Is global cloud a fair game for every country on the globe?

Global cloud (Shen, 2014)

One of the biggest conveniences brought by cloud computing is that the services can be accessed from anywhere on the globe anytime. While enjoying this convenience, do you know who is standing behind the cloud that you are using? Have you considered the potential threats brought by cloud controllers? Maybe you are not so much concerned as an individual person. But from the country perspective, many people will become really concerned.

In this blog, I will try to analyse the controlling of the global cloud computing and make corresponding recommendations for issues related to this controlling situation.

First let’s see who are the current top cloud service providers in the world. In my first blog, I mentioned that statistics showed that in 2015 the total market share of Amazon, Microsoft, IBM, Google, and Salesforce reached 55% of the global market. This time, let’s see the statistics of a specific cloud segment — Infrastructure as a Service (IaaS). Based on the report from Structure Research (Sverdlik, 2016), as of April 2016, the top five IaaS providers are as follows:

  • Amazon (70.7%)
  • Microsoft (10.8%)
  • Rackspace (5.8%)
  • IBM (5.2%)
  • Alibaba (3.4%)

If we look at the nationalities of these companies, we can see that no matter in the general cloud market, or in the IaaS segment, all the companies are from the U.S., except Alibaba, which is from China. Considering this situation, the first question that countries other than these two countries will usually ask is:

Will my national security be threatened if I use their cloud?

The concern is valid because the companies have their belonging countries, although they are global companies that have branches in many other countries. They have complete control over their cloud infrastructure although they have supporting data centers geographically dispersed all over the world.

Take China as an example. Information leaked by the U.S. spy Snowden indicated that the National Security Agency (NSA) of the U.S. had hacked into the critical network infrastructure in China, and to that end, China started to investigate American companies such as IBM, Oracle, and EMC (Reuters, 2013). That incident happened with the background that the network infrastructure is controlled by China itself. What would have happened if China had used the cloud services provided by a U.S. company? On the contrary, will the U.S. government become concerned if the they use the Alibaba cloud from China?

When I worked on a project supporting an IT service management product from the U.S., I learned the news that the product had some difficulties in the Russian market. After searching the internet, I figured one possible reason could be that Russia was planning to ban State use of foreign software due to IT security concerns (Gerden, 2014).

These concerns about national security are valid. Therefore, one big topic put forward to the cloud computing industry is how to address people’s concerns and continue to develop cloud services on a global basis.

On another hand, as the cloud technologies are also controlled by their respective owners, the second question that countries who use cloud services from a different country will ask will be:

How will that technology control impact me?

Technology control may bring several negative impacts. For example, high charges for using the technology might be one impact. It is unavoidable that a company will be charged if it uses technology owned by another company. For example, Chinese DVD player manufacturers needed to pay licensing fees for each player they produced in order to comply with the DVD6C standard (O’Reilley, Lim, & Song, 2010). It is difficult to imagine that the business of an industry in one country can be profitable if its key technologies are controlled by another country.

Ernst, Lee, and Kwak (2014) pointed out that once technology standards are established, late comers who act as “takers” are inherently disadvantaged. In order to develop their own economy, no countries are willing to be always “takers”. As to cloud computing, the good news is that the global standards are still being worked on. In 2010, the Open Virtualization Format (OVF), which was pioneered by VMware, got ratified. However, different companies had been actively proposing their cloud computing standards and until 2015, no global agreements were made. Take the cloud application programming interface (API) as an example. Oracle proposed Oracle Cloud API, Red Hat proposed Deltacloud API, VMware proposed vCloud API, and Amazon proposed the Amazon EC2 API (Claybrook, 2015). In terms of defining the global cloud computing standards, does any country want to be late comers or standards takers?

In addition to infrastructure control and technology control, some other areas also deserve considerations by countries that use cloud services provided by another country. For example, once people get used to a certain technology or product, they tend to adhere to it, and thus their thinking and even their culture could be affected. The literal reason for India to reject the Facebook “Free Basics” mobile application was “net neutrality”. However, the deeper reason behind could be that India did not want itself to be digitally colonized (Hannah, 2016), because once the internet infrastructure is controlled and people get addicted to using specific content or applications, it would be difficult for them to change, and later on their belief could be affected.

Facing all these globalization impacts brought by cloud computing control, what each country needs to do is to work out solutions to mitigate possible threats. To that end, I recommend the following approaches:

  • From the cloud infrastructure perspective, set up its own private cloud to host critical applications and data that are related to national security. If its capability does not allow that, do not use the public cloud services offered by another country for now.
  • From the technology perspective, actively acquire the cloud computing technology and participate in the process of defining global cloud computing standards. Wherever possible, use cloud services that employ open standards, instead of proprietary standards.
  • From the culture and economy perspective, closely monitor the network effect of the cloud. If there is a tendency that its culture or economy will be affected, assess the situation and take necessary measures.

In general, countries can always use policies to guide the cloud computing industry to the direction that is most beneficial to themselves. As pointed out by Miao and Jayakar (2016), policies have strong impact on the development of an industry. The example they used was the different impacts of policies on mobile payment in Japan, South Korea, and China, and they found that policies played a critical role in shaping the development of the mobile payment industry in those countries. In that sense, the cloud computing industry is no exception.


Claybrook, B. (2015). Weighing the cloud computing standards dilemma. Retrieved from

Ernst, D., Lee, H., & Kwak, J. (2014). Standards, innovation, and latecomer economic development: Conceptual issues and policy challenges. Telecommunications Policy, 38(10). doi:10.1016/j.telpol.2014.09.009

Gerden, E. (2014). Russia to ban State use of foreign software in bid to boost IT-security. Retrieved from

Hannah, K. (2016). Facebook, Google and the race to sign up India. Retrieved from

Miao, M. & Jayakar, K. (2016). Mobile payments in Japan, South Korea and China: Cross-border convergence or divergence of business models?. Telecommunications Policy, 40(2–3). doi:10.1016/j.telpol.2015.11.011

O’Reilley, P., Lim, E. & Song, M. (2010). Dealing with U.S. Patent Pools as a Third Party. Retrieved from

Shen, C. (2014). The Cloud Expands Internationally and What This Means for Apple Pay. Retrieved from

Reuters news. (2013). China to probe IBM, Oracle, EMC for security concerns — paper. Retrieved from

Sverdlik, Y. (2016). Top Cloud Providers Made $11B on IaaS in 2015, but It’s Only the Beginning. Retrieved from