From the field: I help enterprises move to Azure for a living. I have built the business case for cloud adoption dozens of times. And I self-host everything personal. This is not hypocrisy — it is the same risk assessment I apply professionally, pointed at a different problem.
I help enterprises move to Azure for a living. I’ve architected cloud migrations, implemented Microsoft 365 rollouts, and built the business case for cloud adoption dozens of times.
And I self-host everything personal.
This isn’t hypocrisy – it’s risk assessment. The same analytical thinking I apply to enterprise IT tells me that putting everything in the hands of a few hyperscalers creates concentration risk. Not paranoia. Risk.
Career Value: The risk assessment framework in this article mirrors enterprise disaster recovery and business continuity planning – skills valued at architect-level roles (£70-90k). Understanding concentration risk and mitigation strategies translates directly to DR planning conversations in interviews.
What You’ll Learn
- The convergence of platform risks in 2026
- Real examples of account termination and data loss
- What self-hosting actually means (and doesn’t)
- When cloud makes sense vs. when sovereignty matters
- Getting started without going full prepper
The Professional Context
Let me be clear about where I’m coming from:
- Day job: Azure/365 architect and consultant
- Certifications: Multiple Microsoft certs, cloud-native expertise
- Position: I’m not anti-cloud. I help companies adopt it.
This isn’t an anti-technology screed. This is a professional assessment of risk concentration.
What’s Changed by 2026
The Convergence Pattern
Several trends are converging:
Default Cloud Storage
- Windows pushes OneDrive by default
- macOS pushes iCloud by default
- Android pushes Google Drive by default
- Your documents, photos, and settings – in someone else’s data center
Always-Connected Requirements
- Windows 11 requiring Microsoft accounts for setup
- Apps requiring online activation
- Subscription software replacing perpetual licenses
- Features that simply don’t work offline
Policy and Compliance Pressure
- EU Digital Sovereignty Act raising questions about US cloud dependency
- Denmark’s Ministry of Education reconsidering Microsoft 365
- Germany’s data protection concerns about cloud platforms
- UK Online Safety Act with encryption implications
What This Means: The default path is now: everything you create lives on platforms you don’t control. Every photo, document, email, and note – accessible only with the platform’s permission.
Real Examples of Platform Risk
These aren’t hypotheticals. They’ve happened.
Account Termination
Apple iCloud suspensions: Users have lost access to years of family photos with no warning or explanation. Once the account is gone, so is the data – there is no local copy if you relied on iCloud.
Google account bans: Accounts disabled for ToS violations (sometimes disputed), taking Gmail, Drive, Photos, and purchased content with them. Google’s appeal process is notoriously opaque.
Microsoft 365 suspensions: Business accounts suspended for payment disputes, locking organizations out of their own data.
Content Modification
Streaming edits: Films and shows edited after release on streaming platforms. Scenes removed, dialogue changed, content that was available disappearing.
Book modifications: Ebook purchases modified after purchase. Footnotes added, content removed, editions changed without buyer consent.
Photo manipulation: Some cloud platforms have been caught altering uploaded photos (compression, “enhancement” without consent).
Economic Gatekeeping
Payment processor bans: Businesses deplatformed from payment processors lose the ability to transact, regardless of legality.
App store rejections: Applications removed from stores with no alternative distribution method if you’re locked into the ecosystem.
Email filtering: Important emails (job offers, contracts) filtered as spam with no transparency into why.
The Risk Assessment Framework
I think about this like any other IT risk:
Probability vs. Impact
| Event | Probability | Impact | Mitigation |
|---|---|---|---|
| Account suspension | Low | Catastrophic | Local backups, alternative services |
| Service discontinuation | Medium | High | Data portability |
| Terms of service change | High | Medium | Reduce dependency |
| Price increase | High | Low-Medium | Alternative options |
Concentration Risk
Would you put all company data with a single vendor with no exit strategy? No responsible IT professional would.
So why do we accept this for personal data?
What Self-Hosting Actually Means
What It Isn’t
- Complete isolation: You can still use cloud services. Just not only cloud services.
- Running a data center: A Raspberry Pi or small server handles most needs.
- Paranoid bunker mentality: This is risk management, not conspiracy.
- All or nothing: Pick what matters most to you.
What It Is
- Owning your data: Files exist on hardware you control.
- Having alternatives: If one service fails, you have another.
- Reducing single points of failure: Not everything in one account.
- Maintaining optionality: The ability to switch if needed.
The Tiered Approach
You don’t have to go from “everything in Google” to “off-grid bunker.” Consider tiers:
Tier 1: Backup Your Cloud
Keep cloud services, but maintain local copies:
- Google Takeout regularly for Gmail, Drive, Photos
- Local backup of OneDrive/iCloud to external drive
- Photo library synced to local storage
- Email export periodically
Effort: Low. Protection: Basic.
Tier 2: Parallel Systems
Run your own services alongside cloud:
- Nextcloud for files (parallel to Google Drive)
- ProtonMail or self-hosted email (parallel to Gmail)
- Immich for photos (parallel to Google Photos)
- Keep using cloud but have your own copy
Effort: Medium. Protection: Good.
Tier 3: Self-Hosted Primary
Self-hosted becomes primary, cloud becomes backup:
- Nextcloud as primary file storage
- Self-hosted email as primary
- Local media server (Jellyfin/Plex)
- Cloud becomes backup rather than primary
Effort: High. Protection: Strong.
Getting Started: The Minimum Viable Setup
If you’re reading this and thinking “okay, what do I actually do?”:
This Week: Backup
- Run Google Takeout – export everything
- Export iCloud data to external drive
- Set up automatic photo backup to local NAS or drive
- Export your email (IMAP backup to local)
This Month: Storage Alternative
- Buy a Raspberry Pi 5 or mini PC
- Install Nextcloud (Docker makes it easy)
- Set up automatic sync from your devices
- You now have cloud AND local copies
This Quarter: Evaluate Dependencies
List every service you use. For each:
- What would you lose if suspended?
- Is there a self-hosted alternative?
- What’s your exit strategy?
The Career Connection
The risk assessment framework demonstrated here – probability vs. impact matrices, concentration risk analysis, tiered mitigation strategies – is exactly what enterprise architects use for business continuity planning.
In interviews, being able to articulate vendor lock-in risks, exit strategies, and data sovereignty concerns demonstrates the strategic thinking that distinguishes senior engineers (£60k+) from principal architects (£80k+).
Interview talking points:
- How to assess vendor concentration risk
- Building resilient architectures with exit strategies
- Balancing convenience vs. control in technology decisions
- GDPR and data sovereignty compliance considerations
The Bottom Line
I’m not telling you to delete your cloud accounts. I’m not saying Microsoft or Google are evil.
I’m saying: don’t put all your eggs in one basket that someone else controls.
This is basic risk management. It’s what I tell enterprise clients. It’s what I practice personally.
Self-hosting isn’t about distrust. It’s about optionality. It’s about having alternatives. It’s about not being completely dependent on any single company’s continued good graces.
Cloud services are tools. Use them. But have backups. Have alternatives. Have exit strategies.
Because the best time to build an exit strategy is before you need one.
Continue the Series
This is the first article in the series
Action: Export your Google data this week using Google Takeout
I help companies move to the cloud. I keep my own data on hardware I control. Both positions are rational. The difference is the risk profile.
Related Guides
If you found this useful, these guides continue the journey:
- Self-Host Nextcloud — replace Google Drive with your own cloud storage
- Self-Host Vaultwarden — own your password vault
- Self-Host Jellyfin — own your media library
- Build Your First Homelab — the practical starting guide
- Pi-hole DNS Setup — take control of your network DNS
- WireGuard VPN — secure remote access to your self-hosted services
ReadTheManual is run, written and curated by Eric Lonsdale.
Eric has over 20 years of professional experience in IT infrastructure, cloud architecture, and cybersecurity, but started with PCs long before that.
He built his first machine from parts bought off tables at the local college campus, hoping they worked. He learned on BBC Micros and Atari units in the early 90s, and has built almost every PC he’s used between 1995 and now.
From helpdesk to infrastructure architect, Eric has worked across enterprise datacentres, Azure environments, and security operations. He’s managed teams, trained engineers, and spent two decades solving the problems this site teaches you to solve.
ReadTheManual exists because Eric believes the best way to learn IT is to build things, break things, and actually read the manual. Every guide on this site runs on infrastructure he owns and maintains.
Enjoyed this guide?
New articles on Linux, homelab, cloud, and automation every 2 days. No spam, unsubscribe anytime.