The risks of the cloud oligopoly according to Databarracks

The global technology marketplace is increasingly dominated by a select few companies, each fighting to further reinforce their competitive position. As a clear demonstration of this trend, recent analysis shows that Amazon Web Services (AWS), Microsoft Azure and Google Cloud control over two-thirds of the entire public cloud industry.

In what has come to be known as the ‘cloud oligopoly’, a consolidation of the market has created some unexpected challenges for businesses. The pursuit of a distributed, more resilient business has left many organisations inadvertently exposed to concentration risk – with many of the SaaS products they rely on hosted on the same public cloud providers.

Regulators have repeatedly voiced concerns about this risk, as well as the potential for businesses to become ‘locked-in’ to their providers. Ofcom, for instance, published a report in 2023 outlining their concerns with the practices of companies like AWS and Microsoft. These include high egress fees, technical barriers to interoperability and the double-edged sword of committed spend discounts.

With a sudden upheaval of the market or strict regulation unlikely to come into effect any time soon, the onus is on businesses invested in public cloud to evaluate their own exposure to these risks. To this end, we’ve taken a closer look at the dynamics and future of the cloud oligopoly – as well as the steps organisations can take to protect their interests.

The cloud and concentration risk

Concentration risk is at its highest when an organisation is dependent on a limited number of vendors or suppliers, which can lead to significant disruption if or when they encounter issues. In the context of the cloud, while using several vendors may create the illusion of supply chain diversity, if their shared cloud host suddenly fails – that illusion shatters.

In practice, concentration risk makes organisations more vulnerable to the failures of their vendors. If a cloud provider suffers unexpected disruption – be it from a security breach, supply chain shortage, or natural disaster – so too are all the companies that rely on their services. Of course, potential interruption can have serious financial or reputational consequences.

Furthermore, concentration risk is not just an issue for individual organisations, it can impact entire industries. If a sizeable portion of similar businesses rely on a single cloud provider, a disruption could ripple through the market with widespread and unpredictable results.

Avoiding vendor lock-in

Vendor lock-in is also an unfortunate, although almost certainly intentional, side effect of the cloud oligopoly. Cloud lock-in occurs when a business becomes dependent a single cloud provider due to hidden costs, interoperability issues or financial incentives that can make it difficult to move to another provider.

For example, egress fees – charges for transferring data out of a cloud – are set high by the major providers, which makes it costly to switch vendors. Technical restrictions may also be imposed that make it difficult to configure data and applications to work across different clouds, and further entrench customers in a single provider’s ecosystem.

Additionally, cloud providers are keen to offer committed spend discounts. While these offer a significant cost-saving benefit, they can incentivise customers to concentrate their cloud usage with one provider, thereby increasing vendor lock-in.

Building resilience in a concentrated market

To mitigate the risks associated with the cloud oligopoly, businesses need to adopt strategies that enhance resilience and reduce dependency on a single provider. Some key approaches include:

1. Regular audits and risk assessments

Organisations should conduct regular audits of their supply chains to identify vulnerabilities. This involves not only assessing direct suppliers, but also examining the supply chains of those suppliers. Understanding where risks lie enables businesses to take proactive measures to address them.

2. Diversifying cloud providers

While there are technical and financial challenges to using multiple cloud providers, diversification is crucial for resilience. Using different providers for production systems and backups can help to mitigate the risk of a single point of failure.

Immediate failover to another cloud may not be practical or cost-effective, but having copies of data outside of the production environment is also key to resilience. At a minimum, setting up backups to another cloud is an inexpensive but worthwhile practice.

3. Building across multiple availability zones and regions

Businesses should architect their cloud environments across multiple Availability Zones within a region to limit the impacts of localised outages. Deploying across different geographic regions can also help to improve resilience, although this is a more expensive and complex undertaking.

4. Embracing interoperability and containers

Technologies like containers can facilitate multi-cloud resilience by making it easier to move applications and data between different cloud environments. Containers encapsulate applications and their dependencies, allowing them to run consistently across various cloud platforms.

Infrastructure as Code (IaC) methods and tools also enable the creation and management of infrastructure which can be replicated across different cloud environments quickly and efficiently.

The future of the cloud and AI

As the adoption and complexity of artificial intelligence (AI) continues to accelerate, the influence of the cloud oligopoly can already be felt. Cloud storage, infrastructure and compute are essential for AI development, providing the means to develop and train the most advanced AI models.

However, this also means that the major cloud providers wield significant control over the future of AI, potentially stifling competition and innovation in the field. As AI becomes increasingly integral to various industries, the dependency could exacerbate existing concentration risks.

Policymakers and industry stakeholders must therefore consider measures to promote competition and ensure a healthy, competitive landscape for AI development.

Final thoughts

The cloud oligopoly, insofar as it stifles competition, represents a potentially overlooked area in which businesses must assess their supply chain commitments. While the growth of these providers has made public cloud more accessible than ever, their ascendency has ultimately left businesses and the wider market exposed to new vulnerabilities.

Under these circumstances, organisations must adopt strategies to diversify their cloud usage, build resilience and mitigate risks. Fortunately, we have already begun to see regulatory bodies take notice, and they will play a crucial role in ensuring that the market remains competitive and fair.

As we look to the future, particularly with the rise of AI, addressing these issues will become even more critical to ensure that every business maintains continuity and resilience in a rapidly changing technology landscape.

Databarracks is the UK’s specialist Business Continuity and IT Disaster Recovery provider to law firms.