The Stat Nobody Expected: 67% On-Premises
For a decade the story was simple. Everything moves to the cloud. Data, workloads, governance, all of it.
The numbers tell a different story.
About 67% of data integration market revenue comes from on-premises deployments, according to Precedence Research (2025). Not legacy systems waiting to be retired. Live revenue, today.
This is not nostalgia. It is a deliberate choice by the organisations with the most to lose. Banks, hospitals, pharmaceutical firms, defence agencies, national governments. The buyers who read the contract before they sign it.
The cloud-default vendors built their products for a market that does not include these buyers. And that gap is now shaping how enterprise data strategy gets decided.
This piece looks at why. Why a self-hosted data platform is winning where it matters most, and what that means if you are evaluating where your data should live.
Why Regulated Industries Cannot Go SaaS
Start with the constraint that SaaS vendors rarely lead with.
When you use a SaaS data platform, your data sits on someone else's infrastructure. The vendor processes it. The vendor's sub-processors may touch it. Your compliance posture now depends on a supply chain you do not control.
For most companies, that is an acceptable trade. For regulated ones, it is often a dealbreaker.
Consider what the major frameworks actually require:
- HIPAA: protected health information must be controlled, with a clear chain of custody. Every sub-processor is another party to a Business Associate Agreement, and another point of exposure.
- SOC 2: auditors trace where data flows and who can reach it. A sprawl of third-party processors widens the scope of every audit.
- 21 CFR Part 11: pharmaceutical records demand e-signatures, audit trails, and data integrity under ALCOA+ principles. The data must stay attributable and tamper-evident from end to end.
For SOC 2 and HIPAA, self-hosted changes the question entirely. The data stays on customer infrastructure. There is no sub-processor chain to map, no outbound flow to justify. The audit boundary stops at your own perimeter.
This is the heart of the self-hosted vs SaaS data debate for regulated buyers. It is not about features. It is about who holds the data and who is accountable when a regulator asks.
The hidden cost of getting this wrong is rarely a single fine. It is the slow tax of every audit, every vendor review, every breach-notification clause. We unpack that in The Hidden Cost of Data Integration.
Air-Gapped Deployment: Defence, Government, Critical Infrastructure
Some environments do not have an internet connection at all.
Defence networks, classified government systems, power grids, water treatment, certain manufacturing floors. These are air-gapped by design. No outbound calls. No phone-home. No SaaS, ever.
Yet they still need data governance. Arguably they need it more than anyone.
This is not a niche concern. In April 2025 the Pentagon's Chief Data and Artificial Intelligence Office initiated data integration experiments, a signal that even the most security-conscious institutions are actively modernising how they handle data inside their own walls.
A SaaS product cannot serve this market. Full stop. If the software needs to reach a licensing server, fetch an update, or send telemetry, it cannot run in an air-gapped facility.
This is where the architecture of a self-hosted data platform matters most. Air-gapped data governance requires:
- Zero outbound calls at runtime.
- Deployment fully inside the customer's own network.
- Cryptographic offline licensing, so the software validates without ever reaching the internet.
- No reliance on external sub-processors for any function.
Integrius is built for exactly this. It deploys via Docker and Helm entirely inside customer infrastructure, makes zero outbound calls at runtime, and licences cryptographically offline. It runs in an air-gapped facility the same way it runs anywhere else.
That is not a feature bolted on for one government contract. It is the design assumption.
Data Sovereignty Regulations Driving the Shift
Even outside the air-gapped extreme, the legal ground is moving.
Data sovereignty has gone from a procurement preference to a statutory requirement in market after market. The rules increasingly dictate not just how data is protected, but where it physically resides and who can access it.
A few examples, by name:
- The EU Data Act sets out rights and obligations around data access, sharing, and the ability to switch providers, with a clear emphasis on control and portability.
- China's PIPL, the Personal Information Protection Law, imposes strict conditions on cross-border transfers of personal information.
- Various national data governance frameworks across other jurisdictions push in the same direction: keep regulated data within national borders, under domestic control.
The common thread is on-premises data integration as the safe default. If the data never leaves your infrastructure, cross-border transfer rules are far simpler to satisfy. Sovereignty stops being a question you answer per vendor and becomes a property of your architecture.
For a CISO or compliance lead, that is a meaningful shift. You are no longer trusting a SaaS vendor's regional commitments and hoping they hold. You are holding the data yourself, in a location you chose.
This is also why data sovereignty and self-hosting are increasingly discussed together. One follows from the other.
The Real Cost of Cloud Dependency
The SaaS pitch leans on cost. No servers to run, no infrastructure to manage. Pay a subscription and forget about it.
The reality for regulated organisations is more complicated.
Cloud dependency carries costs that rarely appear in the sales deck:
- Audit overhead. Every sub-processor expands the scope of compliance work. More parties, more contracts, more review.
- Egress and lock-in. Moving data out of a SaaS platform is rarely cheap or simple. The switching cost is the point.
- Loss of control. Pricing changes, feature deprecations, and outages happen on the vendor's schedule, not yours.
- Exposure surface. Every outbound connection and every third party is another path an attacker or a breach can follow.
None of this means the cloud is wrong. For plenty of workloads it is exactly right.
But when the data is regulated, the calculus changes. The subscription line item is the small number. The audit time, the legal review, the sovereignty risk, and the cost of unwinding a dependency later are the large ones.
A self-hosted data platform turns that around. Infrastructure cost is yours, but so is control. There is no outbound dependency to defend in an audit, and no sub-processor chain to renegotiate. For organisations that govern data products at scale, predictability is worth more than a low monthly fee. That principle sits at the centre of What Is Data Product Governance?.
Self-Hosted Does Not Mean Backwards
Here is the objection. Self-hosted sounds like a step back. Manual installs, brittle servers, a platform that lags years behind the cloud-native tools.
That was true once. It is not true now.
Modern self-hosted software runs on the same foundations as the cloud platforms it competes with. Containers, orchestration, declarative deployment. The difference is where it runs, not how advanced it is.
A capable self-hosted data platform in 2026 offers:
- Container-native deployment via Docker and Helm, the same primitives cloud teams already use.
- Customer-controlled infrastructure, on-premises, in a private cloud, or air-gapped, your choice.
- Cryptographic offline licensing, so there is no trade-off between modern licensing and air-gapped data isolation.
- Full governance capability, lineage, access control, audit, and approval workflows, with nothing stripped out for the on-premises edition.
Integrius is a working example. It turns scattered sources into governed data products, each with an owner, a normalised schema, an API, documentation, lineage, approval workflows, and field-level access control. It connects to sixteen sources, from PostgreSQL and Snowflake to Salesforce and Kafka. None of that requires the cloud.
Self-hosted is not the compromise edition. For these buyers, it is the better-architected one.
What Self-Hosted Data Governance Looks Like in 2026
Bring it together and a clear picture emerges.
The organisations with the strictest requirements are not waiting for SaaS governance to mature. They are choosing self-hosted because it answers their hardest questions directly. Where does the data live? Who can reach it? Can we prove it has not been tampered with? Will it run with no internet at all?
A modern self-hosted data platform answers all four.
Here is how the two models compare for regulated data:
| Consideration | Self-Hosted | SaaS |
|---|---|---|
| Data location | Your infrastructure | Vendor infrastructure |
| Sub-processors | None | Vendor's supply chain |
| Air-gapped support | Yes | Not possible |
| Audit boundary | Your perimeter | Extends to vendor |
| Data sovereignty | Architectural | Contractual |
| Runtime outbound calls | Zero | Required |
Integrius sits firmly in the left-hand column. Self-hosted, air-gapped capable, with no cloud dependency at runtime. The audit log is tamper-evident, HMAC-chained, and append-only. Isolation is per organisation. The compliance posture maps to 21 CFR Part 11, ALCOA+, GDPR, HIPAA, and NIST 800-53, because the architecture was designed around those requirements rather than retrofitted to them.
The 67% figure is not an anomaly. It is what happens when the buyers who carry the most regulatory weight pick the model that keeps them in control. If your data products carry that weight too, the governance principles in What Is a Data Product? are the right place to ground the decision.
The market shift is already here. The question is whether your data strategy reflects it.
Deploy data governance on your infrastructure, under your control. See Integrius.