When does cloud SCADA make sense?

Cloud SCADA works well when you have dozens of geographically distributed sites that need a single pane of glass, your sites have enterprise-grade fiber with SLA-backed uptime, you have no IT team and want someone else to handle patching, or you need mobile access for executives. Even in those cases, the best architecture is hybrid: local SCADA for real-time control and alarms, cloud for aggregated reporting.

May 1, 2026 · Deployment

On-Premise vs Cloud SCADA: Why Air-Gapped Deployments Still Matter

Q: Is on-premise SCADA cheaper than cloud SCADA?

Over any time horizon beyond a few months, yes. A $4/month on-premise VPS plus a $249 one-time SCADA license costs under $400 total over three years. A cloud SCADA subscription at $200/month costs $7,200 over the same period — and that excludes bandwidth charges, egress fees, and edge gateway hardware for offline buffering. On-premise also avoids the recurring bandwidth costs that cloud SCADA imposes on metered or rural internet connections.

Q: What happens to cloud SCADA when the internet goes down?

The dashboard goes blank, the historian stops recording, and alerts stop firing. Cloud SCADA requires a persistent internet connection to function. An on-premise SCADA system keeps running because it never needed the internet — it polls devices on the local network and serves dashboards over the plant LAN. This is why air-gapped SCADA remains standard in industries where internet reliability cannot be guaranteed.

Q: Is air-gapped SCADA more secure than cloud SCADA?

Air-gapped SCADA has a fundamentally smaller attack surface. There are no inbound ports from the public internet, no VPN concentrator to patch, no OAuth tokens to leak, and no third-party API keys to rotate. The only way to attack an air-gapped system is through physical access to the plant network. Cloud SCADA expands the attack surface by connecting the OT network to the internet, regardless of how well the cloud vendor secures their infrastructure.

Every vendor pitch now leads with "cloud-native," "SaaS," and "AI-powered insights." For office software, that works. For industrial SCADA, it ignores the reality of the factory floor. Cloud SCADA assumes the internet is reliable, cheap, and safe. Inside a plant, none of those assumptions hold.

This post compares on-premise vs cloud SCADA through the lens of real industrial constraints — and explains why air-gapped SCADA, offline SCADA, and local SCADA deployment are not legacy choices. They are risk management.

The Assumptions Cloud SCADA Makes

Cloud SCADA platforms are built on three assumptions:

Always-on internet: Your plant has redundant fiber, 4G backup, and zero downtime.
Low latency tolerance: A 200 ms round-trip to the cloud is acceptable for alarms and control.
Data ownership flexibility: You are comfortable with your production data living on someone else's infrastructure.

For a tech startup in Singapore, those assumptions are fine. For a palm oil mill in rural Sumatra, a steel plant in Eastern Europe, or a water treatment facility in the Australian outback, they are fantasy. Even when connectivity is available, security matters — see how SSO with Active Directory provides enterprise-grade authentication for on-premise deployments.

Real Concerns on the Factory Floor

1. Internet Reliability

Industrial sites do not have datacenter-grade connectivity. They have:

Shared rural fiber that goes down for hours during storms
4G modems with 500 MB daily caps and 2-second latency spikes
Strict IT policies that block outbound connections entirely
Satellite links that cost $10/GB and drop packets every afternoon

When the internet drops, cloud SCADA goes blind. Your operator sees a blank dashboard. Your historian stops recording. Your alerts stop firing. An on-premise system keeps running because it never needed the internet to begin with.

2. Data Sovereignty

More countries are passing data localization laws. Indonesia, China, Russia, and the EU all have regulations requiring certain data to stay within national borders. Even where laws are vague, clients often have internal policies: production data does not leave the premises.

Cloud SCADA forces you to negotiate where data is stored, how it is encrypted in transit, and whether the vendor can comply with audits. An air-gapped deployment sidesteps all of it. The data never leaves. Compliance is trivial.

3. Latency

Cloud dashboards update every 1-5 seconds. That is fine for trending. It is not fine for:

Emergency shutdown triggers
High-speed line synchronization
Real-time operator control where 200 ms feels sluggish

A local SCADA deployment polls devices at 100-500 ms and pushes updates to the browser via SSE in sub-100 ms. The round-trip never leaves the LAN. Latency is measured in microseconds, not milliseconds.

4. Security

Cloud vendors will tell you their security team is larger than yours. That is true. What they do not emphasize is that connecting your OT network to the internet creates an attack surface that did not exist before.

Air-gapped SCADA has no inbound ports from the public internet. No VPN concentrator to patch. No OAuth token to leak. No third-party API key to rotate. The attack surface is the physical plant — and that is already guarded.

On-Premise vs Cloud: The Comparison

Internet Dependency

Required 24/7

None

Latency to Dashboard

100-500 ms

<10 ms

Data Sovereignty

Depends on vendor region

Guaranteed local

Attack Surface

Internet-facing APIs, VPNs

Physical access only

Monthly Cost (100 tags)

$200-800 + egress

$4 VPS or existing hardware

Setup Time

Minutes (if network allows)

Minutes (no network needed)

Customization

Limited to vendor features

Full control over config and UI

Vendor Lock-in

High — data in their format

Low — SQLite files you own

Debunking the "Cloud Is Cheaper" Myth

Cloud SCADA pricing looks attractive at first: $99/month for 100 tags, no hardware to buy. But the real cost accumulates in ways vendors do not advertise:

Bandwidth: A single Modbus device polling 50 registers at 1 Hz generates ~4 KB/s of payload. Add protocol overhead, heartbeat pings, and dashboard SSE streams. A plant with 20 devices pushes 2-4 GB/month upstream. On rural or metered links, that is $50-200/month in data charges alone.
Egress fees: Cloud providers charge for data leaving their platform. Viewing a month of historian data in a dashboard can pull 500 MB in a single session. Do that weekly and you are paying egress on top of subscription fees.
Redundancy: Cloud vendors sell "edge gateways" to buffer data during outages. That is extra hardware, extra licensing, and extra complexity — the very thing cloud was supposed to eliminate.
API limits: Exceed your tier's API call limit and you are either throttled or upgraded to a $500/month plan. There is no negotiating with a SaaS meter.

        Reality check: Over three years, a $4/month on-premise VPS plus a $249 one-time SCADA license costs under $400 total. A cloud SCADA subscription at $200/month costs $7,200 — and that does not include bandwidth, egress, or edge gateway hardware.
      

Why a $4 VPS On-Premise Beats Cloud SaaS

You do not need a server room. You do not need a rack. You need a cheap mini PC or a small VM on existing plant infrastructure:

Hardware: A $80 Mini PC (Intel N100, 4 GB RAM, 64 GB eMMC) or a refurbished thin client. No moving parts. Passive cooling. Mounts on DIN rail.
Power: 6-10W idle. Less than a light bulb. Runs off a small UPS for hours.
Software: A single binary like Voltrus runs on Linux, Windows, or embedded ARM. SQLite is embedded — no database server to maintain.
Connectivity: Ethernet to the OT switch. No internet required. Operators access it via the plant LAN at http://192.168.1.50:3000.
Backup: Copy the SQLite file to a USB stick once a week. That is your disaster recovery.

The total hardware cost is under $100. The software license is $249 one-time. The annual operating cost is essentially zero. And it works when the internet does not. For ensuring your on-premise system stays online even during hardware failures, see our guide to SCADA redundancy and high availability.

When Cloud SCADA Actually Makes Sense

Fairness demands balance. Cloud SCADA is the right choice when:

You have dozens of geographically distributed sites and need a single pane of glass
Your IT team is nonexistent and you want someone else to handle patching
You need mobile access for executives who never visit the plant
Your sites have enterprise-grade fiber with SLA-backed uptime

Even then, the smart architecture is a hybrid: local SCADA for real-time control and alarms, cloud for aggregated reporting and executive dashboards. The local layer keeps running when the uplink fails. The cloud layer gets summarized data, not raw register dumps.

What System Integrators Should Tell Their Clients

Clients ask for "cloud" because they hear it in vendor webinars. Your job is to translate marketing into operational reality:

"Cloud means your dashboard stops working when the fiber is cut. How often does that happen here?"
"Cloud means your production data is in a datacenter you do not control. Is that compliant with your internal policy?"
"Cloud costs $200/month forever. On-premise costs $600 once. Which fits your CapEx vs OpEx preference?"
"Cloud needs internet. On-premise needs a $80 PC and a cable. Which is easier to replace in an emergency?"

Most plant managers, once they understand the trade-offs, choose local. They have already experienced internet outages. They already know the cost of downtime. They just need someone to present the option clearly.

Frequently Asked Questions

Is on-premise SCADA cheaper than cloud SCADA?

Over any horizon beyond a few months, yes. A $4/month on-premise VPS plus a $249 one-time SCADA license totals under $400 over three years. A cloud SCADA subscription at $200/month costs $7,200 over the same period — excluding bandwidth, egress fees, and edge gateway hardware. On sites with metered or rural internet connections, the bandwidth cost of cloud SCADA alone can exceed $100/month.

What happens to cloud SCADA when the internet goes down?

The dashboard goes blank, the historian stops recording, and alerts stop firing. Cloud SCADA requires a persistent internet connection to function. An on-premise SCADA system keeps running because it never needed the internet — it polls devices on the local network and serves dashboards over the plant LAN. When the fiber is cut or the 4G modem drops, on-premise SCADA does not even notice.

Is air-gapped SCADA more secure than cloud SCADA?

Air-gapped SCADA has a fundamentally smaller attack surface. There are no internet-facing APIs, no VPN concentrators to patch, no OAuth tokens to leak, and no third-party API keys to rotate. The only attack vector is physical access to the plant network. Cloud SCADA inherently connects the OT network to the internet, expanding the attack surface regardless of how well the vendor secures their infrastructure.

When does cloud SCADA actually make sense?

Cloud SCADA works when you have dozens of geographically distributed sites needing a unified view, enterprise-grade fiber with SLA-backed uptime at each site, no in-house IT team to manage patching, or executives who need mobile access from anywhere. Even in those cases, the smartest architecture is hybrid: local SCADA for real-time control and alarms, cloud for aggregated reporting and executive dashboards.

Built for Air-Gapped Plants

Voltrus is a single-binary SCADA that runs offline on a $4 VPS or a cheap Mini PC. No cloud required. No subscription. Just local monitoring that works when the internet does not.

See How Voltrus Works