My top cloud “trends” to look out for in 2025

Introduction

I was unsure how to title this article, as I am not technically discussing trends. Still, predictions sounded far too grandiose, and the below are more personal thoughts/opinions than formal statements based on empirical data or IBM (or Microsoft) policies, etc. So, “Trends” will have to do.

The Good

Increased Focus on Hybrid / Multi-Cloud Services

In 2025, organisations and Microsoft (and other cloud providers) will continue to focus on adopting a hybrid (and multi-cloud) strategy. This will be evidenced by a doubling down on Azure Arc, Azure Local (i.e. Stack) and other tools/services designed to assist organisations in managing and deploying services across multiple clouds and on-premises estates.

This strategy will be encouraged by a continuing desire from organisations considering workload repatriation back from the cloud to their on-premises estates, as well as regulatory and cost pressures forcing organisations to look for more flexible options around their hosting strategy, including the aforementioned repatriation strategy.

I think this will also lead to a re-evaluation of migration or workload disposition strategies; there seems to be a broad acknowledgement that some workloads are not appropriate for migrating to the cloud, at least in a pure lift and shit approach, and organisations (possibly correctly) are anxious about investing in transformation strategies for legacy applications and in some cases a private cloud, or hybrid cloud model will be the correct approach to take and cloud providers will inevitably provide options to enable organisations to adopt this strategy, whilst still leveraging capabilities from their cloud providers.

Industry/Use Case Generative AI Capabilities

It is probably impossible to do a piece on 2025 technology without mentioning Generative AI, as this is the biggest bet made by cloud providers, such as Microsoft and Google, and we have seen at Microsoft Ignite that Microsoft is moving away from the more generic “chatbot” style approach and adopting a more agent-based multimodal platform.  For the next year, we will see continuing steps in this direction by developing agents that will be grounded against a specific subset of data, industry, and/or use cases.

In the short term, this is the easiest way to drive value and reduce the risks inherent in Generative AI-based tools.  However, there is a slight concern that this is just an iteration of the existing model and is not adding anything new to the offering.

I hope this will not be attempted by releasing more variants of Copilot, as, this is already making the landscape more complicated than it needs to be.

Quantum Gets Safe

There have already been several announcements from Microsoft at Ignite and other events, and several other cloud vendors have recently announced new capabilities around Quantum chips or cloud-based services, such as Google and IBM.  Whilst this technology remains in its infancy, several organisations have already started to leverage or have identified use cases where Quantum computing will be key.

One area that will be vital, and not just in the Quantum area, is cybersecurity. I think this area will receive a lot more focus in the coming year as organisations look to ensure their current systems are safe against potential advisories leveraging Quantum technology.  Microsoft (https://www.microsoft.com/en-us/security/blog/2023/11/01/starting-your-journey-to-become-quantum-safe/?msockid=2db0be1eba176e053806ab29bbf76ff3) and IBM (https://www.ibm.com/quantum/quantum-safe) have already made strides in this area with their similarly named Quantum Safe solutions, and I expect to see both new capabilities in this area.

Security goes mainstream (in MSFT Cloud, at least).

I think I mentioned this in a previous post/article, but it was terrific to see that at Microsoft Ignite this year, security was a key component of Microsoft’s strategy for 2025 and beyond. This has been partly driven by the need to enhance or, at a minimum, educate organisations on the need for a good level of data and user security to help them successfully and safely adopt some of the Gen AI tools, especially M365 Copilot, as this is one area where, traditionally, at least organisations have not focused on and is critical for the successful adoption of M365 Copilot, specifically but Generative AI tools in general.

But the acknowledgement of the importance of other security areas was equally important (if not more so), the investments in Defender, XDR, Sentinel, Entra etc. and the relative visibility of these during the conference was good to see, and I am hopeful that security will be seen as not just an enabler, but an integral part of cloud migration/transformation programs, as opposed to the blocker it is too often seen as at the moment.

 Speaking from a consultative perspective, it is increasingly important that organisations look to create a strong cybersecurity wrapper around any new or existing program of works and implement a shift left methodology to include security as early as possible in the program lifecycle, and I think we will see a continued effort by consultancies and cloud providers to enable this more effectively.

The Bad (ish)

Gen AI Gets Leaky

At least one data exfiltration from a Gen AI-based system or a hallucination will inevitably cause headlines in the next year, probably with the root cause being poor data/app security and/or a lack of governance and oversight.  Recently, we have seen some signs of this with the BBC, where Apple Intelligence incorrectly summarised a news report (https://www.bbc.co.uk/news/articles/cx2v778x85yo).  However, with Generative AI-based services/features becoming ubiquitous, it is increasingly likely that these scenarios will become more common and could lead to something more serious than an incorrect news headline.

Focus on Supply Chains

Supply chains, especially in cybersecurity, become increasingly fragile, not just from actions caused by a malicious attack but from poor testing and release processes.  I recently spoke to a client who professed to have over one hundred different tools in their security suite, most of which are now either SaaS-based or are subject to frequent updates.  This is not a new concern; there were at least two (possibly more) high-profile instances in 2024 where both scenarios occurred, CrowdStrike and BeyondTrust, both of which either caused a significant impact on the availability of services or allowed for hackers to access confidential systems and data*

Organisations and service providers will need to double down on their security posture and controls, as well as on the DevSecOps processes, or we risk seeing a repeat of one or both of these instances.

Anti-Trust Cases

Several anti-trust or similar cases are crawling through the US and EU courts, including cases against almost all the primary cloud providers (Google, Amazon & Microsoft). I am not a legal expert by any means, but depending on when the final judgments/appeals are completed and any action requested by the courts (e.g. potential breakups/divestitures etc.) is known, this may have some impact on the cloud ecosystem over the next year or so. It is difficult to tell whether this will be beneficial or detrimental to the broader technology ecosystem, even if some of these cases are only related to the cloud platforms, due to the parent company’s other business areas, e.g. Google AdTech, and Amazon Marketplace.

And The Hopeful

Microsoft Copilot Licensing

This may just be me, but a streamlining of the Copilot licensing model would be nice to see; for me, it is challenging that you have a mixture of license-based models for M365 Copilot, GitHub Copilot, etc., and then move to a consumption model for Security Copilot.

Speaking of Security Copilot, I am eagerly waiting for the MSSP version of Security Copilot to be released as for me, this is one of the more significant gaps in the Copilot portfolio (along with the above-mentioned difference in pricing model), and it would allow organisations who provide managed service to effectively leverage Copilot in that model, which is not realistically possible currently.

Misc

To finish on a slightly lighter and more personal note (possibly more controversial), it would be good to see Liverpool hold on to win the Premier League again, or at least for someone new (e.g., Arsenal or Chelsea), as opposed to Man City (sorry to any city fans out there). To counter this, I also hope we don’t get another RGIII experience regarding Jayden Daniels at the Commanders (for my US-based colleagues).

In Conclusion

2025 is shaping to be an interesting year, and I am keen to look back (not wanting to wish the time away) to see how some of the key technologies (i.e. Gen AI) evolved over the next 12 months.

If you disagree or think I have missed a key point, please add your thoughts in the comments section; I look forward to reading them.

Elsewhere

Cloudy with a Chance of Insights EP03

We pre-recorded episode 3, in which we covered Maester. I rambled on about Zero Trust, and David reminded me of the new oversharing controls available in M365 (specifically for SharePoint Online).

This episode is available on YouTube, Spotify, Apple Podcast and most podcasting platforms, just search for “Cloudy with a Chance of Insights”.  A full list of the relevant links can be found on the companion website https://themicrosoftcloudblog.com/category/podcast/

In next week’s episode, I will be asking David and Cyrus for their views on the past year and what they are looking forward to in 2025; please tune in to hear their more reasoned answers :-)

Finally

It just leaves me with the final opportunity to wish everyone a Happy & Prosperous New Year

* I am not downplaying or ignoring similar instances with Microsoft; I was focusing on 2024, and these incidents technically occurred earlier.

This article was originally published on my blog, which can be found at https://themicrosoftcloudblog.com/2025/01/03/my-top-cloud-trends-to-look-out-for-in-2025/