Evolving Cloud Economics: The Benefits of More Broadly Balanced Regulatory Policy1
Abstract: Much of the initial research on the early promise of the economic benefits of the cloud at scale dates back to 2009/2010, eons ago in the technology world. As cloud growth rates continue to increase, evidence bearing out this promise is starting to emerge in areas including security and environmental impact as well as data storage and computing costs. In a world increasingly characterised by evidence-based policy formulation and regulation, economic inputs into policy and law-making have long been recognised as critical. Cloud regulation has tended since 2010 to focus on security and privacy along, more recently, with residency and control. These factors will remain key, but focusing on them should not exclude consideration of other economic inputs that are relevant, material and objectively evidenced. A clearer and broader policy framework that takes into account all relevant inputs will help ensure the right balance is struck for cloud regulation.
Cloud economies of scale: promise foretold
Way back at the birth of the hyperscale cloud era in 2009/2010, academics and leading cloud service providers alike published seminal research papers outlining the cloud’s initial economic promise.2 The key theme was that cloud economies of scale would be much greater than then commonly thought, with large (at the time, 100,000+ server) data centres anticipated to deliver a possible 80% cost reduction per server over small (1,000 server) data centres as a result of combining cost efficiencies on the supply-side (large clouds would be built and operated more cheaply) and the demand-side (demand aggregation and multi-tenancy).
2009/2010 is eons ago in technology time – in the world of Moore’s law, processor speeds (doubling every two years or rising by around 40% per year) have increased eight fold (23), and global data volumes (estimated to be growing ten times every five years or by 60% or so per year) are up by around sixteen times (24), since then. The global public cloud services market has grown in step, according to research consultancy Forrester from just under $10bn in 2009 to around $100bn in 2015, and is predicted to reach $160bn by 2020.3 And in the years since 2010, at least some hard evidence is emerging that back up the promising forecasts that were made back then about the economic impacts of the cloud as it scales.
This article does not address the more specific economic implications and benefits of how the cloud, in combination with rapid advances in mobile, big data and software analytics, is contributing to the digital transformation of established industries and the development of new ones, although here too the policy and regulatory considerations paint a broad canvass.
1 Richard Kemp, Kemp IT Law, London, email@example.com. All footnoted sources were accessed between 1 and 8 April 2016.
2 For example, Federico Etro, University of Venice, The Economics of Cloud Computing (February 2010), http://www.voxeu.org/article/economics-cloud-computing; Microsoft Corporation, The Economics of the Cloud (November 2010), http://blogs.microsoft.com/on-the-issues/2010/11/11/economics-of-the-cloud/#sm.000107063wfeacr6z1v1sccbyw8cr and http://news.microsoft.com/download/archived/presskits/cloud/docs/The-Economics-of-the-Cloud.pdf; and Amazon, The Economics of the AWS Cloud vs. Owned IT Infrastructure (December 2009), https://d0.awsstatic.com/whitepapers/the-economics-of-the-aws-cloud-vs-owned-it-infrastructure.pdf.
3 See e.g. http://blogs-images.forbes.com/louiscolumbus/files/2015/01/Global-Forecast-Public-Cloud-Forrester.jpg.
Rather, it focuses on the broader economic implications and policy aspects of the cloud in a number of diverse areas including security and environmental impact as well as cost where the evidence of real cloud economies of scale is emerging.
Cloud economies of scale: growing evidence of promise delivered
Security is the first area where, perhaps counterintuitively, evidence of the benefits of hypercloud scale economies is emerging. In an article in the Wall Street Journal from October 2015 headed “US CIO says cloud providers offer best data security”4, US federal government CIO Tony Scott was reported as saying of the ‘big cloud providers’ that:
“they have the incentive, they have the skills and abilities, and they have the motivation to do a much better job of security than any one company or organisation can probably do”.
‘The cloud’ and ‘data breaches’ have for so long elided in the public mind that it probably comes as a surprise to register that, as the cloud scales larger and larger, public cloud service providers are investing progressively more in security per each compute unit than even the very largest private data centres.
A second important area where evidence is starting to come through of the effect of cloud economies of scale is environmental impact. Here, the start point for the analysis is that the growth in processing power and global data volumes referred to above – each at a compound annual rate of 50%, give or take - will require incrementally more power, metals, materials and other resources. Some estimates suggest that information and communications technology (‘ICT’) already accounts for roughly 10% of total global electricity consumption, around two-thirds of which is currently generated from coal and gas.5 Processor power and data volume growth at current rates will raise the ICT share of total electricity consumption above 10%, reinforcing the correlation between ICT, carbon emissions and environmental impact. Within the ICT segment, cloud power usage is predicted to double between 2015 and 2020 according to Microsoft estimates6 and evidence is emerging that cloud ICT uses electricity significantly more efficiently than on-premise ICT.
For example, a recent survey from mid-20157 suggested that at any one time 30% of global server capacity is sitting idle, or in the report’s words, “comatose – using electricity but delivering no useful information services”. The ability of the hyperscale cloud to aggregate demand and scale up/down is a huge advantage in reducing this unwanted server capacity and corresponding wasted electricity. In this mix, the cloud, as a more efficient mode of ICT power consumption, can have a material beneficial environmental impact.
4 Angus Loten in theWall Street Journal, US CIO Says Cloud Providers Offer Best Data Security (23 October 2015), http://blogs.wsj.com/cio/2015/10/23/u-s-cio-says-cloud-providers-offer-best-data-security/. Also Matt Kapko in CIO, US CIO tells IT leader to trust the cloud (22 October 2015) http://www.cio.com/article/2996268/cloud-computing/us-cio-tells-it-leaders-to-trust-the-cloud.html
5 See e.g. Mark Mills, CEO Digital Power Group (sponsored by the National Mining Association and the American Coalition for Clean Coal Electricity) The Cloud begins with coal – big data, big networks, big infrastructure, and big power: an overview of the electricity used by the global digital ecosystem (August 2013), http://www.tech-pundit.com/wp-content/uploads/2013/07/Cloud_Begins_With_Coal.pdf
6 The Cloud begins with coal, page 19, previous footnote.
7 Jonathan Koomey and Jon Taylor, New data supports finding that 30 percent of servers are ‘Comatose’, indicating that nearly a third of capital in enterprise data is wasted (3 June 2015), http://anthesisgroup.com/wp-content/uploads/2015/06/Case-Study_DataSupports30PercentComatoseEstimate-FINAL_06032015.pdf
Another illustration of more beneficial resource utilisation in cloud compared with on-premise ICT is the Open Compute Project8 where the major cloud service providers have banded together to extend the benefits of scale in the areas of server design (open source designs use less metal and other materials, reducing cost per server by 40%) and power efficiency (use of those designs uses 15% less power).
Closest to the original cloud economic forecasts from 2009/2010, the third area of emerging evidence of economic benefits is declining cost. Here, the monthly cost of storing 1GB of data in the cloud has dropped by around 80% between 2010 and 2014. According to an article in TechCrunch from August 2014,9 costs at the end of 2010 were between 15 and 25 cents but by mid-2014 they had declined to 2.4 cents, with further reductions predicted.
Competition between Microsoft, Amazon and Google as the leading cloud service providers is also contributing to price reduction. The Economist in August 2014 referred in the words of two industry participants to “an arms race of gigabytes” between the three companies, saying that “every cloud provider will bend over backwards to match rivals’ prices”.10
Most recently, internet television network Netflix announced11 in February 2016, a month after expanding its service to 130 new countries, that it had:
“finally completed [our] cloud migration and shut down the last remaining data center used by our streaming services”.
Pointing out that its monthly streaming hours had increased more than 1,000 times between December 2007 and December 2015, Yury Izrailevsky, Netflix VP Cloud and Platform Engineering said:
“Cost reduction was not the main reason we decided to move to the cloud. However, our cloud costs per streaming start ended up being a fraction of those in the data center -- a welcome side benefit. This is possible due to the elasticity of the cloud, enabling us to continuously optimize instance type mix and to grow and shrink our footprint near-instantaneously without the need to maintain large capacity buffers. We can also benefit from the economies of scale that are only possible in a large cloud ecosystem.”
Importance of economic inputs into regulatory and legal policy
In a world increasingly characterised by evidence-based policy formulation and regulation, accounting for economic inputs in policy and law making has long been recognised as critical, receiving its classical formulation in Prof Posner’s book Economic Analysis of the
8 Timothy Pricket Morgan, Enterprise Tech, Benefit from Microsoft’s Open Compute Hyperscale Designs (30 October 2014), http://www.enterprisetech.com/2014/10/30/benefit-microsofts-open-compute-hyperscale-designs/
9 Alex Teu in Tech Crunch, Cloud Storage is Eating the World Alive (20 August 2014), http://techcrunch.com/2014/08/20/cloud-storage-is-eating-alive-traditional-storage/
10 The Economist, Tech giants are waging a price war to win other firms’ computing business (30 August 2014), http://www.economist.com/news/business/21614186-tech-giants-are-waging-price-war-win-other-firms-computing-business-silver-lining
11 Completing the Netflix Cloud Migration (11 February 2016), https://media.netflix.com/en/company-blog/completing-the-netflix-cloud-migration
12 in the early 1970s as rational decision-making which maximises the efficient use of resources.
The recitals to most EU legislation expressly refer to economic considerations. Most recently and relevantly, the second recital of the final text of the new General Data Protection Regulation13 agreed on 15 December 2015 states that the processing of individuals’ personal data should:
“contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, the strengthening and the convergence of the economies within the internal market, and the well-being of individuals”.
Similarly, the final text of the new Network and Information Security Directive14 agreed three days later states in the first and second recitals that the reliability and security of networks and information systems are “essential to economic and societal activities” and that security incidents:
“can impede the pursuit of economic activities, generate substantial financial losses, undermine user confidence and cause major damage to the economy of the Union.”
In spring 2011, the UK government expressly articulated its Principles for Economic Regulation15 in the context of the UK regulated telecoms, water, energy and rail sectors. The purpose of the Principles is stated (at paragraph 7) to include setting:
“• … the framework for delivering greater clarity about the respective roles of Government, regulators and producers, and greater coherence in an increasingly complex and interlinked policy context; and
• … the characteristics of a successful framework for economic regulation to guide policy makers in assessing future developments.”
Paragraph 5 notes that:
“[e]fficient delivery of [continued infrastructure investment] is vital to the long term interests of consumers who will ultimately bear the costs. Appropriate economic regulation is a critical enabler of infrastructure investment”;
12 Economic Analysis of the Law by Richard A. Posner, Professor of Law, University of Chicago, 1st Edition 1973 (Little, Brown & Company), 9th Edition 2014 (Wolters Kluwer)
13 Proposal for a Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Processing Regulation) (COM (2012) 11 final, consolidated text, 15 December 2015), http://www.emeeting.europarl.europa.eu/committees/agenda/201512/LIBE/LIBE%282015%291217_1/sitt-1739884
14 Proposal for a Directive concerning measures for a high common level of security of network and information systems across the Union (2013/0027 (COD) 18 December 2015, text subject to revision) http://www.consilium.europa.eu/en/press/press-releases/2015/12/18-cybersecurity-agreement/?utm_source=dsms-auto&utm_medium=email&utm_campaign=EU+steps+up+cybersecurity%3a+member+states+approve+agreement
15 Principles for Economic Regulation, Department for Business, Innovation and Skills (April 2011), https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/31623/11-795-principles-for-economic-regulation.pdf
and paragraph 43 points up the importance of timely, evidence based decisions:
“[a]s well as being cost-effective, regulatory decisions need to be made in a timely manner. … Similarly, decisions must be based on robust evidence and judgement.”
In its Cloud Strategy document also from spring 2011, the UK Government also repeatedly discusses balancing cost and environmental benefits with security considerations:
“by exploiting cloud computing, we will transform the public sector ICT estate into one that is agile, cost effective and environmentally sustainable”.16
Security controls reflecting good commercial practice for the 90% of government work that is ‘business as usual’ (or ‘OFFICIAL’ in UK parlance) should be:
“based on good, commercially available products in the same way that the best-run businesses manage their sensitive information”17
“information must be secured against a threat model that is broadly similar to that faced by a large UK company”18
“technical controls … will be based on assured, commercially available products and services”.19
The UK’s approach shows that evidence based assessment is of the essence of effective policy in more heavily regulated sectors like water and energy; and in the specific areas of data protection and network and data security, the EU regulatory approach expressly includes reviewing relevant economic factors and the UK policy approach expressly articulates a balancing of cost and environmental factors with security considerations.
Public facing government websites: an early exemplar of a more balanced approach?
One area that is naturally benefiting from an intuitively more balanced approach and that is less hamstrung by data protection, security and residency concerns is the low hanging fruit of public facing government websites. Here, it would be rational to conclude that data sensitivity issues are, to all intents and purposes, non-existent and that cost benefits should predominate in the analysis; and, despite occasional blanket policies that fail to allow for such nuance, this is what is starting to happen.
In March 2016 the US House of Representatives issued a RFI20 seeking more information about moving its roughly 450 public facing websites:
16 UK Government Cloud Strategy (March 2011), https://www.gov.uk/government/publications/government-cloud-strategy
17 UK Cabinet Office, Introducing the Government Security Classifications – Core briefing for 3rd Party Suppliers (October 2013), https://www.gov.uk/government/publications/government-security-classifications
18 UK Cabinet Office, UK Government Security Classifications (April 2014), https://www.gov.uk/government/publications/government-security-classifications
19 UK Government Security Classifications, footnote 18 above, Annex, paragraph 4, page 17
20 U.S. House of Representatives Request for Information WEB-03082016 Cloud Web Hosting Options, http://www.house.gov/content/cao/procurement/PDFSolicitations/RFI-WEB-03082016-Cloud-Web-Hosting-Options.pdf
“from “on premise” to the Cloud in the least disruptive and low cost fashion while ensuring high availability, quality of service, and security of these websites.”
Although the RFI asks for responses on ten questions around choices between different cloud models and the extent to which “hidden costs or liabilities” may offset cost benefits, it is clear that the House’s direction of travel is towards exploring how the cloud can save costs.
In the UK, one of the country’s largest websites with over 50 million monthly visits is the National Health Service’s NHS Choices,21 the comprehensive information website of the Department of Health in England. In November 2014, following a competitive tender, the NHS implemented Microsoft Azure as its cloud platform and was reported as saying that Azure:
“supports NHS Choices at an annual cost that’s less than 40 percent as much as its previous hosting provider”.22
These illustrations from the House of Representatives in the USA and the NHS in the UK point the way towards a clearer and broader cloud policy, regulatory and legal framework where the full range of considerations are properly balanced alongside each other.
Cloud regulatory and legal policy should take account of all inputs that are relevant, material and objectively evidenced
In the area of cloud regulation, it is understandable up to a point that the positive and objectively evidenced security, environmental impact and cost benefits afforded by hypercloud economies of scale have yet to receive the full consideration they merit. Although this evidence is cogent, persuasive and likely to increase in breadth and depth in the coming months and years, it is still early days. Added to this, the political debate up to now has been dominated by the crescendo drumbeat of news stories around data breaches, the Snowden allegations, flows of personal data between the EU and USA, and security measures and counter measures around the world by governments and market participants alike.
Data protection, security, residency and sovereignty will all remain critical factors in cloud policy and regulation for the foreseeable future. But focusing on them should not exclude consideration of other economic inputs that are relevant, material and objectively evidenced. A clearer and broader policy framework that takes into account all relevant inputs will help ensure the right balance is struck for cloud regulation.
Kemp IT Law, London,
22 England’s Health Service adopted Azure to cut costs—and then found the real benefits (1 May 2015) https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=20238