Workload Placement Boundaries Between Public Cloud, Private Cloud and Dedicated Infrastructure
UK businesses reviewing where to run core systems are facing a familiar decision with sharper commercial and operational consequences: which workloads belong in public cloud, which are better suited to private cloud, and which still justify dedicated infrastructure. Public cloud, private cloud and dedicated infrastructure all support credible enterprise strategies, but they create different assumptions about performance, cost exposure, supplier dependency, recovery design and operational control. The boundary between them should be drawn from the behaviour of the workload, not from a general preference for one hosting model.
Cloud adoption is already widespread across the parts of the UK business economy covered by the ONS Management and Expectations Survey, particularly among firms with established digital and data-led operating models. The Office for National Statistics reported that 69% of surveyed UK firms had adopted cloud-based computing systems and applications in 2023. Among firms that had adopted AI, 91% also used cloud-based computing systems and applications. The ONS survey covered production and services businesses with at least 10 employees and excluded some sectors, including financial and insurance activities, so the figures should be read as evidence of broad business adoption rather than a full census of every UK organisation. Even with that qualification, the direction is clear: cloud placement decisions now affect a wide range of business systems, including databases, customer portals, internal applications, backup platforms, analytics environments, development estates and disaster recovery targets.
The commercial context also deserves attention. The Competition and Markets Authority’s cloud services market investigation focused on public cloud infrastructure services in the UK, primarily infrastructure as a service and platform as a service. In that market, the CMA reported UK customer spending of £10.5bn in 2024, with spending growing by nearly 30% each year since 2020. Its final decision highlighted concerns around market concentration, egress fees, technical barriers, interoperability and software licensing practices. Those findings do not weaken the case for public cloud, but they do show why architecture choices should account for data movement, exit planning, skills, supplier dependency and long-term operating cost.
For businesses reviewing infrastructure strategy, the placement decision now affects more than hosting cost. It shapes how systems are recovered, how supplier dependency is managed, how data movement is controlled and how infrastructure choices are explained to boards, auditors and operational teams. Public cloud is often well suited to elastic services, rapid development environments and cloud-native applications. Private cloud may suit predictable workloads that need UK-hosted control, closer provider accountability and integrated resilience planning. Dedicated infrastructure may remain appropriate where performance consistency, licensing, hardware control or application constraints are central to the operating model.
This article examines the main workload characteristics that should guide those decisions: demand pattern, performance, cost predictability, data residency, security control, resilience, application architecture and operating model. Each section considers how the same characteristic can lead to different placement decisions across public cloud, private cloud and dedicated infrastructure. The aim is to support clearer decisions for UK organisations reviewing production systems, recovery environments, regulated workloads and long-running business applications.
Workload Placement Decision Criteria Across Public Cloud, Private Cloud and Dedicated Infrastructure
The table below sets out the main decision areas used throughout the article. It is not intended as a rigid scoring model. A workload may have one characteristic that points towards public cloud and another that favours private cloud or dedicated infrastructure. A more reliable placement decision starts with how the workload behaves in production, during recovery and under change.
| Placement criterion | Public cloud is usually suited to | Private cloud is usually suited to | Dedicated infrastructure is usually suited to |
| Demand pattern and elasticity | Variable, seasonal, experimental or burst workloads | Predictable workloads that still benefit from pooled virtual infrastructure | Stable, known workloads with consistent resource requirements |
| Performance and I/O behaviour | Applications designed for distributed scaling and managed services | Controlled virtualised estates needing predictable performance | High-I/O, latency-sensitive or hardware-specific workloads |
| Cost predictability and data movement | Workloads where variable consumption is acceptable and actively governed | Long-running workloads needing more predictable commercial models | Fixed-capacity workloads where hardware allocation and cost clarity are priorities |
| Data residency and governance | Workloads where cloud regions, contracts and controls meet policy needs | UK-hosted workloads needing clearer provider accountability and location evidence | Sensitive or tightly governed workloads needing greater server-layer control, clearer isolation and tightly managed change processes |
| Security isolation and control | Teams with mature cloud security, automation and shared responsibility management | Environments needing stronger customer-specific boundaries and provider engagement | Systems needing full administrative control over stack, tooling and change |
| Resilience and disaster recovery | Cloud-native applications designed for availability zones, automation and rapid rebuild | Workloads where hosting, backup, replication and DR need close alignment | Recovery environments dependent on specific systems, storage layouts or network paths |
| Application architecture and licensing | Cloud-native, API-driven or managed-service-friendly workloads | Mixed estates where legacy and modern systems need a controlled operating model | Applications with licensing, hardware, support or platform constraints |
These criteria overlap, but each brings a different infrastructure risk into view. A workload with predictable demand may still be a poor candidate for a single dedicated environment if the recovery model requires rapid redeployment across sites and no equivalent standby capacity has been designed. A regulated workload may use public cloud successfully if the organisation can evidence data flows, support access, configuration control and recovery arrangements. A high-performance workload may run well in public cloud, but only if the performance tier, data movement and licensing implications are understood before migration.
The sections below therefore avoid treating public cloud, private cloud and dedicated infrastructure as fixed maturity stages. They are operating models with different strengths. The placement boundary should be based on workload behaviour, business risk and recovery requirements.
Demand Pattern and Elasticity
Elasticity remains one of the clearest reasons to use public cloud. Workloads with variable traffic, seasonal usage, short-lived testing environments, temporary analytics peaks or experimental AI capacity requirements often benefit from rapid provisioning and consumption-based capacity, provided the team can govern usage and retire resources when they are no longer needed. Public cloud is also attractive when the business does not yet know how large a new service will become, or when demand changes too quickly for traditional capacity planning cycles. That advantage becomes less decisive when a workload is stable. Internal systems, finance applications, databases, backup infrastructure and line-of-business platforms often follow relatively predictable usage patterns. VDI estates can also be predictable, but they require separate analysis because logon storms, profile storage and graphics requirements can create concentrated peaks. If the workload rarely scales up or down, and if reserved capacity, committed-use discounts or managed platform benefits do not change the economics, the organisation may be paying for flexibility without gaining much operational value from it. Flexera’s 2026 State of the Cloud Report found that cloud cost and security remain the two leading cloud challenges, with software licensing close behind. That finding is most useful when applied carefully: variable infrastructure is valuable, but only when the workload can justify variable consumption.
Private cloud is usually better aligned with workloads that need virtualisation and pooled capacity but not hyperscale elasticity. A private cloud can support multiple systems, allow controlled expansion and provide a more consistent operating environment for internal applications. It also allows capacity to be planned around known business demand rather than constant consumption changes. The trade-off is that capacity still needs to be designed, funded and reviewed; private cloud is not a way to avoid infrastructure planning.
Dedicated infrastructure is often appropriate where demand is consistent and the workload maps cleanly to known resources. A database server, application host, storage node or virtualisation host may have a stable profile that can be sized with reasonable confidence. The commercial and operational benefit is clarity. The limitation is reduced flexibility if demand changes sharply or if the application estate is restructured.
Performance, Latency and I/O Behaviour
Workload placement should account for how the application behaves under load, how it uses storage, and how sensitive it is to latency or contention. Public cloud can perform well when applications are designed for distributed scaling, managed databases, object storage, queueing, content delivery and automation. It is often appropriate for internet-facing services and modern application architectures where scaling patterns are part of the design. Performance risk appears when applications are moved without understanding their I/O profile, storage latency requirements or dependency on consistent resource allocation. Higher-performance public cloud tiers, dedicated hosts and specialist storage services may address those needs, but they also change the commercial model. Public cloud pricing models can include separate charges for compute, storage capacity, storage operations, managed services and data transfer. AWS pricing material, for example, separates storage, requests and data transfer components, which illustrates why application performance design and cost design need to be considered together.
A controlled private cloud environment can be a better match where predictable performance is required across a defined virtual estate. This is relevant for business applications, database platforms, ERP systems, VDI estates and internal platforms where performance consistency is more important than access to a large catalogue of managed public cloud services. UK-hosted private cloud also gives infrastructure teams a clearer relationship between workload placement, provider accountability and site design. The limitation is that private cloud still needs sound engineering. Poor storage design, inadequate capacity planning or weak monitoring can undermine the benefits of a dedicated platform.
Dedicated infrastructure is more technically appropriate where performance or supportability depends on bare-metal allocation, full administrative control over the server stack, or consistent access to known hardware resources. High-I/O databases, specialist application stacks, SaaS platforms, media processing workloads and virtualisation hosts can all fall into this category. Extraordinary Data Cloud’s dedicated server hosting model is built around allocating the full server to the customer, with control over operating system, software stack, security settings and services. That level of control can be valuable, but it must be matched with appropriate resilience, monitoring and lifecycle management.
Cost Predictability and Data Movement
Cost comparison between infrastructure models should include more than monthly compute charges. Public cloud can be commercially effective for variable demand, short-term projects and workloads that use managed services efficiently. It can also become difficult to forecast when data transfer, snapshots, logging, replication, managed databases, support plans, storage operations and licensing are not modelled in advance. The CMA’s “Cloud Services Market Investigation” gives this issue a UK-specific evidence base. It found concerns around cloud market concentration, low switching rates and barriers linked to egress fees, technical differences, skills and interoperability. Microsoft challenged parts of the CMA’s provisional analysis in its “Response to the CMA Provisional Decision Report”, arguing that egress fees were not usually the main customer concern and that customers placed greater emphasis on availability, security, training, operations and time. Taken together, these positions show why cost planning has to include switching, data movement and operational effort, not only service unit prices.
Private cloud can provide a more predictable cost model for long-running workloads with known resource needs. This is particularly relevant where applications run continuously, data volumes are steady, and the organisation wants clearer separation between infrastructure cost and variable consumption. For UK businesses reviewing cloud spend, private cloud may be a suitable option for stable production systems, internal platforms, database workloads, backup infrastructure or recovery environments. The trade-off is commitment: capacity has to be specified and paid for, even when utilisation is lower than expected.
Dedicated infrastructure gives the clearest cost line where the workload is stable and sized correctly. The customer knows which server resources are allocated, what the hosting arrangement covers, and where additional services such as backup, connectivity or management are required. That clarity can be valuable for long-term systems and predictable workloads. It can also create inefficiency if hardware is over-specified, underused or kept beyond its appropriate lifecycle.
Data Residency, Sovereignty and Governance Evidence
Data residency and sovereignty questions have become more detailed as UK organisations rely on wider supplier ecosystems, cloud regions, support teams and managed services. The ICO’s updated international transfer guidance explains that UK GDPR transfer rules may apply when personal information is sent, or made accessible, to a separate organisation outside the UK. This does not make international cloud platforms unsuitable. It does require organisations to understand data flows, restricted transfers, contractual mechanisms and support access.
Public cloud can support compliant and well-governed workloads when regions, contracts, encryption, identity controls, logging and supplier assurances are properly configured and evidenced. The challenge is that region selection does not answer every sovereignty question. Infrastructure teams may still need to examine control planes, telemetry, sub-processors, replication behaviour, administrative access and incident response arrangements. NCSC cloud security principles are relevant in this context because they cover provider governance, asset protection and resilience, separation between customers, audit information and secure service administration. They help customers assess what the provider is responsible for and what remains with the customer.
Private cloud is often appropriate where UK hosting, direct provider accountability and clearer operational evidence are part of the decision. This can matter for regulated sectors, organisations supplying or working closely with the public sector, legal services, healthcare, financial services, MSPs and businesses with client-driven assurance requirements. Extraordinary Data Cloud’s private cloud infrastructure is hosted within UK datacentres in London and Edinburgh, with both sites connected through its private network, AS30827, to support workload mobility, cross-site replication, backup operations and disaster recovery design. The operational value is not simply the UK location; it is the ability to connect location, network, hosting and recovery design in one evidence trail.
Dedicated infrastructure may be preferred where the organisation needs clearer separation at the server layer, full administrative control over the operating environment and a tightly governed change model. Sensitive workloads, specialist systems and tightly governed applications may need a defined hardware estate, controlled change model and limited platform abstraction. This does not remove the need for governance. It increases the need for disciplined patching, access control, backup, monitoring, incident response and documented recovery procedures.
Security Isolation and Operational Control
Security cannot be assumed from the placement model alone. Public cloud can provide access to mature security services, policy automation, encryption options, logging, identity controls and managed security capabilities. It can be a strong environment for teams with the skills to configure and operate it well. NCSC cloud security guidance notes that organisations using cloud services retain responsibility for configuring and using those services in a way that meets their security needs, with the level of responsibility varying by service model. The key consideration is whether the organisation understands its operational responsibilities for each workload. Infrastructure as a service, platform as a service and software as a service each place different duties on the customer and provider. A migrated virtual machine, a managed database and a SaaS application do not carry the same configuration, monitoring or recovery obligations. Misunderstanding those boundaries can create avoidable exposure even when the underlying provider platform is robust.
Private cloud can be suitable where stronger isolation, dedicated resources and direct operational engagement are important. It can support customer-specific environments without requiring the organisation to manage every layer of physical infrastructure alone. For MSPs and IT service providers, private cloud can also provide a controlled platform for clients that need more separation than a standard shared hosting model. The limitation is service breadth. A private cloud environment may not offer the same native security service catalogue as a hyperscale platform, so tooling and responsibilities should be defined clearly.
Among hosted infrastructure options, dedicated infrastructure usually offers the greatest degree of direct customer control at the server layer. It can suit workloads requiring root or administrative access, specific security tooling, non-standard configurations or strict change control. The advantage is direct control, while the risk is operational drift if ownership is unclear. Dedicated servers should therefore be assessed alongside management capability, backup coverage, vulnerability handling, monitoring and incident response procedures.
Resilience, Disaster Recovery and Dependency Design
Resilience is often where workload placement decisions are exposed. A workload may run well day-to-day but prove difficult to recover if data movement, restore sequencing, DNS, identity, connectivity and supplier dependencies have not been tested. Public cloud can support strong resilience patterns where the selected platform offers suitable availability-zone or multi-region options and the application has been designed for automation, infrastructure as code, managed recovery and tested rebuild procedures. It is less reliable as a recovery strategy when workloads are simply moved as static servers without redesigning the operating model. UK regulatory and policy direction is increasing attention on third-party dependency, managed service risk and operational continuity. The UK Government’s Cyber Security and Resilience Bill factsheet indicates that medium and large managed service providers meeting the definition of a relevant managed service provider will be brought into scope, reflecting concern about the privileged access and operational dependency MSPs can have across customer environments. In financial services, the Bank of England, PRA and FCA have also introduced final rules for critical third parties to the UK financial sector. These developments do not prescribe where every workload should run, but they do raise the standard for explaining how critical services are supported, recovered and governed.
Private cloud can support resilience planning when hosting, backup, replication, connectivity and recovery environments are designed together. Where a UK private cloud is designed across both London and Edinburgh, production and recovery decisions can be considered at the same architectural level rather than treated as separate supplier arrangements. Extraordinary Data Cloud’s private network between its London and Edinburgh datacentres supports workload mobility, cross-site replication, backup operations and disaster recovery capabilities. In a recovery scenario, that connection between hosting location, replication path and recovery target can be as important as the platform itself.
Dedicated infrastructure can be appropriate for recovery environments that depend on specific systems, predictable storage layouts or defined network paths. It can also support standby environments, replication targets or applications that require bare-metal restore. The important distinction is that dedicated hardware alone is not resilience. Recovery still depends on tested backups, available capacity, documented dependencies, failover procedures, monitoring and people who know how to execute the plan.
Application Architecture, Licensing and Operating Model
Application architecture often determines whether a workload can take advantage of public cloud. Cloud-native applications, API-driven services, managed databases, containerised workloads and applications designed for automation can benefit from public cloud platform services. Legacy systems may also run successfully in public cloud, but the placement case is weaker if the application is tightly coupled to fixed server assumptions, unsupported operating systems, old storage patterns or inflexible licensing. Software licensing is a placement criterion in its own right, especially where enterprise software rights differ between public cloud, private cloud and dedicated environments. The CMA’s final cloud services decision found that Microsoft’s software licensing practices had an adverse effect on competition in cloud services, especially where customers use Microsoft software as an input. This is a reminder that workload placement is shaped by commercial rights and vendor terms as well as technical capability. A technically possible migration may still be unattractive if licensing, support or operational cost weakens the case.
Private cloud is often useful for mixed estates where legacy and modern workloads need to coexist under a controlled operating model. It can support gradual migration, platform consolidation and recovery planning without requiring every application to be redesigned immediately for public cloud services. This is especially relevant for UK organisations with long-lived business systems, regulated datasets or applications that need predictable performance but still benefit from virtualisation. The risk is that private cloud becomes a place where difficult application decisions are postponed. It should be used with a lifecycle plan, not as a permanent exception list.
Dedicated infrastructure remains appropriate where the application requires a specific operating environment, full administrative control over the server stack, fixed hardware allocation or a support model that is difficult to reproduce in a more abstracted platform. Extraordinary Data Cloud’s dedicated server use cases include business applications, virtualisation platforms, database servers, SaaS platforms, file storage, disaster recovery environments and high-performance computing workloads. These examples point to workloads where abstraction may not be the main goal. The decision should still be evidence-based: utilisation, supportability, recovery design, licensing and operational ownership should be reviewed before dedicated hosting is selected.
Conclusion
Public cloud, private cloud and dedicated infrastructure all remain relevant to UK architecture decisions. Public cloud is often the best option for elastic, cloud-native, distributed and rapidly changing workloads. Private cloud can provide a stronger operating model for controlled, UK-hosted, predictable and resilience-sensitive environments. Dedicated infrastructure remains important where performance consistency, full control, licensing clarity or application constraints are decisive.
Poor placement decisions rarely come from choosing an infrastructure model in isolation. They usually come from placing workloads without enough evidence about behaviour, recovery, data movement, governance and long-term cost. A workload that appears efficient in normal operation may be expensive to restore, difficult to exit or unsuitable for a regulated assurance process. Another workload that appears old-fashioned because it runs on dedicated infrastructure may be correctly placed because the application, licensing model and recovery requirements demand that level of control.
A stronger workload placement review should begin with facts: demand profile, I/O behaviour, data movement, support requirements, recovery objectives, governance evidence, security ownership and application constraints. Those facts will not always point to the newest or most flexible platform. They should point to the environment that gives the organisation an appropriate balance of performance, resilience, cost control and operational accountability for that specific workload.