Showing Posts From

Cloud

When intelligence becomes something we outsource

When intelligence becomes something we outsource

We are slowly doing something unusual with intelligence. Not replacing it. Not augmenting it. But outsourcing it. One prompt at a time. Artificial Intelligence tools like ChatGPT, Gemini, and Claude are often framed as productivity multipliers. And they are. They compress time, reduce friction, and make complex outputs accessible at almost no cost. But there is a quieter shift underneath that narrative. We are starting to separate thinking from understanding. And that is where things become fragile. The illusion of competence A well-written prompt can produce a remarkably convincing answer. Structured, fluent, confident, even nuanced. But confidence is not the same as correctness. And fluency is not the same as comprehension. The problem is not that AI produces wrong answers. It is that it produces answers that feel right often enough that we stop checking. And once that habit sets in, something subtle changes: We stop being the system that verifies. We become the system that accepts. Intelligence without ownership There is a difference between using a tool and depending on it for cognition. A calculator never made anyone worse at math. But it also never asked them to understand what it was doing. Modern AI tools sit in a different category. They don’t just compute. They interpret, summarize, explain, reason. Which means they don’t just extend intelligence. They can replace the experience of thinking. And once that replacement becomes comfortable, it becomes structural. The cloud problem, repeated at a cognitive level We have seen this pattern before. Cloud computing abstracted infrastructure:servers became services systems became APIs operations became dashboards complexity became someone else’s responsibilityIt worked brilliantly—until it didn’t. Because abstraction has a hidden cost: distance from reality. And with each layer of abstraction, fewer people understand what is actually happening underneath. Now we are doing the same thing with intelligence itself. From understanding systems to trusting outputs In earlier generations of engineering, you were forced to understand what you built. If a system slowed down, you needed to understand IOPS, memory pressure, CPU scheduling, network latency. Today, many engineers start at the top layer: Deployments, pipelines, managed services, black-box scaling. Even education has adapted. We teach how to use systems, not how they fundamentally behave. And that works—until something breaks outside the abstraction layer. Then the question becomes uncomfortable: Who still understands what is actually happening underneath? The real risk is not AI becoming too smart The real risk is humans becoming too comfortable. Because when AI works well, it removes friction. And friction is often where understanding is formed. If everything just works, there is no need to dig deeper. If nothing requires repair, there is no need to understand cause and effect. If answers are always available, the discipline of reasoning slowly erodes. Not dramatically. Not visibly. But cumulatively. “Just ask AI” is not a strategy There is a growing cultural reflex:Don’t know it? Ask AI. Need it explained? Ask AI. Need a decision? Ask AI.And most of the time, that is fine. Until it becomes the only mechanism. Because AI does not create accountability for truth. It produces plausible synthesis based on patterns. Which means it inherits one critical dependency: There must still be human intelligence capable of questioning it. Not superficially. But structurally. What happens when the underlying knowledge disappears? This is the uncomfortable edge of the argument. What if we gradually lose the ability to independently validate what AI produces? Not because we are incapable. But because we stopped practicing. Then we reach a point where:the system produces an answer nobody truly understands how it was derived and nobody can confidently say whether it is correctAnd at that point, intelligence is no longer something we use. It is something we receive. The paradox of progress We are building systems that make us more capable than ever before. And at the same time, potentially less resilient than ever before. Because resilience is not measured by output. It is measured by what remains when the system is not available. Or when the abstraction fails. Or when the data is missing. Or when the model is wrong. Closing thought AI is not the end of thinking. But it might become the end of careless thinking, if we are intentional. The real question is not whether AI can do the work. It is whether we are still willing to understand the work that is being done on our behalf. Because at some point, the dependency becomes invisible. And when that happens, the most important system we have is no longer artificial intelligence. It is human understanding. And if we outsource that too far, we may eventually discover that we still have answers— but no longer know how to question them.

Digital sovereignty is not where your cloud runs

Digital sovereignty is not where your cloud runs

Organizations often talk about digital sovereignty as if it is a geographical problem. As if moving workloads from one region to another, or choosing a “European cloud”, somehow resolves it by default. That framing is comfortable. It is also misleading. Because digital sovereignty is not defined by where your cloud runs. It is defined by what you depend on, who controls those dependencies, and how quickly that control can shift without you noticing. And in most modern architectures, those answers are far less reassuring than organizations assume. The illusion of location-based control One of the most persistent misunderstandings in cloud strategy is the idea that data residency equals sovereignty. If data is stored in a specific country or region, the thinking goes, it must be under that jurisdiction’s control. Therefore, the organization is sovereign. But sovereignty is not a storage property. It is an operational condition. Modern cloud environments separate storage, compute, identity, observability, orchestration, and security into distributed services. Even if data is physically stored within a defined region, the control plane often is not. Identity providers, logging systems, container orchestration, key management services, and telemetry pipelines may all cross borders by design. And each of those layers introduces external dependency. So what looks like sovereignty at the infrastructure layer can still be deep dependency at the control layer. The real dependency map is not obvious Most organizations can tell you where their workloads run. Far fewer can explain:Who controls their identity system Where authentication and authorization decisions are evaluated Which external APIs are critical to deployment pipelines How secrets are managed and rotated What happens if a major cloud control plane becomes unavailableThese are not edge cases. They are core architectural facts. Yet they are often treated as implementation details rather than strategic dependencies. The result is a mismatch between perceived autonomy and actual control. A system may look sovereign on a slide deck while being tightly coupled to a small number of global providers in practice. Sovereignty is not binary Another common mistake is treating digital sovereignty as a yes-or-no state. Either you are sovereign, or you are not. Reality is more nuanced. Sovereignty exists on a spectrum of control across multiple dimensions:Data sovereignty: Where data is stored and under which legal regimes it falls Operational sovereignty: Who can change, deploy, or interrupt systems Technical sovereignty: How replaceable core components are Economic sovereignty: How easily costs can be influenced externally Vendor sovereignty: How dependent you are on specific providers or ecosystemsAn organization can be strong in one dimension and weak in another. For example, you might host data locally while remaining fully dependent on a single global identity provider. Or you might have multi-cloud infrastructure but still rely on one provider’s proprietary orchestration layer. Calling this “sovereign” or “not sovereign” misses the point entirely. The real question is: where are you constrained without realizing it? Cloud convenience is a design trade-off Cloud platforms are powerful because they reduce complexity. Managed services remove the need to operate infrastructure at scale. APIs abstract away operational burden. Integrated tooling accelerates delivery. But every abstraction is also a dependency. When you adopt a managed database, you gain operational simplicity. You also accept a specific backup model, a specific failover mechanism, and a specific pricing structure. When you adopt a managed identity provider, you gain security and standardization. You also accept that authentication is no longer fully under your control. These are not flaws. They are trade-offs. The problem arises when organizations treat these trade-offs as reversible defaults rather than strategic commitments. The hidden concentration of control Over time, cloud adoption tends to concentrate control rather than distribute it. Even in multi-cloud environments, the same patterns emerge: One provider becomes the primary identity source One ecosystem dominates observability One pipeline tool becomes the standard deployment mechanism One set of APIs defines infrastructure behavior This is not accidental. It is the natural outcome of efficiency seeking. But concentration introduces fragility. Not necessarily technical fragility in the form of outages, but strategic fragility: reduced negotiating power, limited exit options, and increasing difficulty to redesign systems without significant disruption. The more optimized a system becomes around a single ecosystem, the less sovereign it tends to be. The uncomfortable question: what can you actually replace? A practical way to evaluate sovereignty is not to ask where systems run, but what would happen if key components disappeared. Not hypothetically in a disaster scenario, but structurally:If your identity provider changes terms or access, how fast can you switch? If your primary cloud provider increases costs significantly, what breaks first? If a critical managed service is discontinued, do you have an exit path or just a migration project? If external connectivity is restricted, which parts of your architecture stop functioning immediately?These questions are uncomfortable because they expose design assumptions that are usually left unchallenged. Most organizations discover that their “sovereign” architecture contains far fewer independent components than expected. Sovereignty requires intentional friction True digital sovereignty is not achieved by avoiding cloud platforms. It is achieved by designing for optionality, even when it introduces friction. That can include:Avoiding unnecessary proprietary abstractions in core systems Designing data portability as a requirement, not a future task Separating identity from infrastructure providers Maintaining documented, tested exit strategies for critical services Ensuring that no single provider becomes a structural bottleneckNone of these decisions are purely technical. They are architectural governance choices. And they often conflict with short-term efficiency goals. Which is why they are frequently postponed. Leadership, not infrastructure, defines sovereignty At its core, digital sovereignty is not a cloud architecture problem. It is a leadership problem. Because the hardest part is not building systems that are portable or independent. The hardest part is deciding when dependency is acceptable and when it is not. Every organization will rely on external platforms. The question is not whether dependency exists, but whether it is understood, measured, and intentionally managed. Without that clarity, sovereignty becomes a narrative rather than a capability. Closing thought Digital sovereignty is not where your cloud runs. It is whether you could still operate if your assumptions about that cloud stopped being true. And in most modern architectures, that question is less theoretical than it seems.

The future of managed services is letting go of control

The future of managed services is letting go of control

For decades, managed services have been built around a simple idea: The provider builds. The customer consumes. We standardized desktops. We standardized servers. We standardized networks. We defined what users were allowed to do, locked everything else down, and called it governance. It made perfect sense. Technology was complex. Expertise was scarce. Standardization created stability. But if I look at the direction our industry has taken over the past fifteen years, I don't see a story about better infrastructure. I see a story about increasing autonomy. And I don't think we've fully realized what that means for the future of managed services. This didn't start with AI AI is getting all the attention. But the shift started long before large language models. Think about what we've introduced over the last decade. Infrastructure as Code allowed engineers to describe infrastructure instead of manually configuring it. Cloud platforms removed the need to provision hardware. The modern workplace allowed users to work from anywhere, on almost any device. Power Platform enabled business users to automate processes without waiting for IT. Platform engineering is giving development teams self-service platforms instead of ticket queues. These aren't isolated innovations. They all move in exactly the same direction. Every generation of technology removes another dependency on central IT. Every generation gives more capability directly to the people creating value. AI simply accelerates that trend. Customers don't want fewer capabilities They want fewer dependencies. That's an important difference. Organizations don't want to submit tickets to deploy an application. They want to deploy it themselves. They don't want to wait three weeks for an environment. They want it in three minutes. They don't want IT departments approving every workflow. They want to automate their own. For years, many managed service providers viewed this as a threat. I think it's exactly the opposite. Because customers aren't trying to eliminate the MSP. They're trying to eliminate unnecessary friction. The MSP is no longer the builder Imagine a product team in three years. A product owner describes a new customer portal. An AI engineering team generates the application. Another agent provisions infrastructure. Security agents validate policies. Test agents perform functional and performance testing. Deployment agents roll everything into production. None of that feels unrealistic anymore. The interesting question isn't whether this will happen. It's what role the MSP still plays. I don't believe the answer is "building the platform." Because increasingly, customers will do that themselves. Or rather, their AI agents will. The foundation becomes the product If customers can build, deploy and operate faster than ever before, then the value of the MSP shifts underneath the visible work. The platform becomes the product. Not the portal. Not the virtual machine. Not the Kubernetes cluster. The invisible foundation beneath all of it. The landing zones. Identity. Networking. Compliance. Policies. Guardrails. Observability. Knowledge. Recovery. Customers won't ask an MSP to deploy an application. They'll expect an environment where deploying applications is safe by default. That's a fundamentally different business. Governance stops saying "no" Many organizations still think governance means restricting users. Removing permissions. Blocking installations. Limiting change. That approach worked when IT was responsible for every change. It breaks down completely when hundreds of developers, business users and AI agents are continuously creating new workloads. The answer cannot be to review every deployment. It cannot be to manually approve every prompt. And it certainly cannot be to lock everything down. Governance has to evolve from permission to policy. Instead of deciding who may build, we decide the conditions under which anything may be built. Instead of reviewing every change, we continuously validate every outcome. Instead of configuring environments manually, we enforce compliance automatically. Control doesn't disappear. It simply moves to a different layer. The MSP becomes an enabler of autonomy This may be the biggest mindset shift our industry has ever faced. For years, success was measured by how much work the provider performed. Tomorrow, success may be measured by how little intervention is required. The best managed service providers won't be the ones operating every workload. They'll be the ones enabling thousands of safe deployments that never required them in the first place. Their customers will move faster. Developers will have more freedom. Business teams will automate more processes. AI agents will continuously improve solutions. And underneath all of it, the MSP quietly ensures that security, compliance and operational resilience remain intact. Invisible when everything works. Essential when it doesn't. Expertise doesn't disappear Some people interpret AI as the end of expertise. History suggests otherwise. Every abstraction has increased demand for people who understand the layer beneath it. Cloud didn't eliminate infrastructure expertise. Infrastructure as Code didn't eliminate architects. Platform engineering didn't eliminate operations. It simply changed where expertise creates value. AI will do exactly the same. The future MSP won't spend its days deploying resources. It will design the ecosystems in which autonomous systems can safely deploy themselves. Closing thought I don't believe the future of managed services is about doing more work for customers. I think it's about making customers capable of doing more themselves. Not because the MSP becomes less relevant. But because relevance is moving. From operating technology... ...to enabling autonomy. The organizations that understand this will stop asking how AI fits into managed services. They'll realize managed services are being redefined by the same force that is reshaping every other part of IT: giving more control to the people closest to the problem, while ensuring the platform beneath them remains secure, compliant and resilient. That, to me, is what the next generation of managed services looks like.