Regionally organized clouds (ROCs) can be the answer to a series of problems public policy is currently struggling with. Global cloud companies, including Google, Amazon and Microsoft, provide valuable services. But societal concerns are being raised about the control of data and the concentration of power.
A 21st-Century Marshall Plan for Cyber Defense
Ultimately, the balance of power in the cloud world is a quality-of-life issue. ROCs could help balance the situation. To do so, they need a broadly accepted regional vision and a process for achieving it. The best way to do this is for each region to focus a funded study group on how to implement and sustain an ROC.
What is at stake is control of data and of basic cyber functionality. Data and control of the infrastructure to use data is where all modern value is. The emergence of ransomware, a reliance on the virtual world during the COVID-19 pandemic and new laws in some countries about where data is domiciled highlight this. These cyber resources play a significant role in our day-to-day ability to achieve our quality-of-life goals.
In the past, control of data and functionality was decentralized — in the hands of many. This was implemented in a variety of technologies and served organizations and individuals with a variety of objectives. Today, the evolution of technology and associated economics are driving all data and functionality into the cloud.
As cloud companies have developed, telecommunication companies (telcos) have stood out in contrast. Telcos are supported by fees for their services and do not use or sell customer information. Their role as local strategic resources is baked-in to their regulated structure. As a result, they have traditionally been diligent about protecting customer data. Of course, telcos have seen the great financial success of cloud companies and protection of data has eroded, but data protection is still in their DNA.
Now, technology has evolved in such a way that cloud technology is positioned to take over 80% of telco infrastructure. If this happens, the result would be an order of magnitude increase in the centralization of data and power.
Currently, three global cloud companies control the overwhelming portion of the industry. They provide many good and valuable services, so why should we be concerned? Some concerns are purely regional and involve social, cultural, religious and local political matters. But there appear to be common threads that run through all regions: local resilience, control and use of personal data, and economic centralization.
When a single cloud network serves the whole world, a failure in one portion can bring down services for everyone. It has gotten to the point where large corporations and government departments stop functioning when access to data is denied. Water systems do not work, gas pipelines stop delivering gas, hospitals shut down and groceries are not delivered. So far, we have seen global cloud company infrastructures fail, but they have come back online within a day. No global cloud has yet had its entire system shut down by a prolonged ransomware attack.
Centralized ownership and control of personal data have led to another concern: undue influence on political and cultural systems. To finance the positive contributions that cloud companies have created, these firms have collected valuable personal data. That data is valuable because it can be used to change people’s behavior. The first focus of behavior change was getting people to buy products. This was very successful and has resulted in significant financial success for cloud companies. Then, people started to use the same technology to change how individuals interact in the political space. Now, the control and ownership of data are beginning to infer the control of political and cultural systems.
The centralization of clouds has led to the centralization of cloud innovation ecosystems. That is, the innovation ecosystem around the development and operation of clouds. This has created a few small centers of economic power and brainpower. This centralization has made it difficult for broader parts of our global society to participate in the economic benefits of cloud innovation.
Efforts are underway in different parts of the world to use existing laws to address these concerns. The problem is that these efforts will either sacrifice many of the benefits the global clouds have brought or not really address the concerns. Examples include anti-trust laws, fair trade laws and so on.
Some have argued for using these laws or new ones like them to break up cloud companies. It is unlikely that these historically effective mechanisms will produce the desired result in today’s technology environment.
Regionally Organized Clouds as a Solution
ROCs can respond to these concerns while preserving the benefits that global clouds provide. Innovation, particularly information technology (IT), has driven waves of improvement in the quality of life over the last 70 years. Public policy is at its best when it acts like a flywheel on these waves of innovation by maximizing the benefits and minimizing the downsides. In the current wave of cloud innovation, it would be best if public policy again played its flywheel role. But how can public policy initiatives help to create the range of ROCs we need?
Some have been thinking about national clouds, but an ROC offers three key advantages: insulation from national political change, larger talent pools to draw from and greater economies of scale than a national system.
We are seeing a rapid increase in national political volatility, with individual countries making big swings in unexpected directions. These swings could result in constant changes in direction for a nationally organized cloud. Such constant change could make it difficult for a national cloud to succeed.
By tying an ROC to a region, the deleterious effects of big political swings can be somewhat dampened. If correctly constructed, an ROC will develop an innovation ecosystem around itself. But initially, it needs to draw on innovators in existing organizations — those that have not already been captured by global cloud companies. Having multiple nations to draw talent from will be very helpful with this. ROCs will also have an economies-of-scale advantage that, in some parts of the world, will be very important.
ROCs are not a business threat to global cloud companies because there is room and roles for both. Analysts estimate that only 15% of existing organizational IT has been moved to the cloud. This leaves 85% of IT yet to be moved to the cloud.
International enterprises may find global cloud companies better suited to their needs. Additionally, global cloud companies will compete for business with regional clouds. This competition will result in lower pricing from ROCs and better services well suited to regional needs from the global cloud firms. Some users may combine both. So, there is plenty of room for all and everyone benefits from the other.
Thus, one can see how in each region, separate corporations with federated connections to regional telcos and governments could provide a way to preserve the benefits of global cloud companies while fostering regional resilience, backed by regional innovation ecosystems and supporting vibrant regional cultural and political environments.
A Basic ROC Model
A common thread in each region’s solution will be an ROC that serves the region’s government and telco needs. A good way to achieve this is with a federated structure between governments and telcos in the region. Each would contribute innovators from their organization to create a talent pool and each would participate in shared ownership. In addition, the federation process would involve commitments by governments and telcos to use their ROC. Early government and telco commitment will create an economic basis for launch and early operation.
The federation approach allows regional telcos and government organizations to pool the truly innovative people they have. This pooling of innovative talent has been shown in the past to overcome the difficulties that have prevented success in similar efforts by governments and telcos. It may also be prudent to bring in a few people from outside the region with specialized expertise.
Traditional data protection by telcos would be preserved while providing regional and local government control of government data. Sensitive personal data about people living in the region could also be kept on the ROC.
Regional resilience would improve. If done right, it is far less likely for a regional cloud to stop operating because of a failure in a global system. These federated corporations can create the needed cultural environment for regional innovation economies.
Multiple telcos in the region can engage in what has come to be called “coopetition.” That is cooperation on the basic cloud they use in common, while competing on services, quality and coverage.
Each region needs to quickly convene a study group to create a clear vision for their ROC and its associated innovation ecosystem. Because key players are already taking crisis actions now, these study groups need to be formed quickly and deliver results in months. Results have to be available in a few months. This means that organizing the study groups as part of university research programs will be difficult. Either the use of nonprofit institutes or direct government charter may be best.
Current ROC Efforts in Europe
Europeans are trying to explore these cloud issues in public industry groups or standards organizations. Unfortunately, large global companies with vested interests in the status quo can afford to throw a lot of effort — participation, lobbying, etc. — into influencing decisions in these groups. This hampers industry organizations and standards groups from developing a clear vision of the public interest in each region and is slowing things down.
At the same time, there is an argument going on inside each of the three largest European telcos. There are two camps in each, seeking to respond to the cloudification crisis. All sides realize that cloudification is inevitable. One side is advocating for their telco to build their own clouds. The other is saying that every attempt any telco has made to do something like that has failed. Therefore, the telco should give up and seek deals with one of the global cloud companies. Neither side is winning this argument.
Meanwhile, out of a sense of crisis, organizations are acting. Orange (France Telecom) announced in May that it plans to set up a new company called “Bleu,” which would “work with Microsoft, to create a French cloud service provider to meet sovereignty requirements of the French State, public administrations and critical infrastructure companies with unique privacy, security and resiliency needs as determined by the French State.” This highlights the need for speedy action in the public policy arena — before these kinds of crisis actions make it more difficult to implement ROCs.
In the United States, the Department of Defense (DoD) created a request for proposal (RFP) for public cloud services. The RFP was sent to only three of the US-headquartered global cloud companies. It resulted in a multibillion-dollar contract with one of these. One of these authors was told by a government staff member leading the effort that, for security reasons, although operated by the cloud company, it is on segregated resources. That is, it is essentially a private cloud dedicated to the DoD operated by a global cloud company.
Another effort to create a national cloud is underway in the US focused on supporting research and technology development in artificial intelligence (AI). This is driven by a concern about a potential “arms race” between the US and China around AI.
The US-headquartered AT&T and Verizon have been divesting themselves of the web properties they acquired. This mirrors the argument going on inside European telcos —that it is also a response to perceived failures by telcos to achieve success in the cloud.
AT&T has entered into an agreement with Microsoft to outsource its 5G core to Microsoft. This is another example of crisis action that underlines the need for speedy development of focused ROC public policy.
Other regions share some of these same concerns while adding some that are unique to their particular situations. For example, everyone is worried about cybersecurity, but some parts of the world such as Australia have a particular sensitivity in this area. Parts of sub-Saharan Africa and South America have particular concerns about cost and access, particularly access in underserved areas. Religiously-defined regions — from North Africa to Southeast Asia — have particular cultural/legal concerns.
From a global perspective, diversity is important. Having many groups working on solving problems from many different directions provides the world with the greatest probability of finding optimal solutions to critical things we face.
ROCs can be the answer to the series of problems public policy is currently struggling with. How ROCs are structured may be different for different regions. Each region needs to develop a clear vision of how its ROC should be organized to meet that region’s public interest. The best way for each region to do this is to quickly convene and fund a group in their region to study the challenges and opportunities, and then deliver a report that lays out a regional vision and process for achieving it. Because of crisis actions by some players, speedy action is critical in this important public policy area.
The views expressed in this article are the authors’ own and do not necessarily reflect Fair Observer’s editorial policy.