AWS and Azure should both be separated from their parent companies. That would end a lot of the hand-wringing about Amazon competing with its retail customers, and would force Microsoft to stop it's anticompetitive license bundling shenanigans.
GCP can follow in a few years, if they survive that long.
It's unclear if the accounting Microsoft is using to account for Azure is actually valid. Apparently a lot of Office revenue is being stuffed under the Azure division to inflate its numbers to make them look bigger than Google.
True… and in practice how do you do anything without Azure AD? If all the juicy stuff is stored in 365 and therefore warrants P2 or E5 bundling, is it possible to unscramble the revenue egg?
If they can tease identity out, the rest gets easier.
I agree. And while I'm probably wrong, my impression is that so much of the parts of identity AD handles directly is simple these days. What's difficult is IT departments are used to AD.
I think that's something slightly different. I'm not saying AD would be easy to replace in an existing org, with existing software. I'm saying the job it does for most orgs seems fairly basic (i.e. be the system of record for users and groups, which map on to OIDC users/groups in individual apps for all the day to day permissions work).
Companies are free to split up their reporting into as many arbitrary divisions and categories as they like. IBM has been playing this game for a while, putting all kinds of legacy business and whatever division they have left that is growing under a "Cloud" banner to show their strong "Cloud first transformation".
Azure is indeed substantially smaller than AWS, and hides it with 365 revenue. The estimates I've seen suggest that in terms of true cloud infrastructure, the next 3 providers combined are still not quite as big as AWS.
I say this as someone who only uses AWS for DR backups: hosting infra is one of the most competitive industries out there. Major cloud costs are exorbitant but that should be interpreted as proof of a great product. I shudder at paying 9c/gb egress but apparently many others do not.
> hosting infra is one of the most competitive industries out there.
Here is an experiment - tell your employer you will be hosting on (insert no-name provider here), to same a literal million dollars, and see if you can get security team to sign off on it.
Here is another experiment - reach out to he security team, and tell them AWS costs are too high, ask them which providers they will be ready and willing to sign off. My guess is it will not be a big list beyond AWS/Azure/GCP.
So the market is not competitive at all, most of us cannot switch providers even if the alternative would be 100x better.
PS: I am not saying security team are assholes, I am pointing out a major barrier to competition.
> PS: I am not saying security team are assholes, I am pointing out a major barrier to competition.
> Here is an experiment - tell your employer you will be hosting on (insert no-name provider here), to same a literal million dollars, and see if you can get security team to sign off on it.
???
So what does this have to do with the security team at all? There is no "barrier" in that sense.
In the past we've had more non-cloud engineers than cloud. Using your experiment, if you told your IT team you wanted to move to the cloud (back then) to save a million dollars - do you think they'd sign off on it? No.
Who signed off on it? The bosses that believed in the "hype".
Who's in control and who has power? If the bosses want it to happen it will even if it doesn't make sense. They have the ability to fire the security team if they said no. Just like how ethical AI teams get fired...
The barrier is those in power still believe in the "hype" and don't know otherwise.
I met a CTO of a startup sometime ago that moved their entire operations from GCP to AWS because they were "more familiar with it". That's all.
> I met a CTO of a startup sometime ago that moved their entire operations from GCP to AWS because they were "more familiar with it". That's all.
Without knowing which startup you are referring to its hard to make a judgement as to the quality of the decision but you should not discount the role tooling familiarity has when developing software.
> but you should not discount the role tooling familiarity has when developing software.
No 1 was familiar with the cloud when it 1st came out.
As to this scenario, clearly the whole company was running GCP so everyone minus the new CTO would be familiar with GCP vs something else.
Point exactly being that regardless of the security team or the developers - this familiarity that you mention or any other trait only applies to a select few in management.
> Here is an experiment - tell your employer you will be hosting on (insert no-name provider here), to same a literal million dollars, and see if you can get security team to sign off on it.
SOCS/PCI/etc is going to take maybe $100-200k. If you can save a million dollars you should do it. Hire an expert if you have to. Serious.
I think it probably won't save you a million dollars, because I think all of the cloud vendors are priced with just enough profit to make sure of it, but if you know something I'd like to know about it.
Speaking as someone who went through this process at a large financial firm, you're off by at least an order of magnitude. You need a SOC1 audit of each product you plan to use, which is likely quite a few if you want to take full advantage. The big players should eventually be able to offer that for free once they've been through the process but, at least relatively recently, it was only true today if your cloud budget was tend of millions. That aside, you'll still need an audit of your usage of the cloud (i.e. how you deploy to it and handle movement of data back and forth). That'll always be on your dime.
No. At the end of the day, the customer pays, because I charge more for bullshit. They need an SOC to use my cloud product it cost me 150k USD to get an audit from a big-four for a single site in 2016. Maybe it’s a little more today, but it’s not an order-of-magnitude.
I’m assuming you already adhere to the relevant standards. Obviously if you’re cutting corners getting up to snuff is going to cost a lot more than a hundy.
A Big 4 can't conduct a proper SOC audit without access to the cloud providers internal controls/processes. That's the problematic/expensive part since it requires a bunch of time from the cloud provider, which they will also likely want to bill for.
As someone currently dealing with SOC in preparation for the company I work for going public, I will also confirm it is a giant bean-counting pain in the butt.
> I think all of the cloud vendors are priced with just enough profit to make sure of it
Profit margins on cloud computing are insanely high (at least, relative to my expectations). They basically have no interest in anything with less than a 15% margin, even at the massive scale they operate at. Certain products have triple-digit margins. Even if they are the minority, I don't think we can give them a pass with claims of "just enough profit".
The reality is that there’s myriad providers that simply do not provide the assurances that AWS/Azure/GCP do. Sure, there’s a bit of “use these, because we know them, and they work”, but there’s also a bit of “the typical developer is not at all across the security requirements, especially taking into account contractural obligations and regulated industries”.
tl;dr even after getting a big public sector contract, a UK based cloud provider was killed off after scaling to meet demand which was then withdrawn. Attaining - and keeping - scale is extremely difficult. And that was just IaaS provision.
If you're scaling your whole business for one customer based on one contract then you better be sure you can either scale down again, or the contract has safeguards in it to stop a rugpull.
The magic of cloud is how quickly you can scale things up. If you're a new fast growing business it will give you a competitive edge.
If you drank to cloud kool-aid from the beginning you kind of get used to huge costs for simple services so it's easier for your brain to justify paying 10k a month for a simple web app deployed in kubernetes, using cosmos db and any other number of services.
I've seen many companies that started on the cloud and their core architecture is so interleaved with the cloud that it would a huge investment to reduce that dependency and switch.
> The magic of cloud is how quickly you can scale things up
I see this spouted a lot, but my recent (last 6 months?) experience with AWS is that unless I pay up front to reserve a tonne of high end instances that I don’t necessarily need today, but might need tomorrow, I’m regularly running into capacity issues where I cannot spin up new instances of the metal that I want, and AWS support confirms they just don’t have the capacity unless we pay to reserve it up front.
At that point, it’s no different to running my own DC, where I already have 3 months of runway on my server pipeline anyway.
I wonder what the cause of that is? I think I've heard this sentiment elsewhere recently but I don't recall it in the past. So what's caused the capacity constraint?
The risk to Amazon of enabling you to scale up low end instances on demand is relatively low.
The risk of doing the same with high end instances is a different story.
Low risk & high margin products make for a highly profitable business. High risk and lower margin products less so.
Their target audience is people that can be equally well served by digital ocean and their ilk, but are happy to pay the Amazon premium.
It’s a good business model for Amazon, and a terrible value proposition for the customer who may not know better, and thinks they’re paying to de-risk their potential future growth requirements. The cost of migrating out then becomes prohibitive (both in technical hours and egress fees), so you like it or lump it, but either way, you likely just wait and/or pay Amazon more.
Same. I use Hetzner and DigitalOcean for my own stuff, and shudder at AWS costs. At the same time both my current and previous employers use AWS and it's fine for their user because revenue is (very) high relative to the cloud resource usage, and that is a situation where cloud usage is fine. But so many - B2C in particular - businesses who uses cloud have tight enough margins that they're just setting themselves up for being disrupted by a competitor with tighter cost control.
Do people even understand what "free market" means? A free market is one with low or no barriers to entry for suppliers and perfect information available to consumers such that they can always make the optimal choice. How can anyone, especially on this site, think the cloud market is anywhere close to being free?
I think people are confused thinking free market means no regulation. No regulation leads to monopoly which is the furthest from a free market you can possibly get. People who seriously advocate for such things are ignorant fools. There are countless examples of how markets fail and that's why every major economy in the world has a government.
It depends on what you mean by free market, it's often used interchangeably with with laissez-faire capitalism but an important concept in a free market is that the barrier to entry for new competitors should be as low as realistically possible, so regulation that prevents vendor lock-in can be pro free market.
It makes sense with this being an American site, and most Americans think that Socialism is essentially the same thing as Communism (but then why define them as separate things?).
Community, Cooperative, Employee owned are all forms of socialism. None of them prevent competition.
> no market incentive to provide a decent service, nor to compensate workers fairly.
If you owned part of the company you worked for, you would be more likely to provide good service as that would then have repeat business and would directly financially impact you. The performance of the business is the only way you would get paid and as there are no shareholders the company would compensate rather than dividend.
Your comment makes absolutely no sense, socialism doesn't prevent free markets.
Socialism is about social not state ownership of the means of production. This does not prevent the state being involved either, and even then they can be a joint-stock corporation's.
As I said, "social" ownership of the means of production can occur in a capitalist country with free markets.
A socialist regime, like the USSR, North Korea, or Mao's China would have state ownership. The founding fathers of modern socialist thought (e.g. Marx) would define socialism in terms of state ownership of the means of production.
But feel free to muddy the waters if you prefer to avoid concrete definitions.
This is wild reading. The UK has tied its own hands in its ability to police these practices? This smells like a case where some pro-corporation lawyer wrote the original rules and put in a bunch of pointless constraints to make the process as difficult and cumbersome for the government as possible. For one thing the study period is 18 months? That seems like way too long. And all the procedural hurdles just seem busted. God I feel bad for the people working on this it's pretty obvious they'll never be able to overcome these barriers.
I wonder if the UK situation is worse/better than the rest of Europe here. At least there are Hertzner and OVH, but not sure if they are remotely comparable to AWS et al.
I don't know much about the situation in Europe, but in the UK once you move beyond the international cloud players most of our hosting is now owned by big conglomerates. The smaller companies have been bought up by iONOS, team.blue, HostEurope and others I can't recall.
They're not comparable to AWS but it has reduced choice and IMO customer support, as each individual company is cost-optimised into a brand and the actual hosting moved to the parent company's infrastructure.
Hetzner is at best comparable to the very first version of AWS, but since then the "traditional" cloud has moved on. Hetzner is basically old school (I guess we can call this model old school now?) IaaS, whereas AWS, Azure and GCP are mostly PaaS now. At Hetzner you think about what infrastructure you need, at traditional cloud providers people don't think about infrastructure that much anymore and rather think about what ready made products they need.
They're not really comparable with AWS as a whole. They certainly compare with EC2, but as far as I know neither OVH nor Hetzner have anything comparable to say, IAM. It is the pre-cloud roll-your-own-in-a-dc thing and it isn't the same proposition if you're a business.
> Technical restrictions on interoperability. These are imposed by the leading firms that prevent some of their services working effectively with services from other providers. This means customers need to put additional effort into reconfiguring their data and applications to work across different clouds.
I'm not sure what they mean by this, anyone care to speculate?
I'd guess that migrating from any of the local cloud DB variations (Aurora say) is unduly hard once you've migrated to it. But that's just a guess. It is certainly a PITA to migrate, I know that for sure.
Cloud providers will always make their in-house offerings more attractive and easier to use compared to other (open standards) solutions. That's how you get locked in.
I agree with that, but given that a lot of the DBs on AWS and Azure are proprietary software (eg Cosmos and DDB) I'm not sure what ofcom proposes doing about that.
They don’t propose to do anything. They don’t even say that this feature in particular is illegal.
They merely say that after doing a market study, they noticed that: egress fees are significant, technical barriers to interoperability are in place and the discount structure based on committed spending is suspicious. From their point of view, that warrants an actual full investigation by the Competition and Markets Authority.
They need to get the costs down. Unless you are big business or startup with funding, most cloud services are insanely priced. I was looking at Google the other day at some training, just wondered how much something like the API gateway cost and it was £12k for average use.
I’ve worked in a digital agency running out of an old barn out the back of a house, and a completely bootstrapped 4 person small business making a software product, and in both cases our AWS spend was absolutely negligible compared to say….salaries.
It depends what you are using. I have seen the bill spiral after some innocuous sounding add ons. Add an apple server or thier managed ftp and start scaring yourself
Title could probably end in "by CMA" to indicate competition concerns rather than eg criminal investigations.
Also, this is excellent and way past time. I'd love to see some movement here that would allow some competitors into the market that would be more wholesome than the usual field of american monsters.
This is exactly the type of intervention that crippled Europe's tech ecosystem. The cloud market is one of the most competitive in tech, with numerous strong and emerging players.
In addition to established giants such as AWS, Azure, and GCP, there are also healthy second-tier players such as Cloudflare, Akamai, and Digital Ocean. I can also list more than a dozen new startups in the space that got money thrown at them.
Furthermore, it's important to recognise that cloud companies struggle to lock in because of the competitive dynamics at play. You have 2 levers to pull, money and tech lock-in.
You can't go far with money without quickly reaching diminishing returns. At the core you have compute, databases and object storage. All off these have been abstracted to a point where its very tricky to create lock-in without creating strong adverse reactions from customers.
As someone who has been closely observing the industry for almost a decade, I have noticed a strong trend towards reduced lock-in.
Regarding the political aspect, I strongly disagree with the notion of attacking these companies just for the sake of being actually really good (and big).
The EU alternatives are notably inferior, they constantly find themselves playing catch-up, which could be attributed to a weaker anti-tech ecosystem.
The tech giants in America are able to innovate at a rapid pace due to a robust ecosystem that encourages experimentation and dogfooding. Google, for example, developed MapReduce and Kubernetes out of necessity, while Amazon and Microsoft also heavily rely on their in-house innovations.
You can make a similar argument with Cloudflare and Akamai, these offerings were not only welcomed, they needed to exist in the American tech ecosystem.
You see similar ecosystem dynamics at play in China with hardware.
> High fees for transferring data out, committed spend discounts and technical restrictions are making it difficult for business customers to switch cloud provider or use multiple providers
The technical restrictions are, as you say, not clearly creating lock-in. The committed spend discounts seem like a gray area. But the egress fees are no joke, and I consider them extremely anti-competitive.
I don't see how committed spend discounts are different from contractual B2B pricing in every other industry. I can also see why egress bandwidth can be expensive for e.g. server farms, the contention ratio is (usually) significantly higher than it is for ingress.
How would you propose PAYG/SaaS bandwidth pricing is altered to be more competitive, or for example Amazon Glacier retrieval is heinously expensive for retrieval but it's transparent and IMO has a fair reflection of the underlying costs involved.
And the fact that they have made no move to reduce pricing to compete with R2 suggests that they are not actually motivated by making a profit on egress. I strongly suspect that they are motivated by lock-in: AWS wants you to minimize egress costs my moving more services into AWS. And this includes third-party services. In a competitive market, services like Crunchy Data, Pinecone, and Snowflake would ordinarily be hosted in their own datacenters or in colocation facilities, and customers would pay a hefty premium to use an AWS, Google or Azure version. But, since egress fees mean that a non-big-cloud variant can’t possibly be cost-effective for customers, these services don’t bother to offer. (And they can’t even be usefully competitive across clouds. If Azure wants to attract companies like Snowflake, reducing the amount they charge for storage and compute is entirely useless.)
I don’t know how to regulate this properly, but a price cap at some low (and ever-falling) figure wouldn’t be so horrible. Or requiring that egress be billed at the same rate as local traffic. (Although 100Gbps of same-rack traffic is cheap, whereas 100Gbps of egress is genuinely fairly expensive.)
As an aside: having recently priced Glacier vs commodity hardware, Glacier is reasonably priced for monthly storage but not particularly cheap. I suspect it exists in part to make customers feel better about moving large amounts of data into the cloud. AWS could likely still make a profit on it if the retrieval fee were decreased by a factor of 10. If I wanted to store a few hundred TB and access it a couple times a year, especially if that access is from outside AWS, then storing an on-prem copy is less expensive, and the best option may be an on-prem copy plus an archive in Glacier for disaster recovery.
At best you can say, its an unnecessary burden which is artificially created with the purpose of dissuading customers from leaving.
Only a small group of cloud customers would find this "burden" meaningful enough in monetary terms to even generate a report. In my view, this does not rise to the level of severity, scale, or type that would warrant regulatory intervention.
I believe the difference of opinion is political in nature, I'm fundamentally opposed to the government taking a kingmaker/referee role in the free market.
This is why I abhor the three letter agencies in America, especially the financial ones. These regulators especially in Europe are given immense power to arbitrarily decide whats right/wrong.
>This is exactly the type of intervention that crippled Europe's tech ecosystem.
...could be read as the "UK is in Europe."
It's not, of course.
Ofcom means nothing to us over here. Though I'm sure it'll be watched, and learned from.
The regulator could define each service offered as either "interoperable" or "non interoperable". An interoperable service is one where a largely identical and technically compatible service is available as open source code or from many competitors. For example kubernetes (Kubernetes opensource, Amazon EKS, Microsoft AKS).
Non interoperable services would have a 25% revenue tax applied if they have more than a 10% market share and are run by a company with a revenue over $10M/yr.
I'd like to see them require cloud providers price network ingress and egress to a competitor the same as network ingress/egress to another service of the same provider.
Eg. an AWS VM reading data from DynamoDB should cost the same per gigabyte than an AWS VM reading data from Google Bigtable.
Either they need to start accounting for bandwidth between services, or stop charging for bandwidth to competitors.
From a logistical point of view, this is hard. For a provider, bandwidth within their datacenter from one service to another is very cheap (and hence why they don't charge for it).
Yet bandwidth to a competitor 200 miles away is far more constrained. As well as costing more, it simply isn't practical to have a fleet of 10,000 VM's all booting up using remote disks 200 miles away in a competitors datacenter which only has two 100Gbps direct network links shared between all customers.
GCP can follow in a few years, if they survive that long.