The Rise of CloudPrem, NewPrem and BYOC
Why AI, data security, and compliance are reshaping enterprise infrastructure
Over the past decade, enterprises embraced cloud-first architectures, valuing simplicity and scalability. But today, a new paradigm—CloudPrem—is gaining traction, combining the best of cloud-native technologies with the control of on-premise deployments. This emerging approach integrates bring-your-own-cloud (BYOC) flexibility, fundamentally rethinking how organizations balance innovation, security, and compliance.
Simply, cloud has unlocked a far superior and more rapid developer experience, with high ease of deployment. However, in moving to cloud, there has been a rise in security issues and data movement costs — especially with AI. CloudPrem aims to bring the best of cloud and on-premise together: cloud-like deployment with on-prem security.
What is CloudPrem?
CloudPrem bridges the gap between cloud and on-premise systems, offering a hybrid architectural model that separates the control plane from the data plane. This split enables software vendors to manage orchestration, updates, and monitoring (control plane) while ensuring sensitive data remains in the customer’s environment (data plane). By embracing this approach, organizations can enjoy cloud-like developer velocity without sacrificing control or security.
Understanding the Core Architecture: Control Plane vs Data Plane
Control Plane: Managed by the software vendor, it handles orchestration, updates, and monitoring—essentially the “management layer.”
Data Plane: Operates in the customer’s environment (on-premise or private cloud), housing and processing sensitive data to ensure it remains under customer control.
This diagram below from Clickhouse, illustrates the separation of the application and customer data inside the customer VPC, from the Clickhouse control plane (where Clickhouse manages the SaaS service).
Why CloudPrem is Emerging Now
Several trends are driving enterprises toward CloudPrem architectures:
Data Gravity & AI: Massive datasets and AI workloads are straining traditional cloud architectures. Moving compute closer to data (instead of transferring data to compute) minimizes costs and latency.
Operational Resilience: Recent ransomware attacks and supply chain vulnerabilities have highlighted the need for enterprises to maintain control over their core systems, especially in regulated industries. While it’s debatable whether self hosted reduces this risk, ransomware with SaaS has been challenging.
Privacy & Data Sovereignty: Regulatory requirements and intellectual property concerns demand tighter control over data. Compliance frameworks like SOC 2 are no longer enough, pushing vendors to offer NewPrem options.
Privileged Access Control: AI-powered tools and automation require extensive system privileges, introducing new security risks. Traditional SaaS models struggle to provide the necessary safeguards.
Financial Services: Leading the NewPrem Movement
The financial services industry is at the forefront of CloudPrem adoption. With over 450 petabytes of data, JP Morgan alone dwarfs the storage needs of GPT-4 (1 PB). Regulatory frameworks high data controls, making traditional SaaS solutions often challenging from security and compliance perspectives. By running compute locally, financial institutions achieve compliance, reduce data transfer costs, and meet performance demands for tasks like fraud detection.
Source: RedPanda’s BYOC piece [link]
The economic case for NewPrem in financial services is compelling. Traditional cloud models become prohibitively expensive at banking-scale data volumes, particularly with the rise of GPU-intensive AI workloads. Running compute locally eliminates costly data transfers while enabling the millisecond-level performance needed for critical functions like transaction processing and fraud detection. This combination of massive data scale, strict regulatory requirements, and performance demands makes financial services the perfect early adopters of NewPrem architecture. Their successful implementations are now becoming blueprints for other regulated industries facing similar challenges of control, compliance, and scale.
Leading Infra Vendors in the NewPrem Era
1. RedPanda and WarpStream
RedPanda and Warpstream emerged as pioneers in the NewPrem movement, fundamentally rethinking how streaming data platforms could operate in enterprise environments. RedPanda's BYOC offering allowed enterprises to maintain full control over their data infrastructure while benefiting from cloud-native capabilities. By building directly on object storage and separating the control plane from the data plane, RedPanda created an architecture that significantly reduced both operational complexity and costs - their customers reported seeing up to 10x cost reductions compared to traditional Kafka deployments.
The success of this approach caught Confluent's attention. As the market leader in streaming data platforms, Confluent was increasingly seeing enterprises, particularly in financial services, demand BYOC capabilities that RedPanda could offer but Confluent couldn't. This gap in Confluent's portfolio became critical enough that in September 2024, they acquired Warpstream for $220M with just 13 employees and just over a year of operation. Warpstream had built a similar architectural approach to RedPanda, focusing on separating compute and storage while maintaining Kafka compatibility.
What makes this acquisition particularly notable is its speed and size - Confluent moved to acquire Warpstream after only two years of operation, demonstrating how strategically important BYOC capabilities have become. Having this can mean a successful outcome for infra founders! The acquisition gives Confluent a complete spectrum of deployment options: fully-managed Confluent Cloud, self-managed Confluent Platform, and now BYOC through Warpstream's technology. This allows them to serve customers regardless of their operational requirements or regulatory constraints.
Image Source: How Confluent acquired WarpStream for $220m after just 13 months of operation [link]
2. ClickHouse
ClickHouse launched its BYOC (Bring Your Own Cloud) offering in beta on AWS in late 2024, marking a strategic shift in how enterprises can deploy their high-performance analytics databases. Their approach addresses a critical gap in the market: organizations that need cloud scalability but can't use traditional SaaS due to data sovereignty, compliance, or security requirements.
The architecture is built around a clear separation of responsibilities. ClickHouse manages the control plane for orchestration and monitoring, while the data plane runs entirely within the customer's VPC, ensuring sensitive data never leaves their environment. Key features include automated AWS CloudFormation deployment, built-in observability dashboards, Prometheus integration, and a zero-trust security model. The solution is specifically designed for large-scale deployments requiring SOC 2 and ISO 27001 compliance, with GCP and Azure support in development.
3. Snowflake
Snowflake took a unique path to enterprise data security - not quite NewPrem, but pioneering in its own way. Instead of moving their service into customer clouds like RedPanda or ClickHouse, Snowflake created a "private multi-tenant" model. While the service runs on shared cloud infrastructure, customers connect through private channels (AWS PrivateLink or Azure Private Link) rather than the public internet.
The real innovation is how this enables secure data sharing. Enterprises can not only connect privately to Snowflake but also establish secure connections with other Snowflake customers. This lets organizations collaborate on data analytics while maintaining strict security boundaries - achieving many of the benefits of NewPrem without actually moving the infrastructure into customer clouds.
Conclusion
CloudPrem represents a pragmatic evolution in enterprise architecture, merging the agility of cloud with the control of on-premise systems. Its adoption is driven by financial services but is rapidly spreading to other industries grappling with AI workloads, data sovereignty, and security demands. The validation is clear—from Confluent’s acquisition of WarpStream to ClickHouse’s strategic BYOC launch.
For enterprise infrastructure and AI founders, offering CloudPrem architectures could unlock opportunities in Fortune 2000 companies and beyond. At Wing, we are interested in infra vendors enabling this shift towards CloudPrem deployments.
Thanks for giving a concise term to this pattern. We at Kloudfuse have been advocating for this model since last four years and customers are listening and realizing the importance of this. In networking world control plane, data plane separation is natural and accepted. I think because of data volumes this separation is making sense for other domains as well like databases you mentioned and observability data lakes (which we are building at Kloudfuse: https://www.kloudfuse.com/capabilities/vpc-deployment). Another point which is relevant is that the end users can control the cost better and utilize their cloud discounts once they are using "CloudPrem" mode for service consumption.