Cloud Technology Insights

How “Cloud-First” Turned Into a Money Pit Watch the full discussion here: https://lnkd.in/ePcXADcm For years, “cloud-first” was treated as the only responsible strategy for modern enterprises. The pitch was compelling: eliminate capital expense, gain instant scalability, and accelerate innovation. In many cases it delivered. In far too many others, it quietly became one of the largest ongoing cost drivers organizations now face. The problem was never the cloud itself. Public cloud remains unmatched for variable, bursty, or experimental workloads. The issue emerged when companies adopted it as a default rather than a deliberate choice. Predictable, high-volume systems were forced into the same model as elastic ones, producing bills that grew steadily with usage instead of shrinking as promised. High-profile examples highlight the shift. Dropbox moved substantial storage workloads off public cloud and saved roughly USD 74 million over two years. 37signals conducted a similar analysis and repatriated systems after modeling showed better long-term economics on owned infrastructure. These moves were driven purely by numbers, not ideology. Repatriation is now happening more often, often without announcements. Workloads that are stable, latency-sensitive, or generate heavy data egress charges are being reevaluated. The organizations making the best decisions are the ones willing to analyze each workload individually rather than defaulting to a single platform. Cloud remains a powerful tool when applied selectively. It stops being powerful when it becomes an unexamined mandate. The organizations that will succeed are those that replace slogans with rigorous, ongoing economic analysis. What has been your experience with cloud cost management? Have you considered or executed any repatriation projects?

A new study from Amazon Web Services (AWS) challenges conventional wisdom about AI model scaling. Researchers fine-tuned a 350M parameter model that achieved a 77.55% success rate on complex tool-calling tasks, significantly outperforming larger models like ChatGPT (26%) and Claude (2.73%), which have 20-500 times more parameters. This finding highlights that a model with 350 million parameters can outperform a 175 billion parameter model by nearly three times. The implications for enterprise AI adoption are significant. For the past two years, the narrative has been that bigger is always better, requiring massive compute budgets and infrastructure investments for capable AI agents. This research contradicts that notion. The key difference lies in targeted fine-tuning on specific tasks rather than general-purpose training. The smaller model focused its capacity on learning tool-calling behaviors, achieving remarkable parameter efficiency where larger models often become less effective. Most organizations do not need AI that can perform every task; they require AI that excels in their specific workflows. The cost difference between operating a 350M model and a 175B model is transformational, making AI accessible to any organization with a clear use case rather than just tech giants. In my interaction with leaders, I observe that organizations are not struggling with AI capability but with AI economics and governance. The future isn't solely about larger models; it's about smarter deployment of appropriately sized models for specific enterprise contexts. The future of enterprise AI focuses on making sophisticated capabilities accessible, affordable, and deployable at scale. What specialized AI applications could transform your organization if cost and complexity weren't barriers? #AI #EnterpriseAI #MachineLearning #AIGovernance #Innovation

The cloud divorce is happening. And most organisations aren't ready for either side of it. Three weeks ago at Mobile World Congress, the European Commission launched EURO-3C. A €75 million project to build Europe's first federated edge-cloud infrastructure. 70+ organisations across 13 countries. Not because they love spending money. Because they've realised their data lives in someone else's country, under someone else's laws, and they can't guarantee where it goes once it leaves the device. Meanwhile, Azure UK South is struggling. If you've tried to deploy GPU-enabled VMs recently, you'll know. AllocationFailed. ZonalAllocationFailed. Quota requests that used to be auto-approved are now manually reviewed. Subreddits and community boards are filling up with engineers hitting the same walls. Microsoft's own Q&A forums show models being pulled from UK South entirely, with access restricted to what they're calling "strategically prioritized customers." West Europe is the same story. Microsoft's response? A new campus in North Yorkshire on the site of a decommissioned 1,960MW power station. Now being converted into compute.. They consumed so much power they need to become the power station. But, do we actually need all of this? Yes, AI workloads are genuinely demanding. That's real. But underneath the AI gold rush, everyday software has become obscenely resource-hungry. Teams & Chrome are unusable on an 8GB laptop if you want to do anything else. Windows ships with so much telemetry, spyware and background processing that a fresh install immediately starts phoning home to half the internet. Ten years ago, we ran entire businesses on a fraction of this compute. It worked & We didn't need a nuclear reactor to power the email server. We've normalised bloat. We've accepted that a video call needs 4GB of RAM. And now we're building power stations to run the cloud that runs the bloat. The repatriation numbers tell the story. 83% of enterprises plan to leave public cloud. 61% of Western European CIOs are shifting local. Sovereign cloud spending: $80 billion this year. But the generation of engineers who knew how to build efficient, lean infrastructure from scratch? We stopped training them a decade ago. You can't repatriate what you can't rebuild. And you can't rebuild efficiently if the software running on top demands ten times the resources it should. I've been watching this from both sides. I architect Azure environments during the day. At night, I run my own infrastructure. I'm migrating my email into a European data centre in Helsinki. My monitoring runs on a Raspberry Pi - hardware that costs less than a month of Teams licensing. The cloud isn't going anywhere. But the assumption that everything belongs there, that infinite scale is infinite, that someone else's data centre is always the right answer? That assumption is running out of power. Literally. www.readthemanual.co.uk #digitalsovereignty #selfhosting #homelab #azure

Alongside building resilient, highly available systems and strengthening security posture, I’ve been exploring a new focus area, optimising cloud costs. Over the last few months, this has led to some clear lessons for me that are worth sharing. 1. Compute planning is the foundation. Standardising on machine families and analysing workload patterns allows you to commit to savings plans or reserved instances. This is often the highest ROI move, delivering big savings without actually making a lot of technical changes. 2. Account structures impact cost. Multiple AWS accounts improve governance and security but make it harder to benefit from bulk discounts. Using consolidated billing and commitment sharing across accounts brings the efficiency back. 3. Kubernetes compute checks are important. Nodes in K8s are often over-provisioned or underutilised. Automated rebalancing tools help, as does smart use of spot instances selected for reliability. On top of this, workload resizing during off hours, reducing CPU and memory when demand is low, delivers direct and recurring savings. 4. Watch for operational leaks. Debug logs on CDNs and load balancers, once useful, often stay enabled long after issues are fixed. They quietly pile up costs until someone takes notice. 5. Right-sizing is a continuous process. Urgent projects often lead to overprovisioned instances for anticipated load that never fully arrives. Monitoring and regular reviews are the only way to keep infrastructure aligned with reality. The real win in cloud cost optimisation comes from treating it as a continuous practice, not a one-off project. Small inefficiencies compound fast, so important to be on the lookout! #CloudCostOptimization #AWS #Kubernetes #DevOps #CloudInfrastructure #RightSizing #WorkloadManagement #SavingsPlans #SpotInstances #CloudEfficiency #TechInsights #CloudOps #CostManagement #CloudBestPractices

On-Premise Is Making a Comeback. After years of “cloud-first” many companies are rethinking their strategies. Rising cloud costs, compliance pressures, and the need for predictable expenses are driving a return to on-premise and hybrid models. In the SAP ecosystem, the trend is clear: - A 2024 survey by Valantic found that even with the “cloud hype” ~60 % of SAP customers still prefer on-premises for their core ERP systems. - In that same survey, just 31 % opted for S/4HANA Private Cloud, and only ~9.5 % trusted the public cloud variant. - 79 % of migrated S/4HANA systems run on-prem or hosted environments (SAP Community). - Most CIOs are selectively repatriating workloads rather than going all-in on public cloud. Why This Is Happening - Escalating cloud costs: For large ERP systems with heavy compute, cloud’s variable pricing often leads to unexpected high costs. - Predictability & control: On-prem setups let you lock down capital & operating costs more tightly. - Regulation & data sovereignty: In highly regulated industries (finance, health, government), keeping data in your boundary is safer from compliance risk. - Deep customization & integration: SAP customers often have custom modules, legacy integrations, and deeply embedded processes. On-prem gives you full control in a way that cloud SaaS can constrain. Observations & Hypothesis - Small businesses → “cloud first” still applies: Less capital, faster time to value, fewer compliance constraints. - Medium to large enterprises → hybrid / on-prem resurgence for core workloads: The cost, control, compliance, and performance demands push critical ERP (like SAP) back in house. - It’s not a total retreat from cloud, but a recalibration. The future is hybrid, a balanced portfolio where you host your most important systems on-prem and use cloud for front office, burst workloads, and innovation stacks. The future isn’t 100 % cloud: it’s smart hybrid. #SAP #S4HANA #CloudRepatriation #OnPremise #HybridIT #DigitalTransformation #CIO #ITStrategy

The detailed incident report from AWS is now public, and it’s well worth a read (link in comments). Here’s a distilled summary of what went wrong, and what tech leaders should take away. What happened: 1️⃣ A race condition in the DNS management system serving DynamoDB in US-EAST-1 led to endpoint resolution failures. 2️⃣ That dominant database service failure cascaded: new EC2 launches failed due to lease-management issues (on which EC2 depends) and network components suffered health-check failures that rippled across load balancers. 3️⃣ The impact was global. Apps and critical services relying on AWS saw outages, degraded performance, or intermittent failures. Why this matters: 1️⃣ Concentration risk: Even for a hyperscale provider like AWS, a failure in one region and one service (DynamoDB DNS) can cascade globally, turning a “cloud issue” into a business continuity event. 2️⃣ Complex interdependencies: The issue wasn’t just database DNS; it propagated into compute, networking, automation, and customer-facing systems. We often design for failure at one layer but underestimate coupling across layers. 3️⃣ Recovery complexity = resilience risk: Recovery isn’t just restarting services; it’s clearing backlogs, restoring state, and ensuring downstream systems don’t remain impaired. My perspective/takeaways: 1️⃣ Design for worst-case provider failure. Not just “an AZ down,” but “core service in region down” and the ripple effects. 2️⃣ Visibility and dependency mapping matter, so know what services your stack depends on, and how managed service failures might cascade. 3️⃣ Recovery orchestration is as vital as fault tolerance, so plan for backlog recovery, state cleanup, and cross-team communication. 4️⃣ Cloud-vendor resilience is not infinite, and shared failure domains persist even in hyperscale clouds. Plan for multi-region or cross-provider fallback and clear internal recovery roles. 5️⃣ Executive mindset and risk alignment. For C-suites, this is a reminder: infrastructure risk is business risk. Discuss cloud-failure modes at the board table, not just application risk. What this isn't about: This isn’t about blaming AWS. The lesson is that even the largest provider can experience a systemic failure, and we can all learn from these experiences. And... it's always DNS 😉

The AWS downtime this week shook more systems than expected - here’s what you can learn from this real-world case study. 1. Redundancy isn’t optional Even the most reliable platforms can face downtime. Distributing workloads across multiple AZs isn’t enough.. design for multi-region failover. 2. Visibility can’t be one-sided When any cloud provider goes dark, so do its dashboards. Use independent monitoring and alerting to stay informed when your provider can’t. 3. Recovery plans must be tested A document isn’t a disaster recovery strategy. Inject a little chaos ~ run failover drills and chaos tests before the real outage does it for you. 4. Dependencies amplify impact One failing service can ripple across everything. You must map critical dependencies and eliminate single points of failure early. These moments are a powerful reminder that reliability and disaster recovery aren’t checkboxes .. They’re habits built into every design decision.

I recently completed a client's AWS infrastructure audit. The issues that uncovered are surprisingly common. Here's what I found: 𝟭. 𝗨𝗻𝗲𝗻𝗰𝗿𝘆𝗽𝘁𝗲𝗱 𝗘𝗕𝗦 𝗩𝗼𝗹𝘂𝗺𝗲𝘀   Data at rest was not encrypted, posing a significant security risk. 𝟮. 𝗖𝗹𝗼𝘂𝗱𝗧𝗿𝗮𝗶𝗹 𝗗𝗶𝘀𝗮𝗯𝗹𝗲𝗱   The account lacked crucial audit logs, limiting visibility into account activities. 𝟯. 𝗣𝘂𝗯𝗹𝗶𝗰 𝗦𝟯 𝗕𝘂𝗰𝗸𝗲𝘁𝘀   Several S3 buckets were publicly accessible, potentially exposing sensitive data. 𝟰. 𝗦𝗦𝗛 (𝗣𝗼𝗿𝘁 𝟮𝟮) 𝗢𝗽𝗲𝗻 𝘁𝗼 𝘁𝗵𝗲 𝗪𝗼𝗿𝗹𝗱   Unrestricted SSH access increased the attack surface unnecessarily. 𝟱. 𝗩𝗣𝗖 𝗙𝗹𝗼𝘄 𝗟𝗼𝗴𝘀 𝗗𝗶𝘀𝗮𝗯𝗹𝗲𝗱   Network traffic insights were missing, hampering security analysis capabilities. 𝟲. 𝗗𝗲𝗳𝗮𝘂𝗹𝘁 𝗩𝗣𝗖 𝗦𝘁𝗶𝗹𝗹 𝗶𝗻 𝗨𝘀𝗲   The default VPC was being used, often lacking proper segmentation and security controls. These findings aren't unusual. Many organizations, from startups to enterprises, overlook these aspects of AWS security and best practices. That's why doing regular AWS account audits are crucial. They help identify potential vulnerabilities before they become problems. 𝗞𝗲𝘆 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆𝘀 𝗮𝗻𝗱 𝘀𝗼𝗹𝘂𝘁𝗶𝗼𝗻𝘀: 1. Encrypt data at rest: Enable default EBS encryption at the account level. 2. Implement comprehensive logging: Enable CloudTrail across all regions and set up alerts. 3. Restrict public access: Use S3 Block Public Access at the account level and audit existing buckets. 4. Use modern, secure access methods: Implement AWS Systems Manager Session Manager instead of open SSH. 5. Enable network monitoring: Turn on VPC Flow Logs and set up automated analysis. 6. Design your network architecture intentionally: Create custom VPCs with proper security controls. By addressing these common issues, you significantly enhance your AWS security posture. It's not about perfection, but continuous improvement. When's the last time you audited your AWS environment?

Amazon Web Services (AWS) just shared their real-world lessons from building 1000s of agents at Amazon. Most teams still evaluate like it’s a single LLM call. But agents aren’t just outputs anymore. They’re systems. - multi-step reasoning - tool selection + execution - memory retrieval - multi-agent coordination If you only evaluate the final response, you miss why things break. AWS just shared how they evaluate agents internally, and it’s a much more practical approach. They break evaluation into 3 layers: 1. Bottom layer: model performance (latency, accuracy, cost) 2. Middle layer: components (intent detection, planning, tool use, memory) 3. Top layer: final outcome (task success, UX, safety) Instead of asking “did it answer correctly?”, you can localize failure: - planning score: was the task decomposition valid? - tool selection accuracy: was the right capability invoked? - tool call error rate: did execution fail or inputs break? - grounding / faithfulness: did reasoning stay consistent with context? - multi-turn coherence: did state drift over time? Another key shift: evaluating trajectories, not just outputs. Agent traces (reasoning steps, tool calls, intermediate states) become first-class evaluation artifacts. - replay traces against new versions -- regression testing - generate synthetic eval datasets from production logs - benchmark tool-use sequences, not just answers This is especially critical in multi-agent setups, where failure modes include: - poor task decomposition by the orchestrator - incorrect agent assignment - communication breakdown between agents - inconsistent aggregation of results Finally, one thing that consistently shows up in production: You need human-in-the-loop, not as a fallback, but as part of the eval loop. - calibrate LLM-as-a-judge - audit edge-case trajectories - validate reasoning quality, not just correctness ♻️ Share it with anyone who is building AI agents in production :) I share tutorials on how to build + improve AI apps and agents, on my newsletter 𝑨𝑰 𝑨𝒈𝒆𝒏𝒕 𝑬𝒏𝒈𝒊𝒏𝒆𝒆𝒓𝒊𝒏𝒈: https://lnkd.in/gaJTcZBR Link to article: https://lnkd.in/eFT45Gsq #AI #AIAgents #LLMs