painfully underscored the vulnerability of cloud environments: the hack at the Dutch police. Data from all 63,000 police employees was stolen, including names, email addresses, and personal phone numbers.
The attack was attributed by the AIVD and MIVD to a 'state actor' (with fingers pointing to Russia) and utilized a 'pass-the-cookie' attack.
How did this work? In a cloud environment like Microsoft 365, after logging in (even with Multi-Factor Authentication), a session cookie is placed on the device. Hackers managed to steal these cookies, likely via infostealer malware. With these stolen cookies, they could completely bypass the MFA security and impersonate legitimate users.
Although this was technically an identity attack, it shows that the cloud drastically enlarges the attack surface:
Accessibility: The login portals of cloud services are connected to the public internet, accessible 24/7 to anyone, anywhere in the world
Contrast with On-Premise: In a fully isolated on-premise environment, such an attack is many times more complex to execute
Concentration Risk: The Warning from DNB
The Dutch Central Bank (DNB) explicitly warns about the concentration risk in the financial sector. As nearly the entire financial sector migrates to the same three providers, a single point of failure is created for the entire Dutch economy.
If one of these parties collapses due to a technical error, a targeted cyberattack, or geopolitical sanctions, payment traffic comes to a halt. This risk is systemically relevant and cannot be solved with 'multi-cloud' strategies, as the underlying dependence on American technology remains.
This is the second part of the series 'The Great Cloud Exodus', in collaboration with Michel Heinst from Tech Outlet. The remaining parts will be published on the website in the coming weeks.
About TechOutlet.eu
TechOutlet.eu has been a specialist in enterprise IT hardware for the Benelux since 2014. They supply EOL (End-of-Life) and new servers, workstations, and laptops from brands like HP, Dell, and Lenovo to SMEs, government, and healthcare.
The focus is on:
- Digital Sovereignty: Hardware that you fully own and manage
- Flexibility: Choice between EOL (cost-efficient) and new hardware (compliance)
- Sustainability: Optimal utilization of hardware lifespan
- Cost Efficiency: Enterprise quality for SME budgets
- Fast Delivery: 24-hour delivery from Dutch stock
Contact: For advice on your cloud exit strategy and the necessary hardware, please contact via www.techoutlet.eu
