Today, we are seeing a shift in business with economies cooling and IT spend going down; however, one area of business that continues to grow is cloud computing. More and more companies are moving workloads into the cloud, but are they doing it wrong? How do you choose between deployment models? How can you minimize vendor lock-in?

Sanjeev Mohan, Principal Analyst at SanjMo, joins us in the first episode of Sovereign DBaaS Decoded. Sanjeev and our CEO and host, Vinay Joosery, discuss the evolution of the cloud deployment model, whether partnering with a lock-in vendor is a limitation or an opportunity, how companies should approach the multi-cloud operation model, and more.

Key Insights

The Split in Cloud Maturity

After 15 years of cloud evolution, the market has divided into two distinct directions. One group prioritizes managed services (SaaS/Serverless) to eliminate undifferentiated overhead, while mature enterprises demand more control and choice over deployment due to cost and workload size.

Vendor Lock-in as a Strategic Trade-off

Lock-in is often a calculated trade-off between risk and cost rather than an inescapable trap. While organizations can technically migrate, many accept lock-in to gain long-term stability and to incentivize necessary R&D from the provider.

Data Sovereignty as a Universal Requirement

Frameworks like GDPR and CPRA have made compliance a requirement for all companies, not just regulated industries. This is driving the adoption of hybrid models where data remains on-premises while the compute infrastructure is managed from the cloud.

Episode Highlights

05:36 Evolution of Cloud Models

A look at the journey from “lift and shift” IaaS to the current maturity of PaaS and managed services.

07:41 The Hyperscaler Oligopoly

Why AWS, Azure, and Google dominate the market and the massive capital expenditure required to build high-availability data centers.

16:16 Repatriation vs. Continued Growth

Examining why workloads are resoundingly moving to the cloud despite market studies on the repatriation of workloads to on-premises.

24:24 The Multi-Cloud Knowledge Gap

Why true multi-cloud is difficult because it requires deep expertise in the distinct behaviors and nomenclatures of multiple providers.

31:38 Proprietary Technology and DR

The extreme complexity of managing disaster recovery when using proprietary technologies like DynamoDB or Spanner in a multi-cloud environment.

41:44 Security’s Shared Responsibility

Why data center infrastructure is often more secure than on-premises, yet application-level vulnerabilities remain a primary risk.

Here’s the full transcript:

Vinay Joosery: Welcome to the first episode of Sovereign DBaaS Decoded. I’m Vinay Joosery, CEO of Severalnines. We provide enterprise automation software that orchestrates high-availability, open-source database operations in any environment while maintaining total control. Our guest today is Sanjeev Mohan, principal analyst at SanjMo and former Vice President at Gartner Research.

Sanjeev Mohan: Thank you, Vinay, for having me. I’ve been in the data management space my entire life, starting my career in the 90s at Oracle. I eventually joined Gartner, where I was responsible for the data management agenda. A year ago, I started my own company, SanjMo. We are living in a golden era where data is foundational to everything we do.

Vinay Joosery: Everything is data-driven today. Companies are collecting, processing, and analyzing vast amounts of data to make better decisions. I’ve been in the database business for 22 years, helping companies with data infrastructure. I joined MySQL in 2003, during the early days of open source. Back then, enterprises were skeptical of open-source databases, but that has changed. How has the cloud deployment model evolved since its inception, especially regarding databases?

Sanjeev Mohan: Even as the economy cools and IT spend decreases, cloud computing continues to grow at a healthy pace. Gartner estimates that of the $919 billion tech infrastructure spend, 25% is in the cloud. We’ve moved from “lift and shift” (IaaS) to Platform as a Service (PaaS). Now, I see two distinct trends: 1. Users wanting more managed services (SaaS and serverless) to avoid “undifferentiated tasks”. 2. Mature companies wanting more control and choice over where and how their applications are deployed due to workload size or cost.

Vinay Joosery: Smaller companies might go all-in on managed services, whereas larger enterprises have compliance and regulatory requirements that make those services too restrictive. Currently, AWS, Azure, and Google command about two-thirds of the global cloud spend. How did we get here?

Sanjeev Mohan: Cloud computing is a high-capital expenditure space. Building data centers with high availability, disaster recovery, and deep security layers is a massive endeavor, making it hard for more than a handful of players to compete.

Vinay Joosery: Having so much power concentrated in three providers feels unhealthy and contrary to the decentralized intent of the internet. Is vendor lock-in a danger here? Are these hyperscalers the “new Oracle”?

Sanjeev Mohan: I see vendor lock-in as a trade-off between risk and cost. You can always migrate, but the question is how much risk and cost you want to incur. Some lock-in is necessary; without commitment from users, providers have little incentive to invest in R&D. However, there is a lack of interoperability. Even moving an open-source database like PostgreSQL between clouds requires a migration process because of different extensions and configurations.

Vinay Joosery: Moving is possible, but the cost is high because a company cannot stop feature development for two years to migrate infrastructure. This is a major risk, especially with Schrems II and GDPR regulations. Are enterprises moving more workloads to the cloud, and are they doing it correctly?

Sanjeev Mohan: Workloads are resoundingly moving to the cloud. It allows for picking locations based on cost, latency, or security needs. For instance, you might train a machine learning model using thousands of GPUs in the cloud but deploy the model on-premises for inference to keep private data secure.

Vinay Joosery: If we want to avoid lock-in, the typical advice is to settle for the lowest common denominator, like IaaS. But doesn’t using only IaaS defeat the purpose of the cloud?

Sanjeev Mohan: If I use IaaS, I have to manage identity access, network ACLs, and VPCs. If I am a data scientist, spending time on infrastructure is not a good use of my skills. Managed services increase productivity.

Vinay Joosery: Even with managed services, you still need qualified DevOps teams to configure and monitor them. Since services behave differently across providers, it is very hard to stay vendor-neutral.

Sanjeev Mohan: You can’t be entirely neutral, but you can minimize dependence. For example, using Apache Kafka instead of a provider’s native streaming tool gives you more freedom to move between clouds. Most companies are multi-cloud, but often their workloads are isolated from each other. Things get interesting—and difficult—when a single workload crosses multiple clouds, leading to egress costs and latency.

Vinay Joosery: Regulators in Europe now require banks to have a “cloud exit strategy”. But if you use proprietary technologies like DynamoDB or Spanner, how do you handle disaster recovery (DR) in a different cloud?

Sanjeev Mohan: There is no easy answer. You won’t get the same service level agreements or performance if you fail over to a completely different database type. Furthermore, if a catastrophic event hits a major provider, there may not be enough spare capacity on a rival cloud for everyone to migrate at once.

Vinay Joosery: Hardware and storage costs have dropped significantly over the last decade, but those savings haven’t translated into lower cloud bills. For enterprises with massive, stable storage needs, paying those premium margins to a hyperscaler might not make sense.

Sanjeev Mohan: Hybrid cloud is growing in importance. Models like AWS Outposts, Azure Arc, or Google Anthos allow data to stay on-premises while the compute infrastructure and latest code versions come from the cloud. This helps companies meet cost needs and comply with regulations.

Vinay Joosery: What about security? Hyperscalers have armies of experts and invest billions in security, but it is a shared responsibility model.

Sanjeev Mohan: Cloud data centers are often more secure than on-premises ones. Security falls apart at the application and data layer—things like hard-coding tokens or weak passwords. Data security needs to become a first-class citizen rather than a siloed concern.

Vinay Joosery: In the EU, GDPR and Schrems II mean that compliance is now relevant to all companies, not just regulated industries.

Sanjeev Mohan: Compliance is global now. California’s CPRA is very close to GDPR and “means business”. Most hyperscalers now have robust data centers within Europe to help maintain data residency laws.

Vinay Joosery: To summarize, cloud is the way to go unless you have extenuating circumstances, but you must tread carefully. Pick the deployment model that meets your specific security, cost, and compliance needs while minimizing proprietary dependence where possible. Sanjeev, thank you for joining us.

Sanjeev Mohan: It was a pleasure.