It's hard to ignore this trend. It's also true that the cost-to-benefit ratio continues to decrease to the point where common sense favors moving many workloads up to the cloud where you can transform capex and personnel expense to opex that scales up and down very easily.
But SharePoint Server is such a sticky product with tentacles everywhere in the enterprise that it may well be the last great on-premises application. Let's explore why.
The cloud simply means someone else's computer
One clear reason is that SharePoint, for so many organizations, hosts a large treasure trove of content, from innocuous memos and agendas for weekly staff meetings to confidential merger and acquisitions documents. In most organizations, human resources uses SharePoint to store employee compensation analysis data and spreadsheets; executives collaborate within their senior leadership teams and any high-level contacts outside the organization on deals that are proprietary and must be secured at all times; and product planning and management group store product plans, progress reports and even backups of source code all within SharePoint sites and document libraries.
No matter how secure Microsoft or any other cloud provider claims it can make its hosted instances of SharePoint, there will always be that nagging feeling in the back of a paranoid administrator's head: Our data now lives somewhere that is outside of my direct control. It's an unavoidable truth, and from a security point of view, the cloud is just a fancy term for someone else's computer.
Not even Microsoft claims that every piece of data in every client tenant within SharePoint Online is encrypted. Custom Office 365 offerings with dedicated instances for your company can be made to be encrypted, and governmental cloud offerings are encrypted by default, but a standard E3 or E4 plan may or may not be encrypted. Microsoft says it is working on secure defaults, but obviously this is a big task to deploy over the millions of servers they run.
[Related: SharePoint 2016: What do we know]
Nothing is going to stop the FBI, the Department of Justice, the National Security Agency or any other governmental agency in any jurisdiction from applying for and obtaining a subpoena to just grab the physical host that stores your data and walk it right out of Microsoft's data center into impound and seizure. Who knows when you would get it back Microsoft famously does not offer regular backup service of SharePoint, relying instead on mirror images and duplicate copies for fault tolerance, and it's unclear how successful you'd be at operating on a copy of your data nor how long it would take to replicate that data into a new usable instance in the event of a seizure.
Worse, you might not even know that the government is watching or taking your data from SharePoint Online. While Microsoft claims that if possible they'll redirect government requests back to you for fulfillment, the feds may not let them, and then Microsoft may be forced to turn over a copy of your data without your knowledge. They may get a wiretap as well. And if the NSA has compromised the data flowing in and out of their datacenters with or without Microsoft's knowledge, then it's game over for the integrity of your data's security posture.
It's tough for many perhaps even most Fortune 500 companies to really get their heads around this idea. And while Microsoft touts the idea of a hybrid deployment, it's difficult and not inexpensive and (at least until SharePoint 2016 is released) a bit kludgy as well. On top of that, wholesale migration of all of your content to the cloud could take weeks and require investment in special tools, increased network connection bandwidth and all of that. All of these reasons validate SharePoint remaining on premises for most places that are already using it.
It's (sort of) an application development platform
Some companies have taken advantage of SharePoint's application programming interfaces, containers, workflow and other technologies to build in-house applications on top of the document and content management features. Making those systems work on top of Office 365 and SharePoint Online can be very difficult beast to tame. With the on-premises version of SharePoint, everyone has access to the underlying environment and could tweak and test it. Office 365 requires licenses and federated identities, and doesn't offer access to IIS and SharePoint application management features.
[Related: 10 SharePoint success stories]
On top of that, a pure cloud or even a hybrid option still may not be any less expensive than using portions of resources and hardware your company already has...another reason why SharePoint is one of the last remaining applications that will make sense to run on premises for a long time to come.
It's a choice with less obvious benefits there is lower-hanging fruit
Email is still the slam dunk of cloud applications. Your organization derives no competitive advance, no killer differentiation in the marketplace from running a business email server like Microsoft Exchange. It is simply a cost center no one is building applications on top of email, no one is improving or innovating on email in a way that would mean it made sense to keep that workload in your own datacenter. Secure email solutions exist now that encrypt transmissions and message stores both at rest and in transit, so security in the email space is much more mature than, say, hosted SharePoint. No wonder Exchange Online is taking off.
SharePoint is not as clear a case here. While you might choose to put your extranet on SharePoint Online or host a file synchronization solution in the cloud, there are enough reasons not to move SharePoint into the cloud for a variety of audiences and corporations big and small that should see SharePoint on premises long after most everything else has been moved over to Somebody Else's Computer".