IaaS Forecasts for 2026: Implications for SMB and Enterprise. Part 2

What’s in Part 1 

• SMB vs Enterprise convergence
• Distributed infrastructure growth
• Pricing shifts toward predictability
• AI services and network pressure

Read Part 1 ⇾

Global Outages and SLA

All infrastructure is subject to failures, and even the largest players encounter them periodically. The year 2025 served as a stark reminder. In October, AWS experienced a 16-hour outage. In November, a Cloudflare incident caused by a minor configuration error in its bot protection system resulted in widespread outages affecting a large portion of the global web, including ChatGPT, Uber, Canva, and many others.

These incidents highlighted that SLA compensation in the form of service credits cannot recover lost revenue or restore user trust. While outages cannot be fully avoided, organizations can mitigate their impact by duplicating critical infrastructure components, not merely maintaining data backups. Multi-cloud deployments, geographic failover, and well-defined Disaster Recovery Plans (DRP) all play a crucial role.

In response, the industry has begun tightening SLAs even for basic services and differentiating reliability tiers. This affects not only mid-tier providers but also hyperscalers. The latter face dual pressure: customers demand stricter guarantees and transparency, while regulators, particularly in sensitive sectors such as healthcare and fintech, push for near “zero downtime,” alongside robust fault tolerance and aggressive RTO/RPO targets.

Billing Transparency

Billing clarity has become a true “Roman Empire” obsession and a longstanding pain point for cloud users. Until recently, complex pricing models and a multitude of consumption metrics made it difficult to understand what customers were actually paying for. Hyperscalers were especially notorious for hundreds of line items, surcharges, and discounts. In the past year, the industry has taken meaningful steps toward resolving this issue.

The most important initiative is FOCUS (FinOps Open Cost and Usage Specification), coordinated by the FinOps Foundation. Its goal is to establish a unified industry-wide approach to interpreting cloud costs. AWS, Azure, and GCP have already announced participation and plans to support a standardized billing data export format.

In 2026, this initiative is expected to significantly simplify cost analysis, enabling organizations to compare expenses across providers and align them with internal metrics. Standardized FOCUS exports will allow customers to seamlessly integrate usage data into their own BI and FinOps platforms, gaining clearer visibility into exactly where every dollar goes. Vendors are also expected to continue enhancing native cost visibility tools such as AWS Cost Explorer.

Key Players in the IaaS Market

The global landscape remains unchanged. The “Big Three” (Amazon, Microsoft, and Google) collectively control 63% of enterprise cloud infrastructure spending (Q3 2025 data). Their combined share continues to grow steadily, drawing market share away from smaller competitors. AWS remains the leader with approximately 29% of the global market, followed by Azure at ~20% and GCP at ~13%.

These three aren’t “best of everything” - they are the most workable compromise for large organizations when risk matters more than optimizing a single metric. Some providers can beat them on FinOps, on SLA/support in specific regions, or on performance/price for narrowly defined workloads. However, those wins are often purchased with other constraints: thinner ecosystem, limited geography, less service maturity, or more integration issues.

Hyperscalers make the opposite trade: the largest portfolio and operational consistency at the cost of real downsides like lock-in pressure, egress charges, and dependence on paid support tiers. They keep showing up on shortlists not for the peak scores, but for the widest “good-enough” range of service quality and cost.

Among second-tier providers with significant market presence, Oracle Cloud and Alibaba Cloud deserve mention. Oracle focuses on enterprise SaaS and corporate databases, while Alibaba Cloud is a universal player dominating China and much of Asia.

In practice, both tend to be “purpose-driven” choices. If you don’t have a clear reason to bet  on Oracle’s DB ecosystem or a concrete need to operate in China, then picking these clouds “just because” in most cases adds complexity without unique value. If you can’t clearly articulate why this specific cloud, it’s a strong signal that you may not need it. Every more general-purpose provider will likely be a better fit.

IBM Cloud still holds a portion of the market, although its share has declined significantly in recent years. More interestingly, new players have emerged among the so-called “old guard”, often referred to as neoclouds. These are typically young companies built from the ground up, offering highly specialized cloud products designed specifically for HPC and AI workloads. Although still small in absolute terms, their rapid growth will inevitably siphon market share from traditional providers.

One notable neocloud leader is CoreWeave, which offers GPU-based cloud infrastructure for machine learning. Founded in 2017 as a cryptocurrency mining company, it pivoted after the 2018 crypto crash, leveraging its GPU inventory to build a dedicated GPU cloud.

This strategy proved exceptionally successful. Global demand for AI computing, partnerships with NVIDIA, and large-scale acquisitions of H100 chips enabled CoreWeave to secure major contracts, including with Stability AI. This year, CoreWeave became one of the first companies to deploy NVIDIA Blackwell Ultra GPUs and signed a long-term infrastructure agreement with OpenAI.

Another prominent newcomer is Crusoe, which offers services such as managed inference for popular and resource-intensive neural models. The startup has partnered with Blue Energy, which plans to build and operate a private nuclear power plant generating 1.5 GW to support AI infrastructure.

These plans are undoubtedly ambitious and carry significant risk. However, given the rapid growth in neocloud valuations, 2026 is likely to bring innovative services capable of meaningfully reshaping the familiar cloud landscape.

The SMB Market Landscape

Caution and distrust toward the cloud are gradually fading. Small and medium-sized businesses are increasingly migrating to cloud infrastructure, recognizing its potential for efficiency and rapid growth. The benefits are clear: faster project launches, easy scalability, and reduced capital expenditures. Yet SMBs still face global challenges.

Cost management remains the most pressing issue. Large enterprises can afford dedicated FinOps teams and specialized tooling; SMBs cannot. As a result, they may face unexpectedly large bills or even data leaks caused by misconfigurations. Cost risk for SMBs is not just “overspending” - it is volatility. A single noisy metric (like egress, logs or requests) can turn a normal month into an incident report for the CEO. FinOps helps, but it is a cross-team operating model that requires tooling, discipline and time - exactly what many SMBs don’t have.

Hyperscalers pose particular challenges due to their hundreds of services, which can overwhelm even experienced engineers. As a result, SMBs often gravitate toward simpler platforms such as DigitalOcean, Hetzner, Vultr, Linode, and Heroku. These providers offer intuitive services with fixed pricing, making them more predictable both financially and operationally.

For many SMBs, hyperscalers complexity becomes something like a “hidden tax”. The engineering team spends much more time learning the provider than shipping the product. When a single vendor offers hundreds of services, the problem is not choice - it is cognitive overhead and a higher probability of expensive mistakes. In this point of view, a smaller catalog with clear defaults is not a limitation; it is a safety feature.

Over the past year, AI has firmly established itself within IaaS not only as a workload, but also as an operational tool. Although the AIOps paradigm emerged some time ago, only in recent years have providers entrusted ML models with anomaly detection and automated actions.

Customers are also increasingly relying on AI agents to manage complex configurations. Routine tasks such as software updates, permission management, and load balancing can now be handled by intelligent automation, removing human error from the equation. Engineers do not disappear; their role shifts upward: from execution to supervision and problem-solving. By the end of 2026, a significant share of cloud environments will likely become partially self-managing.

Another positive factor for SMBs is the continued growth of open-source solutions. OpenStack remains a prime example, particularly where vendor independence is critical. Over the past decade, it has become the gold standard for on-premise IaaS. Resource orchestration tools such as Kubernetes, Terraform, and Cloud Foundry continue to mature as well.

Most modern cloud providers now offer managed Kubernetes services, demonstrating how interoperability can be preserved. Applications built for Kubernetes can be easily migrated between clouds, reducing the risk of vendor lock-in and enabling hybrid architectures where multiple clouds extend on-premise deployments.

It is also noteworthy that many providers continue to open-source their internal technologies and maintain them publicly - AWS Firecracker (micro-virtualization for functions) being a notable example. Projects like Prometheus and Grafana are ubiquitous across modern infrastructures, remaining true to their open-source roots while serving as foundations for proprietary monitoring systems. This trend is likely to continue in the coming year, making more internally developed tools available to the broader community.

Cybersecurity and Regulatory Change

We conclude our forecast with several critical challenges facing the entire industry. Throughout 2026, increasing threat complexity will demand stronger defensive measures. Unfortunately, while AI brings convenience and flexibility, it also expands the attack surface. Since the COVID-19 era entrenched remote work, companies have been operating hundreds of thousands of cloud resources and network-accessible devices, creating countless potential entry points.

One dominant strategy is the Zero Trust model, where no user or service is trusted by default. Access is granted with minimal privileges and continuously verified. Over the past year, more organizations have adopted CSPM (Cloud Security Posture Management) and SIEM (Security Information and Event Management) solutions for continuous monitoring, anomaly detection, and strict identity governance.

AI has become a double-edged sword. On one hand, it enables proactive threat detection and large-scale data analysis to prevent incidents. On the other hand, attackers are also leveraging AI - retraining models to bypass built-in safeguards, attacking authentication mechanisms, and even deploying automated social engineering tools.

Regulatory pressure on the cloud market continues to intensify. Many countries now require data to be stored and processed domestically, driving the concept of “sovereign clouds.” While this strengthens government oversight of data flows, it also creates lucrative opportunities for providers. Sovereign IaaS can be tens of percent more expensive than standard offerings due to localization and isolation requirements. In return, organizations gain assurance against extraterritorial data requests from foreign governments.

As a result, spending on sovereign IaaS will grow rapidly in 2026. This will also enable many critical industries to migrate to the cloud, as the absence of cross-border data transfers reduces legal exposure and mitigates risk.

Conclusion

In 2026 IaaS becomes less “cloud” and more “infrastructure”. Complexity is growing because systems now have more dimensions: regions, network costs, AI workloads, data flows, etc. They change faster than yesterday’s best practices can stabilize. 

Abstractions have saved us for many years. VMs hid hardware, containers hid operating systems and their components, Kubernetes hid applications management. In 2026 these layers still matter, but they no longer shield customers from reality. They mostly move complexity into places that are harder to see - “dark corners” with bare-metal constraints, egress economics, compliance requirements.

That’s why architecture turns into a competitive strategy. Well-designed infrastructure like a product: define clear reliability tiers, realistic SLAs, measurable cost of change, planned degradation, fault tolerance of critical nodes. Provider choice shifts from “cheapest VMs” to “best risk partner” simultaneously ensuring data sovereignty, billing transparency, professional support, and security ecosystem. All the above becomes a real advantage in 2026.