Do AWS, Azure, Google, Oracle, Others, Have Too Much Market Power?
The FTC, concerned about cloud vendors’ sway over customers, is seeking public comment.
Do Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud and other cloud vendors hold too much market power?
That’s the question the U.S. Federal Trade Commission seeks to answer.
This week, the competition watchdog said it’s collecting public comment until May 22. Regulators in a March 22 press release said they want insight into the following topics:
The extent to which particular segments of the economy rely on a handful of cloud service providers.
The ability of cloud customers to negotiate their cloud contracts or if they experience take-it-or-leave it standard contracts.
Incentives providers to get more business from each customer.
The extent to which cloud providers compete on their ability to provide secure storage for customer data.
The types of products or services cloud providers offer based on, dependent on, or related to artificial intelligence; and the extent to which those products or services are proprietary or provider agnostic.
The extent to which cloud providers identify and notify their customers of security risks related to security design, implementation or configuration.
FTC staff also want feedback on how cloud computing impacts specific industries, including health care, finance, transportation, e-commerce and defense.
FTC’s Stephanie Nguyen
“Large parts of the economy now rely on cloud computing services for a range of services,” said Stephanie Nguyen, chief technology officer at the FTC.
The request for public comment on cloud providers’ market power, Nguyen added, “is aimed at better understanding the impact of this reliance, the broader competitive dynamics in cloud computing and potential security risks in the use of cloud.”
Cloud Vendors Do Hold Sway — Is It the Same as Market Power?
To be sure, cloud vendors hold a lot of sway over their users. Between contractual obligations, hidden fees and security risks, organizations can end up paying more for cloud computing than by using on-premises alternatives. But getting out from under a public cloud service can be difficult. For one, many contracts call for a three-year minimum commitment. For another, it’s easy and cheap to put files and data into the cloud. Removing it is where the fees rack up. These egress charges are earning more scrutiny, IDC analyst Dave McCarthy said last month.
“In a recent IDC survey, 64% of organizations reported spending more on cloud than they had budgeted,” McCarthy said. “A significant portion of this is related to data egress costs. While this has been a growing concern over the last year or two, the current economic climate has thrown fuel on the fire. CIOs are more receptive than ever to change providers if it can reduce their monthly bills.”
Security: A Hot Button for Regulators
Security stands out as another hot issue in cloud computing. Indeed, it’s a key concern for European regulators who have instituted requirements for data sovereignty. Data sovereignty ensures that organizations’ and individuals’ information remains with specific geographic boundaries. While the United States has no such law, the FTC has issued guidance to businesses about securing and protecting cloud data. It’s unclear whether the agency intends to try to enforce any kind of data sovereignty rules.
Conversely, however, the commission has filed lawsuits against companies it says failed to implement basic security precautions when storing data on third-party cloud computing platforms. Two of the targeted firms include Drizly, an alcohol-delivery service, and Chegg, a homework help app. The FTC said last fall that Drizly’s alleged security lapses led to the theft of personal information about more than 2.5 million consumers. Their details later showed up on the dark web. Chegg, meanwhile, suffered four data breaches that exposed 40 million users to bad actors. The company continues to work with the FTC on a resolution.
It’s not clear which third-party cloud computing services Drizly or Chegg uses, but their challenges point to a little-discussed reality: that the cloud vendors themselves do not always provide the deep security measures required to operate safely in the cloud. Often, end users themselves have to institute extra precautions on their own ends to protect data (which is where managed service providers tend to enter the picture).
Market Power Question Comes Amid Huge Adoption
The FTC’s inquiry on market power comes as cloud computing gains adoption worldwide (and as it works under the purview of a presidential administration that expresses more concern about competition practices than its predecessor). According to research firm Gartner, organizations will spend almost $600 billion on cloud this year. That’s up from almost $500 billion in 2022. Synergy Research Group recently reported that in the fourth quarter of 2022, enterprises forked out $61.6 billion on cloud infrastructure services alone. According to Synergy, AWS remains the elephant among cloud computing providers with about 34% market share. Azure ranks second, followed by Google Cloud at a seemingly perennial third place. Oracle Cloud did not appear on Synergy’s chart but the company has achieved hyperscaler status given its earnings and platforms.
Channel Futures reached out the Big Four cloud providers – AWS, Azure, Google Cloud and Oracle Cloud – for comment on the FTC’s inquiry. We did not receive any responses by time of publication.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Kelly Teal or connect with her on LinkedIn. |
About the Author
You May Also Like