A Friday question - why does the EU need another Cloud Services Provider challenger other than tech-envy?

Many years ago, an investor in the then new world of IT systems selling suggested to me that there was a simple rule to be observed in most market sectors and particularly so in commodity markets. This rule states that any such marketplace, once it has reached a degree of maturity, will always end up with three dominant players surrounded by lots of minnows that swallow up the flotsam that falls by the wayside.

Looking at the market for Cloud Service Providers (CSPs) there already strong evidence of that rule in action. It has already become, broadly speaking, a global marketplace, and it is already being dominated by some well-known names – Amazon’s AWS, Microsoft’s Azure and Google’s Google Cloud.

There is one other major player, China’s Alibaba. Though not yet really a global player, its dominance of the Chinese and China-influenced marketplace makes it big. In addition its more service-based approach to both its own customers and their customers makes it a real contender now it has set sights on going global. It could also be something of a role model for yet another contender in this marketplace: the European attempt to break into the CSP marketplace with an EU-focused contender, Gaia-X.

This is certainly an interesting move, but one that has to be open to question as to its sense or potential success. Given the size of the existing leaders it might be considered that this is a horse that has already bolted. There is more than a hint of the hubris of `we need a big one ourselves’ about promoting what is likely to be a lost cause. In addition, there are better, more varied fish that the UK and Europeans could be jointly and severally frying.

Those fish are applications and services. After all, having the biggest and best CSP capability in the world is pointless if there is nothing for it to do – the world has enough of such egotistical follies already. Giving the CSPs things to do, applications and services to work with is, ultimately, where the money will be. It is also an area where the UK may just stand a real chance.

This Gaia-X thing

The goal with Gaia-X is to establish a sovereign digital ecosystem for European industry and users aimed at creating a secure, distributed, and sovereign European data infrastructure. It is a collaboration between the European Commission, Germany, France, and some 100 European companies and organisations such as SAP SE, Deutsche Telekom AG, Deutsche Bank AG, Siemens and Bosch. It is due to formally get underway this year.

Given the well-known German views on data sovereignty, the urge to set up a service such as Gaia-X is understandable, and it is the case that they do not expect it to go head-to-head with the mainstream CSPs. Instead the aim is to target the many specialised service providers across Europe, providing them with a distributed and interconnected data infrastructure. It will, of course, never get close to competing on price with the likes of AWS and may yet may find that, if it attracts enough business from other EU countries and departs outside of France and Germany, the competition will set up more armour-plated services at very competitive prices.

That may be helped by the growth of the Confidential Computing Consortium set up by the Linux Foundation. This has recently signed up Microsoft and Google to join in with Alibaba, Arm, Baidu, IBM, Intel, Red Hat, Swisscom and Tencent to work on developing open-source technologies and standards that target the delivery of confidential computing services.

It is easy to see that this should instantly create common services from a range of CSPs, which will automatically lead back to the primary ground for competition being price. The long-term prospects for Gaia-X, therefore look a bit slim.

Use Cloud, don’t make Cloud

Yes, demand for Cloud services continues to grow, and yes, there are legitimate concerns about data security that lead to demands for strong data sovereignty environments, so Gaia-X probably won't lose money, but it is unlikely to make great profits or be a world leader.

The target for Europe has to be the end user-focused services, quite probably those that also exploit 5G (which is where the US is likely to lose out in the long run). The UK, much of Europe, much of Africa and much of the Pacific Rim is pitching at the same basic 5G standards so there is a huge market to be had. There is already a lot of effort in games and consumer apps for 5G, extending the apps already working well in 4G services. But there is also great scope for entire new areas of development in business applications, and here the UK does stand a real chance of building some world-leading businesses.

The decision to not ban Huawei completely from 5G participation was a sensible move for a number of reasons, but in this context it is the core backbone of just about every development going on in and around London's so-called 'Silicon Roundabout’.  That small corner of the city is fast becoming as much of a leitmotif in Europe as Silicon Valley is in the US.  

A point to bear in mind here is that start-up businesses will be developing in a marketplace that has all the resources they and their end user customers might ever need. The depth and breadth of Cloud services already available, and the range of capabilities that 5G services will add to that mix, will create a commodity market with a huge range of capabilities, resources, performance levels and costs. It is likely to join energy and other global resources being traded as part of the Futures Market.

For CIOs therefore, their own futures may well include managing their use of that futures market. A key part of that will revolve around where data is stored and why it is stored there. Data security is obviously a key part of that decision making, and there is every chance that some of the apps that will emerge from Silicon Roundabout will offer security solutions that invalidate the technical requirement for data sovereignty solutions, though it may be awhile before the emotional requirement is overcome.

This comes back to the perceived requirement for Gaia-X and it is as much about security as it is ops management. Given the increasing complexity of systems environments these days, especially when it comes to Cloud services, the use of internal security and management tools is arguably getting more complicated and contention-laden – the trend there is inevitably towards becoming less effective. There is a potential alternative model being exploited by the likes of BitSight, based on the notion that, most often, the key element of security and management is what a system does when communicating with other systems. The ability to observe those operations, identify and trap the irregularities and then remediate may well be a better option. That, coupled with appropriate policies, might be a better option for the future.

My take

In practice, insecurity only becomes an issue once the data is motion and the key questions become: what data is involved? Where is it going? Is that target OK/not OK? And how quickly can it be stopped? If such tools can be created then there is an argument that the need for data sovereignty disappears, while the need for such security tools rises dramatically, around the world.

It is also not beyond the wit of someone in the UK - or elsewhere- with a laptop in a spare room, to come up with just such a solution.