The importance of standards and transparency for the cloud market and transparent pricing

The public cloud computing market has grown rapidly over the last decade. Millions of consumers and businesses across Europe depend on cloud computing infrastructure, perhaps critically so, to access digital services ranging from email to e-government. Creating a Digital Single Market, comprised of such a diverse range of digital services that are underpinned by cloud computing infrastructure, requires a deliberated approach to Standards that includes how cloud infrastructure services are priced, and compared, in a transparent way.

The adoption of both standards and benchmarks are vital for the continued growth of the cloud computing market. Where there is a common technical standard, the users of cloud hosting resources (commonly referred to as ‘Infrastructure-as-a-Service’ or ‘IaaS’) are able to migrate between cloud computing providers which reduces the costs and risks associated with being ‘locked in’ to a single provider. It further allows for accurate price-performance benchmarking which in turn helps consumers to make informed purchasing decisions.

If we look at the cloud computing market as a whole, we see systemic risks potentially developing. The Infrastructure-as-a-Service layer of the cloud value chain is somewhat less scrutinised than the Software- and Platform- layers, therefore these risks can be overlooked. The relationship between cloud sellers and buyers we characterise as ‘asymmetric’ because a disparity exists in how equitably a small buyer may negotiate with a hyperscale provider. Secondly, Europe’s digital dependence on cloud computing infrastructure is concentrated at a less visible layer of the cloud value chain.

The risks are 2-fold. From the individual consumer perspective, where a cloud hosting ‘workload’ is portable and technical interoperability exists between providers, it is possible to migrate, however the costs of transferring data away from an incumbent provider is prohibitively expensive. The risk in this scenario is that the consumer remains locked into a particular provider paying high costs for a service they cannot freely leave. Consider further the impact of a large provider failing in a market in which its competitors have insufficient capacity or compatibility to absorb the overall demand of migrating customers.

The effect of such an outage or failure is multiplied by the number of customers afflicted by an outage and compounded by the number of people, markets or digital services with a secondary degree of dependence on that infrastructure. From the perspective of assessing risks in the market, we begin to piece together the kind of impact of economic failure seen before on an unprecedented scale in the Financial Crisis of 2008 and, hence, support the adoption of standards to mitigate such risks.

Helping cloud buyers to understand the legal aspects of cloud - in particular making contracts more transparent, accessible and standardised - helps to drive buyer confidence, however, there must also be confidence in cloud security. With a better understanding of security standards, cloud buyers are able to make informed assessments of their potential providers and trust that the certification is robust enough without the need to be an expert. Widely adopted standards for cloud security, contracts such as service level agreements, transparent pricing and the removal of resale restrictions creates a competitive, healthy cloud market. Confidence leads to trust, which increases market uptake.

Standards are crucial for interoperability, which reduce the risk of vendor lock-in, allow a phased approach to cloud adoption using hybrid cloud technologies, and promote vigorous competition across this market. Furthermore, it facilitates more accurate price-performance benchmarking which helps cloud buyers make purchasing decisions. There is a need to broaden understanding of certain NIST characteristics and to refine them into measurable and certifiable standards. Educating stakeholders by helping them to understand these characteristics accelerates uptake, the adoption of new standards and leads to a more resilient cloud market with fair, transparent pricing.

How CloudWATCH2 helps - Roadmap to a Cloud Market Structure Encouraging Transparent Cloud Pricing

CloudWATCH2 has provided a preliminary version of the roadmap which highlights systemic risks developing in the Infrastructure as a Service market that are noteworthy to stakeholders seeking to shape policies for a fair, transparent and resilient cloud market.

Due to the essentiality (Europe’s critical dependence on this Infrastructure) and asymmetry (inequality of bargaining power in the seller-buyer relationship) of the cloud market, CloudWATCH2 concludes that oversight is likely and imminent, and that steps should be taken by the industry to achieve a fair, transparent and competitive market in advance of any regulatory action. We call for the removal of restrictions on resale, greater pricing transparency, risk intermediation and to draw awareness to the risks of creating public policies artificially ‘sponsor’ one provider over another.

We further call for the introduction of a Code of Professional Conduct - before the need to introduce retroactive legislation, often too much, and too late in response to a market shock or collapse – is often an important step to facilitate self-regulation. Any Select Industry Group engaged to draft and adopt such a Code of Professional Conduct must fairly represent industry, policy makers, government and other influential stakeholders.

The formation of such a working group and the terms of a Professional Code of Conduct is recommended through an EC-funded initiative following the publication of the Final Version of the Roadmap in 2017, however CloudWatch2 members are qualified to recommend members of such a Select Industry Group in order to ensure expedient adoption after final publication.