As the business ecosystem surrounding Cloud Computing develops, it is critical to have a conception of how it works, the diverse types of service offerings, and the way that services fit together. We need to understand how the Cloud works to identify where the commercial battles are taking place and what territory firms are competing over. A holistic understanding of the Cloud ecosystem is also critical for policymaking by diverse government agencies across various jurisdictions to avoid undue conflict and confusion for all parties involved.
The cloud ecosystem in summary
Let us first summarize key components of the evolving ecosystem. As with most technology stories, it is easy to get distracted by the minutiae of the underlying bits and bytes of Cloud Computing, especially given its technical complexity. Our contention, however, is that the competitive arena for these complex technologies and business models can be described in quite simple terms.
As in all markets, commercial battles in Cloud Computing revolve around “ownership”—control of the end user relationship and the ability to maximize value-extraction from that relationship. The intimate relationship between scale and cost efficiency in Cloud Computing operations makes this an acute issue. The faster a Cloud provider can grow its customer base and achieve scale, the faster it can lower the per transaction cost of offering the service. This scale efficiency effect can provide a significant competitive advantage to early movers who attract a large customer base.Footnote 4
This is a simple story of the digital prairie, starring those who provide Cloud services (Cloud Providers), those that purchase and consume the services (Cloud Users), and those who connect providers with the consumers (Connectors).
Since this paper focuses on the emergent competitive and policy issues facing the Cloud ecosystem, providers and connectors are our primary object of analysis. We leave a full-scale analysis of different types of users, and what they can do with Cloud services, for a separate study.
There are three types of providers and connectors. (The top horizontal axis of Fig. 1, Pane A.)
The Cloud Providers create, configure, run and distribute services from their Cloud Datacenters
The Network Providers offer Access Networks that enable the distribution of Cloud services from the Cloud Providers to Users.
The Device Providers offer the mobile phones, tablets and PCs through which users access Cloud services.
Cloud Computing’s technical, business, and policy issues play out across three layers of technical architecture. (The vertical axis of Fig. 1, Panel A.)
The Infrastructure layer encompasses the hardware, networks and operating systems responsible for managing fundamental resources such as data storage, computation and network bandwidth. A critical element of the Cloud Infrastructure layer is the ability to virtualize the connection between physical resources and the services that consume them.Footnote 5 Put simply, virtualization decouples applications and software platforms from the underlying physical hardware with software mimics hardware, “tricking” applications into thinking that they are interfacing with physical servers when they are in fact interfacing with software-created “virtual machines.” There may be several virtual machines residing on a particular physical server, or there may be multiple physical servers running one particular virtual machine. Virtualization enables greater flexibility in how workloads are managed, and how datacenters are constructed, since providers can dynamically add, remove or modify hardware resources without having to reconfigure the services that depend on them.
The Platform layer serves two purposes. It provides a set of common services, such as databases, messaging, and business rules engines, that are shared by applications. It also insulates application developers from the complexity of the underlying infrastructure through a set of higher level Application Programing Interfaces (APIs).
The Application layer provides the mechanism through which users interact with the Cloud applications—often through a web browser. In the Cloud datacenter the application layer is where the business logic for the application is run.
These two typologies constitute the two axes of our framework illustrated in Fig. 1, Pane A. Now we examine in detail the specific characteristics of each element. We proceed by moving through the provider typology, examining Cloud Providers, Network Providers, and Device Providers in turn. Each faces a specific set of policy issues that cannot be understood without a grasp of the technical architecture.
Cloud providers: provisioning cloud services
Cloud Providers, who provide services from their Cloud Datacenter fall into three broad types according to their technical architecture type. Figure 1, Panel B, shows how Cloud providers with different architecture types entail different business models. We start with the bottom right corner.
Infrastructure services—commonly referred to as Infrastructure as a Service (IaaS)—are virtual, Cloud-based replacements for physical hardware such as processors and hard drives. For example, Amazon offers virtual servers accessed through web interfaces, for which users pay by the hour per virtual processor. These virtual servers mimic the attributes of physical servers, although in reality the underlying processing power can be distributed over a large number of physical servers. They provide the flexibility of renting truly massive amounts of processing power for short amounts of time.
IaaS offered as standalone services can act as inputs to other Cloud service offerings. For example, a variety of Cloud service providers rent Amazon’s virtual servers and storage as their backend datacenter rather than building their own. For example, Animoto—a startup firm that automatically generates music to match users’ pictures and videos—uses Amazon’s Cloud-based IaaS services as its backend. When the service experienced sudden exponential growth as its popularity skyrocketed, it was able to add capacity almost instantly by increasing its use of Amazon’s virtual servers and storage, avoiding service slowdowns or outages.
As inputs to others’ Cloud service offerings, IaaS providers can benefit from the growth of Cloud applications and services as a whole, rather than being tied to the fortunes of particular companies. At the same time, they are commoditized more easily, since switching storage or processing power is relatively easy. This leads to pressure to attain massive scale to offer lower costs.
Platform services (Platform as a Service—PaaS) can be thought of as a virtual version of an operating system, such as Windows for PCs. Windows as a platform offers tools and interfaces for third party developers that take advantage of the underlying hardware; each piece of software does not have to include all the rules to control how the processor interacts with the memory and hard drive, how the hard drive stores information, or how the computer interfaces with the screen. Similarly, Cloud platform services provide software developers with tools that take advantage of the massive scalability and flexible resource allocation offered by the underlying Cloud Computing data centers. Microsoft’s Windows Azure platform, Salesforce.com’s Force.com, and Google’s App Engine are examples of Cloud platforms.
PaaS providers’ competitive position depends on the breadth and range of applications written to its platform—the attractiveness its ecosystem. Microsoft’s dominance of the PC platform with Windows is the paradigmatic example. PaaS providers will compete on the basis of the unique attributes of their platform, the efficiency with which applications can be developed, and the size of the user population they can offer to third party developers.
Most PaaS providers monetize their services by charging developers to use the underlying processing power, storage and network capacity utilization, and other higher level services such as billing handled by the platform provider, optimized content delivery, and service-level guarantees. A few providers, such as SalesForce.com, harness their third party application market to enhance the functionality of their service offering itself—in this case its Customer Relationships Management (CRM) service.
Applications and Content Services (Software as a Service—SaaS) are the actual services, such as office productivity (Google Apps, Microsoft Office365 etc.), email, CRM, Enterprise Resource Planning (ERP) and the like, used by users.
A key advantage of Cloud-based software for users is that users essentially outsource the operation and maintenance of software. Upgrades happen automatically at the back end, eliminating the need for local technical support teams. Users can rapidly scale up the number of subscriptions or usage volume by paying more, without needing to redesign datacenters or undertake costly IT system upgrades. SalesForce.com’s CRM, for example, is sold as a Cloud service accessed through a Web interface, with a monthly subscription fee structure.
Not only does the move to Cloud services eliminate the operational complexity and cost of installing, deploying and maintaining complex hardware and software systems in the users own environment, but it also alters the accounting for these services. Users’ Capital Expense (CapEx) based accounting model for IT provision, in which investments are depreciated over time, can be transformed an Operational Expense (OpEx) based model, where expenses can be offset immediately against income.
The policy issues for cloud providers: global meets national
Cloud providers face a particular set of policy issues. By their very nature Cloud services are borderless since users only required Internet access and an Access Device, and for providers, the location of the datacenter(s) is irrelevant.
Major Cloud service providers such as Google and Microsoft distribute their datacenters across the world. A Hotmail or Gmail user never knows on what server, in which datacenter, and in which country their mailbox is stored. The technological advantages to this approach include significant levels of fault tolerance and disaster protection, a more responsive user experience regardless of location, and the ‘illusion’ of limitless scale provided by these services.Footnote 6
However, every country in which the services are consumed, or in which the physical datacenters reside, has its own set of local policies and regulations bearing directly on electronic service provision and data protection.
Legal issues such as information privacy, security, and legal jurisdiction are highly nation-specific. In the US, for example, the Patriot Act allows the US government to demand disclosure of any data stored in any datacenter, anywhere in the world if that system is operated by a US-based company, broadly defined. That single law places US-based Cloud service providers such as Google, Microsoft, Amazon, and others at a great disadvantage when competing for business in foreign markets. Governments, even close allies, will think twice about using US Cloud providers if their sensitive data can fall under the reach of this act.
Data privacy is another area with no common global policy standards to which Cloud providers can adhere, and to which all governments will agree. In the US, the 1996 Health Insurance Portability and Accountability Act (HIPAA) protects personal health information and the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH) prohibits disclosing health data to third party providers without specific business agreements and security requirements. The Gramm-Leach-Bliley Act protects personal financial information, and the Sarbanes-Oxley Act contains an array of reporting requirements for companies’ internal controls and reporting procedures.
Europe is a challenging regulatory environment for Cloud providers, with stringent data privacy regulations and substantial differences between individual states. In many European jurisdictions users must actively consent to the collection and storage of their personal information. Providers must disclose on request what information is stored and in general, data about European citizens may not be stored or processed outside EU borders.
Legal issues surrounding international jurisdiction and accountability have yet to be settled. For example, it is still unclear which rule of law applies for the arbitration of contract disputes—the country in which the service is consumed, or the country in which the service originated. In other words, is it Microsoft’s datacenter in Singapore or the US in which Microsoft is headquartered? Debates of this sort will result in much case law over the years ahead. Another US Patriot Act example further illustrates jurisdictional complexities. If the US government seizes some servers from a particular datacenter citing potential terrorist threats under the Patriot Act, those servers may host the data of many more—possibly international—clients than the suspected target.Footnote 7 The issue is what right of protection for search and seizure those clients should expect. Amazon’s removal of Wikileaks data from its Cloud storage environment may have been driven by this concern. We will return to these issues in Part III when delving into specific national deployment issues.
Network providers: connecting the user to the cloud
Network Providers provide the connectivity enabling users to consume the services provisioned and served from Cloud datacenters. These Access Networks are strongly shaped by national government policies, particularly telecommunications regulations and information access laws. The outcomes of policy debates in these areas can potentially drive substantive divergences in Cloud deployments across the world.
Following the architecture types again, we begin at the bottom (See Fig. 1, Panel C). The Infrastructure layer includes the physical means by which network services are delivered. This includes both landline and wireless. Corporate buildings are typically connected to fiber optic lines, providing extremely high-speed access. For homes and mobile connections, a diverse array of networks is deployed around the world. Broadband networks to homes include Digital Subscriber Line (DSL) that sends high-speed data over conventional copper telephone lines, cable, and Fiber-to-the-Home (FTTH). FTTH is by far the fastest, but the most costly. Wireless technologies range from evolutions of existing WiFi and Mobile WiMax networks to the next (4th) generation cellular technologies, such as Long Term Evolution (LTE).
Government policy strongly shapes the deployment of these technologies in their domestic economies, thereby determining the network environment available for user connection to Cloud services. There are various ways in which governments can facilitate the deployment of landline and wireless technologies. They can increase regulations on incumbent carriers, liberalize markets through deregulation or licensing new carriers, and actively facilitate the deployment of wireless technologies, for example. In Japan and South Korea, regulatory support led to rapid DSL diffusion, and in Japan’s case extensive FTTH availability at low prices (Kushida and Oh 2007).
Insufficiently developed connectivity vis-à-vis other countries can hinder users from enjoying the benefits of Cloud services available elsewhere. Having the fastest possible networks, however, do not necessarily confer countries with an automatic advantage. In Japan’s case, for example, the platform services taking advantage of those networks were limited to the domestic market. Therefore, services and applications predicated on Japan’s high speed broadband and wireless networks were “trapped” in the domestic market.Footnote 8
Telecommunications carriers, which generally own most of the network infrastructure that delivers Cloud services to users, are also highly regulated. In some cases, regulation precludes them from extending their reach and offering into adjacent domains. For example, in most advanced industrialized countries, national state-owned communications monopolies were partially privatized and their hardware manufacturing arms were spun out, preventing them from competing as Device Providers. In other cases, incumbent carriers were prevented from entering and dominating software and applications using data networks. In the US, for example, the FCC consistently prevented the Baby Bells from controlling the services and control layers of the telecommunications stack.Footnote 9 This regulatory stance was a critical enabler for a new class of Internet service providers, opening opportunities for others to use these services as a platform to innovate and experiment (Bar et al. 2000). This policy trajectory was critical to the emergence of today’s Cloud service providers, who build upon the operational heritage of those early Internet service providers.
Free from the regulations imposed on network providers, Cloud providers such as Google and Microsoft have been free to build out their own substantial network infrastructures. This lowers their costs to carry data, obviating the need to pay other network operators. Control over more of the network also increases opportunities for experimentation. In 2009 Google ranked third worldwide in the total volume of Internet traffic carried over its own private networks, displacing AT&T and Sprint (Labovitz et al. 2009). Google was also involved in a number of well-publicized undersea fiber optic cable investments linking Asia to North America (KDDI 2009). With neither Microsoft nor Google regulated as telecom carriers, they have been free to engage in strategies prohibited to the latter, entering all three domains—Cloud services, Access Networks and Access Devices. As companies such as Google built out new Cloud-based telephony services—in this case Google Voice—allowing users free unlimited calls within the US from Gmail—incumbent network providers may make it an area of policy contention.
The critical business challenge for incumbent network providers is how to participate in the application layer of the Cloud ecosystem. Unlike the lower layers of infrastructure and platform, the application layer is less easily commoditized. Google Voice is at the application layer, and since Google derives its value from elsewhere, users are not paying directly to use the access networks to place their calls. This challenges incumbent network providers’ business models of charging for use of their networks.
The ongoing debate about network neutrality—largely in the United States—is really a debate about who gets to extract value at the application layer. Cloud service providers argue that all bits should be treated equally when flowing over the network provider’s access networks but this transforms those access networks into truly dumb pipes. Network providers argue they should be able to introduce differential tariffs or service levels depending on the type of data and the Cloud provider’s willingness to pay for carriage. The introduction of new technologies to inspect the contents of data packets to assess their content (known as Deep Packet Inspection) and prioritize traffic (Anderson 2010), and network providers’ attempts to inject their own advertising into data flows (Keane 2008) indicates that this debate will continue.
Incumbent network providers are also the firms through which governments pursue wiretapping and surveillance activities—both formal and informal. In the US, for example, carriers such as Verizon shared customer records with the US government after the Patriot Act was passed in the wake of the 2001 terrorist attacks. As these carriers enter Cloud services by offering Infrastructure resources—leasing storage and processing capacity by leveraging their strengths as a provider of reliable access to high speed networks—this intimate relationship with government security agencies can be a major concern for users. While governments need to establish new ties, and in some cases new legislation to obtain information from new entrants or startup firms, existing regulations and relationships are targeted at incumbent carriers.
Device providers: not your grandmother’s telephone
It is a startling fact that a Formula 1 racing car is closer in heritage to a Model T Ford than a mobile Internet Access Device is to a plain old telephone from only 20 years ago. Apart from the common functionality of being able to place voice telephony calls these two devices share almost nothing in common.
Today’s Access Devices derive their lineage from computing equipment and like the personal computer forebears they have become one of the most intensely competitive battlegrounds of the technology industry. Winners of this battle will not only define the nature of the end user experience, but may also play a leading role in determining the nature and success of Cloud services.
The direct lineage from PCs to modern network-connected access devices suggests that similar competitive battles are likely to occur, albeit on a smaller and more mobile platform. There will be distinct battles: at the infrastructure layer over operating systems, processors and hardware; at the platform layer for the hearts and minds of the developer community; and at the application layer for the loyalty of end users. (See Fig. 1, Pane D)
The advent of Cloud service access on mobile devices and tablets has reshaped the nature of competition in hardware. Device hardware has become an ever-expanding category as manufacturers experiment with new form factors that serve the different uses that Cloud services enable. The present hardware ecosystem includes traditional PCs, netbooks, smart phones and tablet devices (such as the Apple iPad, Samsung Galaxy Tab and Motorola Xoom).
It is important to reflect that both PC hardware and traditional mobile handsets were rapidly becoming commoditized by the mid-2000s. It was the advent of a new generation of smart phones, spearheaded by Apple’s iPhone and then the iPad, that reignited interest in—and reimagined—the role of access devices. Cellular handset manufacturers such as Nokia, Samsung, and Motorola rushed to introduce Internet capable smart phones following the success of Apple’s iPhone. PC manufacturers such as Dell and HP also raced to offer tablet devices following Apple’s successful iPad.
Below that surface there is aggressive competition for the central processing units (CPUs) upon which the software runs. The old battles between Intel and AMD for desktop processor supremacy have been replaced by a battle between Intel and multiple vendors producing processors based on ARM Holding’s architecture. In this new incarnation of the processor wars, Intel is the underdog
Apple’s control of its products over all three layers of architecture—from device hardware to platform to user experience—for both the iPhone and iPad differentiates it from other players in the market, and clearly factors in its popularity. Apple’s profitability across the ecosystem it controls is the envy of others. Apple already provides a number of Cloud services tied to its devices—iTunes. Mobile Me, et cetera. Moving forward, Apple is likely to parlay this advantage into Cloud services to find ever-greater opportunities to extract value from the ecosystem. As it does so, it must tread carefully to avoid the scrutiny of competition authorities around the world, and to avoid the fate of other players dominant in their markets.
Google’s initial foray into Access Devices in early 2010 with its NexusOne handset, manufactured by Taiwanese firm HTC, was an interesting and ultimately unsuccessful experiment. Google attempted to alter the dynamics of competition in cellular handset business by decoupling handsets from the traditional network provider channel and offering a new direct online retail channel. Google folded its online handset retail store later that year after failing to capture a significant market share.
In operating systems as well, old battles from the PC era are once again playing out in modern Access Devices. Again, the PC era’s dominant player, Microsoft, is the underdog. Google’s Android and Apple’s iOS are battling for dominance of smart phone operating systems. Nokia’s recent endorsement of Microsoft’s new Windows Phone 7 operating system is an acknowledgement that it could not compete in operating systems.
The Access Device battleground is one in which multiple business models are vying for market share (Kenney and Pon 2011). Apple’s iOS operating system is integrated into its devices, and only available on Apple products. It includes a platform for third-party applications with Apple playing gatekeeper. Microsoft has always offered PC style-licensing for its mobile operating systems, charging manufacturers a license fee for each unit shipped. The sophistication and quality of the user experience Apple was able to deliver with its closed ecosystem model has been difficult for Microsoft to compete with. The company’s latest attempt with the Windows Phone 7 operating system introduced in 2010 was favorably received but has yet to carve a significant market share. Google’s Android operating system, by contrast, is free and largely open source, with Google extracting value through increased penetration of its Cloud services and advertising revenue streams on Android-based devices.
For PCs, Microsoft’s dominance of operating systems became a policy issue in the US and Europe. Microsoft’s bundling of its Internet Explorer operating system into Windows PC was the focal point of antitrust action. In the context of Cloud computing and Access Device operating systems, policy issues may develop around linkages between operating systems and search. One mobile operating system is unlikely to dominate in the way that Windows dominated PCs, but the ability for Google, with Android, and Apple, with iOS, leveraging a dominant position in one market to gain traction in another is already causing concern and scrutiny by regulators.
The platform layer on mobile devices is becoming increasingly sophisticated and significant in competition between access device and operating system manufacturers to entice developers and users. The breadth and depth of device platform services that can be delivered is directly correlated to the amount of processing capacity available on the device. The capacity available in today’s high-end smartphones is already equivalent to the most powerful desktop PCs only a few years ago.
The canonical example of a platform layer service that has become the focal point of competition between device providers is the AppStore service. Each of the major device and operating system providers now offer an “Application Store” service, entailing a Cloud service to browse available applications, the commerce infrastructure to bill for applications and subscriptions, and finally the distribution, license management and update services required to provision the purchased application on the licensed device. This end-to-end capability requires services in each of the Device, Network and Cloud layers. Moving forward it can be expected that investments in platform layer common services, bound to backend Cloud services, will become a major competitive point of leverage for device providers.