With years of cloud experience, IT leaders thought they finally had firm control of their cloud strategies. And then came AI.

Of course, cloud issues today extend beyond artificial intelligence. Where to place cloud workloads for maximum efficiency is one. Questions about governance, sovereignty, the growing sophistication of cyberthreats, and escalating cost concerns are also conspiring to make the cloud ever more complicated.

“It’s just grown into a complex mess,” observes cloud expert David Linthicum, emphasizing that cloud strategy today needs to address private cloud, multicloud, hybrid cloud, and sovereign clouds — much more than most CIOs have dealt with to date.

Initially, cloud discussions centered around agility, scalability, and cost optimization, says Joshua Bellendir, CIO of retailer WHSmith North America. “Today, we are balancing a much broader and more complicated set of considerations, including AI readiness, cybersecurity, data governance, sovereign data requirements, edge computing, integration architecture, and operational resilience.”

One of the biggest shifts is that “cloud is no longer simply an infrastructure conversation,” Bellendir says. “It has become deeply tied to enterprise architecture, business transformation strategy, and data strategy.”

Amit Basu, vice president, CIO, and CISO of International Seaways, also notes cloud’s growing complexity. While reduced capital expenditure and greater flexibility still apply in some areas, dealing with the environment has become significantly more challenging, he says.

Sweetwater CIO Jason Johnson describes the current state as “genuinely one of the more complex times to be managing cloud.” Providers keep expanding their catalogs with more SKUs, more services, and more options, he says. “While that’s great for capability, it creates real overhead in just keeping up. You need people who understand not just what’s available, but what’s actually the right fit for your use case.”

Many organizations are now entering a second phase of cloud maturity. “The earlier phase was focused heavily on migration and modernization,” Johnson says. “The current phase is more focused on optimization, governance, AI enablement, and operational sustainability. That shift is changing the conversation significantly for the CIOs I’m speaking with.”

But few CIOs have the luxury of simply pondering what to do. All must meet the challenges of complexifying cloud strategies head on.

How AI changes the cloud calculus

The desire to deploy AI quickly is creating tremendous pressure on IT leaders, with cloud a central concern, Linthicum says.

“The board of directors are screaming for it worse than the cloud push 15 years ago,” he says. “CIOs are feeling the pinch and having to make that move as quickly as they can” to gain more compute for AI initiatives in an already tricky environment, he adds.

At the same time, CIOs must solve the data complexity problem before integrating AI systems, Linthicum notes. “They’re running around in circles right now trying to figure out the best way to do that.”

Hyperscalers used to be “the easy button,” Linthicum says, “but they’ll be three, four times the cost.”

AI systems cost 10 times as much as traditional equivalent applications, he estimates. “So [CIOs are] putting a lot of money on the line.”

International Seaways’ Basu says AI has changed the architecture conversation. “GPU availability, vector databases, low-latency inference, and large-scale data pipelines introduce requirements that do not fit neatly into traditional cloud design models,” he notes. “Organizations are no longer simply lifting and shifting workloads. They are designing for very different compute and data requirements.”

Zachary Lewis, CIO and CISO of University of Health Sciences and Pharmacy, says the needs of internal stakeholders only compound that complexity. Business units want disparate AI capabilities, security teams want governance and some control over AI apps, the general counsel wants to know what kind of data is being put in the AI model, and the finance team wants cost predictability.

“CIOs have to reconcile all of this and try to deliver on everyone’s needs, and you have to do that successfully,” Lewis says. “Everyone has a different end goal and demand and we’re trying to square all of that for them.”

Ever since the online retailer of musical instruments and pro audio equipment formalized its cloud strategy around 2016, Sweetwater’s Johnson has sought to place workloads wherever it made the most sense for external and internal customers.

“Anything customer-facing needs to be geo-specific; as close to the end user as possible,” he says. “Same logic applies — internal workloads belong close to whoever is using them.”

The cloud offers infinite opportunities, and with that comes infinite levels of complexity, he says. “It’s just the reality of the model.”

“AI wouldn’t be possible without the cloud. The compute scale AI needed had already been built — the cloud had it and could deliver it,” he adds. “In a lot of ways, AI might be the cloud’s greatest gift to the industry. They enabled each other.”

Cloud cost control complexifies

Johnson’s biggest headache is managing costs consistently. “It used to be relatively straightforward: compute, storage, egress. Now it’s a puzzle,” he says. “Reserved instances, savings plans, spot pricing, per-request costs, data transfer fees between regions — it stacks up fast — and it’s genuinely hard to predict what your bill is going to look like until it arrives.”

Consequently, FinOps has become a discipline in its own right, he says.

Basu also believes FinOps has become essential. “AI inference costs, egress charges, and storage growth can create month-over-month cost swings that surprise even experienced teams,” he says. “Cost management is now a continuous operational discipline rather than an occasional review exercise.”

Vendor lock-in is also always in the back of Johnson’s mind. “The more deeply you integrate with a provider’s native services, the harder it is to move.” While that’s not always bad, he adds, it’s a tradeoff. “I think about it like technical debt. You’re borrowing speed now and paying interest later if you ever want to change direction.”

But Johnson recognizes that cloud providers are businesses that “squeeze for revenue and margin, and they change the rules on how you buy committed discounts and manage spend.”

Financial efficiency doesn’t happen by accident, he points out. It requires teams, processes, and real investment in FinOps. “The tools exist. Using them well is the harder part,” he says.

Most organizations have their financial expertise sitting in accounting and their technical expertise sitting in IT, Johnson explains. Getting those two to work together on cloud cost is a relatively new challenge.

“Ten years ago, the model was simple: You asked for a CapEx budget, accounting approved it, you placed hardware orders, and IT installed and optimized. Done. Now it’s a daily exercise,” Johnson says. “New services get turned on, contracts change, pricing structures shift. Finance understands the cash but not the tech. IT understands the tech but not the financial levers.”

Every major cloud provider has the tools, Johnson explains. “AWS Cost Explorer, Azure Cost Management, GCP’s billing dashboards. The data is all there.” But most organizations aren’t acting on that data, he says, “and then the bill shows up and people are surprised. The tools told you it was coming. You just weren’t listening.”

Data regulations add sovereign subtleties

The University of Health Sciences and Pharmacy has students from all over the world. Cloud has become significantly more difficult to manage due to the rise in regulatory laws around the globe surrounding data, Lewis says.

“We have to understand if the metadata is in a specific cloud region, where it is stored, and kept,” he says. “If that data ends up in a model we trained internally, can we guarantee it stays in the EU? Then, if someone wants their data purged, can we find all those locations with some level of competence?”

Basu says data sovereignty has become another major architectural consideration. “It affects where workloads can run, how data moves between regions, and what can be done with certain datasets,” he says. “You cannot assume a hyperscaler’s default configuration satisfies your regulatory obligations.”

Private vs. public vs. on-prem

AI has sparked a rethink on where to place cloud workloads, but Sweetwater’s Johnson believes the question of whether to pull more workloads into private clouds versus public clouds shifts more often than people expect. “I think the vast majority of our workloads are in the right place right now, but we got there by being willing to question the default,” he says.

Sweetwater does not operate under a rule that says new workloads always go to the cloud, he notes. A workload might start in the cloud and end up on-prem if the math changes. “The discipline is in reviewing that in real-time, finding the inflection points, and right-sizing as you go. Right tool, right time. That’s the only principle that holds up over time.”

International Seaways’ Basu is not planning a move toward private cloud, as the economics and operational overhead do not justify it for his organization.

“The right question is what is the correct data residency, latency, and control model for each workload,” he says. “That is a data classification discipline, not a cloud deployment strategy.”

Lewis, who has about 95% of the University of Health Sciences and Pharmacy’s infrastructure running in the cloud, doesn’t see a good alternative given how the stakes have changed for AI and hardware.

“If you want to train large scale data lakes and make informed business decisions with machine learning and the intelligence behind it, it’s almost not practical anymore” to be on-prem, Lewis says.

CIOs need to ask themselves whether they have the expertise to handle that infrastructure, he adds. Ultimately, “you have to make the best of what you’ve got,” he says.

Stay focused on fundamentals

Organizations may want to chase the shiny object, which is agentic AI right now, but IT leaders should focus on their infrastructure, management, and platform planning, Linthicum stresses.

“It’s not as fun,” he says, “but to do any AI within your environment, you have to solve those issues.”

The cloud enables a lot of architectural patterns, and that freedom will work against you if you don’t have guardrails, cautions Sweetwater’s Johnson. “Write the guidance document before you need it — not after you’ve already got five teams doing things five different ways.”

IT leaders also need to get ahead of tagging and cost visibility early, saying that it needs to be a first step, not a cleanup project. “If you can’t see your spend clearly from day one, you’re already behind,” he says.

A key step is to build an auditing program with solid controls around who can create production changes, Johnson says. “The blast radius of a bad change in the cloud is bigger and faster than most people expect, until they experience it.”

The skills question

The skills needed to operate a modern cloud environment are evolving faster than most internal teams can realistically keep up with, Basu says. As a result, International Seaways relies on specialized MSPs rather than trying to maintain deep in-house expertise across every domain.

“That gives us access to current capabilities without constantly retraining or rebuilding teams as the technology changes,” he explains. “The decisions that protected us in 2020 were made years before anyone realized how important they would become. Infrastructure strategy is always about preparing for a future that is not yet fully visible.”

The key is to make those decisions deliberately, with clear reasoning, rather than reacting under pressure later, he adds.

Build adaptable organizations

Edge computing is adding another layer of complexity, Johnson says. Leaders who navigate this effectively won’t be the ones who find the perfect architecture, he notes. “They’re the ones building organizations that can adapt quickly when the right answer changes tomorrow,” he says.

The real competitive advantage is not the cloud you picked, but how fast your team can learn and move, Johnson says.

Asked about other advice to make cloud less complicated, the CIOs offered the following:

• Treat your cloud architecture like a product, not a project. It needs ongoing ownership, not just implementation, Johnson stresses.
• Make sure you’re reviewing your decisions regularly. “The right call at year one often isn’t the right call at year three. Build in the checkpoints to revisit,” Johnson says.
• Tie every workload to a cost center. Basu has done this, and IT continuously reviews utilization and rightsizing rather than waiting for periodic audits.
• Data classification determines regional placement. Before any workload reaches production, ensure “Legal and Compliance are in that conversation from the start, not at the end,” Basu says.
• Create a cloud-ready solution. This can sometimes be less expensive and lower risk than lifting and shifting a heavily customized legacy environment, Basu says.
• Consolidation is a strategic choice, not a retreat. Fewer platforms, governed well, consistently outperform a fragmented multicloud estate, he says.
• Don’t underestimate the governance gap AI is opening. Build your AI governance layer now, before the debt accumulates, Basu says.
• Cloud strategy is not an IT architecture decision. The pandemic proved that it is a business resilience decision, Basu says. “The organizations that make the hard calls before the crisis arrives are the ones that come out intact.”
• Ensure cloud decisions are tied to measurable business outcomes. WHSmith’s Bellendir says IT is also investing heavily in integration architecture, cybersecurity controls, observability, and data governance to better support a hybrid ecosystem.
• Place greater emphasis on cloud cost governance and operational discipline. This will improve visibility into cloud usage and ensure that scaling AI, analytics, and digital initiatives remains financially sustainable over time, Bellendir says.

While no one can foresee whether cloud will grow less complicated down the road, organizations will continue to use it. “Cloud is no longer the future of IT — it’s the present,” says Sweetwater’s Johnson. “The conversation has shifted from ‘should we?’ to ‘how do we get better at it?’ That’s where I spend most of my time.”

This story originally appeared on CIO.