Frimer-Rasmussen Consulting

Cloud AI? Local AI? You Need Both — And Here's How to Secure Them

AF: Mikkel Frimer-Rasmussen
ARTICLE
# Cloud AI? Local AI? You Need Both — And Here's How to Secure Them **By Mikkel Frimer-Rasmussen, [Frimer-Rasmussen Consulting](https://frimer-rasmussen.dk/)** --- ## The Two Doors Your marketing team uses ChatGPT every day. Campaign ideas. Social media drafts. Market report summaries. It's fast, it's convenient, it never gets outdated. Everyone loves it. Then HR asks a different question: *"Can we use AI to analyze the employee satisfaction survey?"* The dataset contains names, salary bands, and free-text complaints about specific managers. Legal chimes in: *"We want AI to review our supplier contracts — including the ones under NDA."* Finance: *"Could AI help us forecast using our proprietary trading data?"* Suddenly, "just send it to the cloud" doesn't feel so simple anymore. Most AI strategies get this wrong. They pick a side. Cloud enthusiasts say *everything* should go to ChatGPT, Azure, or Google. Privacy advocates say *nothing* should leave the building. Both positions miss the point. The right answer depends on your use cases and your risk tolerance. For most organizations, it's a mix of both — a **hybrid AI strategy** where the *type of task* dictates the tool. Not ideology. Not enthusiasm. That distinction is the single most important AI governance decision your organization will make this year. It deserves to be repeated: **the type of task should dictate the tool, not the level of enthusiasm for AI.** --- ## The Cloud AI Trap Cloud AI is excellent. For general Q&A, brainstorming, content drafting, and public-data summarization, hosted models from OpenAI, Google, or Anthropic are fast, powerful, and constantly improving. But a cloud-only strategy comes with risks that rarely make it into the sales pitch: **Your data leaves your control.** The moment a prompt containing customer names, financial figures, or legal terms hits a cloud API, that data lives on someone else's infrastructure. Their encryption. Their access policies. Their employee vetting. Their sub-processors. You may trust them today — but will you trust every company they acquire or partner with tomorrow? Consider the last 12 months alone: geopolitical shifts, new data sovereignty regulations, executive orders on AI, and acquisitions that reshuffled entire cloud ecosystems. The vendor you chose last year may operate under very different conditions today. **Compliance multiplies.** Where exactly is your data processed? Stored? Backed up? Under which legal jurisdiction? If you operate in Europe, GDPR demands answers to these questions. If you serve financial or healthcare clients, the bar rises further. "Somewhere in a US data center" is not an answer your Data Protection Officer wants to hear. **Vendor lock-in is real.** Your carefully crafted prompts, fine-tuned workflows, and institutional knowledge become dependent on one provider's platform. I learned this the hard way: I had built 52 specialized AI assistants inside OpenAI's Custom GPT system. A "Devil's Advocate" for challenging my thinking. A NIST Cybersecurity Expert for compliance work. Even a Flavor Combinator that understood molecular gastronomy. They worked beautifully — until I wanted to switch to Claude or Gemini. My intellectual property was locked in a proprietary database. (I escaped in two hours, but most organizations wouldn't know where to start.) **Cost scales — both ways.** Token-based pricing is elegant when your usage is small. When your entire organization starts using AI daily, the monthly invoice can become unpredictable. **Shadow AI is a thing.** If your official policy is restrictive but your tools are cloud-only, people will find workarounds. They'll paste sensitive data into personal ChatGPT accounts. They'll use unvetted browser extensions. The worst security risk isn't the tool you chose — it's the one your employees chose *for themselves* because the approved option was too rigid. None of this means cloud AI is bad. It means a cloud-only strategy has blind spots. And blind spots in AI governance have a nasty habit of surfacing at the worst possible moment: a data breach, a compliance audit, or a board meeting where someone asks — *"Who exactly has access to our data?"* --- ## The Local AI Promise (and Its Dangerous Blind Spot) The alternative is running AI models locally. Your own hardware. Your own firewall. Open-source models like Mistral, Gemma, and Llama have become remarkably capable — you can download them and run them on a decent laptop. Your data never leaves your building. No per-token cost. Complete control. Sounds like the privacy dream. In many ways, it is. But there's a catch that almost nobody talks about: **open-source AI models ship with zero security.** No username. No password. No distinction between a regular user and an administrator. No log of who asked what. Anyone on your network can connect and do anything — including deleting every model with a single command. It's like installing a vault in your office but leaving the door permanently open. Sit with that for a moment. You moved your data *off* the cloud to protect it. You set up a local AI server specifically because the data was too sensitive to share. And now that AI is sitting on your network, completely exposed, accepting any request from anyone who can reach it. This is not theoretical. It's the default state of every major open-source AI runtime today, including Ollama — the most popular tool for running local models. So we have a paradox. Cloud AI protects access but exposes data to third parties. Local AI protects data residency but exposes access to anyone inside the network. **Neither option is complete on its own.** --- ## The Hybrid Strategy: Matching AI to the Task Stop picking camps. Build a framework that matches each task to the right tool — based on data sensitivity, not personal preference. A practical starting point: | Task | Best Fit | Why | |---|---|---| | Brainstorming, ideation | Cloud AI | No sensitive data. Speed matters. | | Summarizing public reports | Cloud AI | Publicly available information. Scale is a benefit. | | Drafting marketing copy | Cloud AI | Creative work. No privacy risk. | | Analyzing employee feedback | **Local AI** | Contains names, salaries, personal complaints. | | Reviewing NDA contracts | **Local AI** | Legally confidential. Cannot leave your infrastructure. | | Processing customer PII | **Local AI** | GDPR Article 28. Data residency obligations. | | Defence/government tenders | **Local AI** | Classified or competition-sensitive specifications. | | Internal code generation | Either | Depends on whether the code is proprietary IP. | **The governing principle:** The type of task dictates the tool. Not the level of enthusiasm for AI. This is a governance decision, not a technology decision. And it's one that middle managers — not just CTOs — need to own, because you know your team's data better than anyone. --- ## Making Local AI Enterprise-Ready Sensitive tasks require local AI. Local AI has no built-in security. How do you close the gap? The answer is surprisingly simple: **you don't change the AI. You put proven security infrastructure in front of it.** The same principle protects every web application you already use. Your email, your banking portal, your HR system — none handle security by themselves. They all sit behind layers of access control managed by the infrastructure around them. For local AI, three layers do the job: **Layer 1 — The Gatekeeper.** A *reverse proxy* — think of it as the reception desk in a corporate building — sits at the single entrance to your AI. Every request passes through this desk. Nobody walks straight to the AI. In technical terms, this is an Nginx server, a battle-tested web server that millions of organizations already run. **Layer 2 — The ID Checker.** Before the gatekeeper lets you through, your identity is verified. *Who are you? Can you prove it? What role do you hold?* Two components handle this: an *identity provider* (Keycloak — open-source, managing users and issuing digital access passes) and an *authentication proxy* (OAuth2-Proxy — checking those passes against the identity provider). It's the same OIDC technology (OpenID Connect — the standard behind "Sign in with Google") that secures most modern web applications. **Layer 3 — Role-Based Access.** Different people, different permissions. This is called RBAC — Role-Based Access Control: | Role | What they can do | |---|---| | **Reader** | See which AI models are available. Nothing else. | | **User** | Have conversations with the AI models. | | **Superuser** | Also download and install new AI models. | | **Admin** | Full control, including deleting models. | A junior employee can chat with the AI but can't install untested models. A department head can request new models but can't delete the ones other teams depend on. An IT administrator has full control — and every action is logged. **The key insight:** security for AI doesn't require new tools. It requires disciplined use of existing ones. The AI itself was never modified. Not a single line of code was touched. All the security lives in the infrastructure *around* it. > This is called the "Identity-Aware Proxy" pattern. Google's own internal security architecture (BeyondCorp) uses the same principle. It's not experimental — it's the standard for how large organizations protect internal services. We applied it to AI. --- ## Why This Matters: Real Stories Theory has its place. Stories have theirs. Here are three that show why hybrid AI isn't optional — it's the operational reality. ### The Intellectual Property Trap As I described earlier, I had 52 AI assistants locked inside OpenAI's platform. No export button. No standard format. I escaped in two hours by building a migration pipeline — but most organizations wouldn't know where to start, and wouldn't try until it was too late. **The lesson:** If your AI strategy depends on a single vendor, you don't own your AI — they do. A hybrid approach with local capability means you always have an exit. ### When the Data Can't Leave the Building A maritime technology company needed to screen EU defence tenders across 12 countries and 12 languages. The tender documents themselves are public — but the company's *response* is not. Analyzing which underwater drones meet which technical requirements reveals proprietary capabilities, pricing strategies, and competitive positioning. That analysis cannot travel to a cloud AI. An AI agent running locally — behind the secured gateway architecture described above — screened, filtered, and extracted technical specs autonomously. **Over 100 hours per year of manual work eliminated.** The company's competitive intelligence never left their own infrastructure. **The lesson:** Some tasks are too sensitive for the cloud. They need AI that runs locally, with real access control and real audit trails. ### The Speed Case (Where Cloud AI Shines) Not every task needs the fortress. When I built a health and fitness app (Vitality40+) based on research from WHO, Mayo Clinic, and Harvard, I used cloud AI throughout — Gemini for research, Google Stitch for design, AI Studio for code generation. Seven hours. Less than one cent in cloud costs. Zero sensitive data. **The lesson:** Cloud AI is *perfect* when privacy isn't a concern. The hybrid decision isn't about rejecting the cloud — it's about knowing when *not* to use it. **The type of task should dictate the tool.** --- ## Getting Started: A Roadmap for Leaders You don't need a data center. You don't need a dedicated AI team. You don't even need a large budget. Five steps: **1. Audit your current AI usage.** What tools are people *actually* using — not what's approved, but what's *used*? Where does sensitive data flow? Shadow AI thrives in the gap between policy and practice. You can't govern what you can't see. **2. Classify your tasks by data sensitivity.** Use the task table from this article as a starting point. The key question for each task: *"Would I be comfortable if this data appeared in a competitor's inbox?"* If the answer is no, that task probably belongs on local AI. **3. Start small with local AI.** One team. One use case. One model. The project behind this article runs on a single laptop using four Docker containers (pre-packaged software environments that run independently — like apps on a phone). No server room required. **4. Secure from Day One.** Never pilot local AI without access control. An unsecured AI on your network is worse than no AI at all — it creates the *illusion* of data protection while providing none. The gateway architecture in this article is open-source and fully reproducible. **5. Build your hybrid policy.** Document which tasks are approved for cloud AI and which require local AI. Make this part of your AI governance framework — not a technical decision hidden in IT, but a business policy visible to every team lead. The organizations that will get the most value from AI in 2026 are not the ones with the biggest budgets. They're the ones with the clearest thinking about *which AI goes where, and why.* --- ## The Bottom Line The best AI strategy doesn't pick a side. It picks the right tool for each job — and secures both. Cloud AI for speed and convenience, when data sensitivity isn't a concern. Local AI for tasks where data must stay under your roof — with real access control, real audit trails, and real governance. The type of task should dictate the tool. Not the vendor's marketing. Not the hype cycle. Not the enthusiasm of early adopters who haven't thought about the exit strategy. **Your data. Your models. Your rules.** --- *If your organization is navigating the tension between AI convenience and data control, I'd welcome the conversation. At [Frimer-Rasmussen Consulting](https://frimer-rasmussen.dk), we help organizations build practical AI strategies — from governance to production.* *Mikkel Frimer-Rasmussen — 30 years in IT for critical infrastructure (Defence, Customs, public transport). Former member of the Danish Government's IT Council (Statens It-råd). Current focus: Generative AI implementation for knowledge-intensive work.* --- *© 2026 Frimer-Rasmussen Consulting — [frimer-rasmussen.dk](https://frimer-rasmussen.dk)*
← Tilbage til Artikler Til toppen ↑