it's interesting because the more paid services these guys bring on board the more complex the security shit gets for them. the head of our IT is a fucking lunatic though and he is steering shit towards utter disaster, he's obsessed with being the guy who picks the next cloud service that "makes things so much better".
my small team is actually considering just getting some mac minis and making a cluster of servers. we decided we don't need infinite uptime for hosting m-f office tools and we can just ... not interface with our infra/devops guys who have lost their damn minds and say no to everything now. they're supposed to be the compute tower under the tragedy known as TBM and they haven't approved a single VM in like 2 years.
It doesn't matter what happens 6m-2y down the road, your odds of being laid off or job hopping are high in the current regime so this all makes sense. You pay some amount of your budget to make your life "easier" in the now.
The trouble comes 2-5y down the line when the service is bought out by <insert MEGACORP here>, and you have to scramble to replace it or hold your nose and pay up.
(tbh, migration is not that hard, but the org will act like it is)
The matrix of authentications, compliances, and intranets will only go up as your company grows and often are enforced by people who do not suffer them daily.
I mean, if you're going that far, a couple of refurbished servers gives you far more compute and far more capacity and much better maintainability.
I think services like Cloudflare could play a role if they were able to provide some kind of forward auth and preferential treatment of core users during overload. My self hosted systems would have to be the source of truth and Cloudflare would have to be replaceable for me to consider using it.
Think along the lines of automated pre-auth that coordinates with the origin based on some standard.
