Enterprise Cloud Computing is dominated by US companies (Google, Amazon, Microsoft) and Chinese companies (Alibaba, Huawei), often referred to as GAFAM and BAT.
Enterprise Cloud Computing, which initially brought to the IT service industry the modern utopia of "efficiency through automation and resource sharing" has since evolved into a dystopian market:
Such a Cloud Computing market is likely to stifle the grounds of fair competition and trust in the context of international trade.
It also captures most revenues from Artificial Intelligence (AI) through overpriced AI infrastructure, just like online advertising was able to capture profits of independent e-commerce web sites and eventually kill them.
It has been more than 10 years since the risk of Cloud dystopia was identified by governments and large corporations. Both governments and large corporations have already tried to build alternatives to cloud services created by US (GAFAM) and Chinese (BAT) cloud providers. Most of them failed.
Failures can be categorised into four categories: wrong people, wrong companies, wrong technology and wrong scope.
All failures boil down to a lack of understanding of what enterprise cloud in essence: the total automation of IT service operation on a shared infrastructure . In other words, Cloud replaces the jobs of system administrators and operation management teams with autonomous software. It replaces investment in computer hardware and real estate with rental.
The primary benefit of cloud is to increase productivity of IT operation by at least two orders of magnitude.
But whenever a cloud is designed by the wrong people (eg. system administrators), it often becomes a virtualisation platform with no automation. Obviously, system administrators will not make their own jobs obsolete. Although it looks like a cloud, a virtualisation platform is not a cloud: it does not automate service operation management and therefore brings little increase in productivity.
Whenever a cloud is designed by the wrong companies (ex. telcos, system integrators), it often becomes what those companies' enterprise clients (ie. system administrators) are looking for: an expensive virtualisation platform with an expensive private network. Again, this brings little increase in productivity.
Selecting the wrong technology can also lead to failure: 50% of OpenStack projects deployed in the world have failed. By focusing primarily on virtualisation and traditional enterprise customers (ie. system administrators), OpenStack design lacked so-called "promises" which would have been required for the stability of a fully automated and distributed operation management system. It is thus not possible to use OpenStack and compete with AWS, Azure or Alicloud in terms of productivity. The lack of operation management features - a problem shared with Kubernetes - also means that the platform was not designed as a complete system with customer relationship management (CRM), issue tracking management, accounting and billing in mind - all of which are mandatory for a commercial grade cloud.
A national scope for a cloud does not make sense either. All companies need to deploy their IT services worldwide in their remote offices or factories, including in China. Governments need to deploy their IT services abroad to serve international subsidiaries and expatriates. Moreover, any cloud with a national identity is suspected by foreign companies to be used for economic intelligence. Chinese suspect Europeans. Europeans suspect Chinese. Without a strong competitive advantage, any alternative with national identity such as Andromède (France), Gaia X (Germany) or China Grid spinoff (China) can not be adopted globally.
As it was found by economist Thomas Philippon, Europe has by far the most competitive market for telecommunication services. Europe also has the lowest price for cloud computing services.
Sadly, primary customers of European cloud providers are small businesses (such as Nexedi), individual developers and startups. European cloud providers still have a hard time to convince governments and corporations, even in Europe, to consider using their services. Individual developers and startups outside of Europe tend to ignore them completely. The difficulty of European cloud providers to appeal to a clientele beyond their current European customer base is still difficult to understand because the service, which they provide is good and the price is competitive.
Nexedi's analysis is that for corporations and governments, price matters much less than compliance.
It is also known - thanks to Nicolas Reimen - that the process of writing a tender increases requests for all sorts of certifications and features that are not really useful but significantly increase price or that are not available among European cloud providers. AWS has more than 200 different services, most of which are exclusive and incompatible with equivalent services of competitors. Microsoft Azure provides a wide range of compliance certifications (eg. PCI-DSS).
US (GAFAM) cloud providers have been able to attract a lot of high profile executives. Those executives previously worked for government (eg. Yohann Bénard) or national defence corporations (eg. Fabrice Brégier). They now play a key role in influencing tenders of large customers in favour of US (GAFAM) or Chinese (BAT) cloud providers.
Unless tenders are written in a different way, chances are very low that any significant competition will ever exist next to US (GAFAM) or Chinese (BAT) cloud providers. No manager of information systems (MIS) is going to be blamed for writing a tender which favours a US (GAFAM) cloud provider or a Chine (BAT) one.
Also, European cloud providers do not really offer more guarantee for the protection of international trade secrets after various laws passed in Europe have created risks which are similar to the US CLOUD Act or China Cybersecurity Law.
Price alone with a narrower set of features is not enough to convince the international market.
Managers of information systems (MIS) tend to perceive the risk of alternative solutions as high. They perceive the risk of US (GAFAM) or China (BAT) cloud solutions as low. As the saying goes: "nobody gets fired for choosing IBM". It is thus mandatory to introduce a new decision factor in order to reach a more balanced decision making process which is open to alternatives. This decision factor should also turn mid-term corporate risks related to trade secret into short term personal risks for the decision maker.
Traditionally, laws are in favour of small businesses. Compliance requirements that only local suppliers can meet have been used in public or private tenders for this purpose. The small business act (SBA) has been efficient in the United States to support the growth of small businesses. Compliance requirements that only local companies can meet are often used in China for the same purpose. For now, both approaches have been failing in the European Union for decades. We believe that European large corporations simply do not want a small business act and thus pretend that it would be incompatible with WTO regulations. Introducing specific compliance requirements is also risky in Europe because it contradicts the idea of fair competition in the spirit of the Rome treaty.
The GDPR was originally intended to help European IT providers. However, US (GAFAM) and China (BAT) cloud providers were among the first to implement it. GDPR has thus failed to achieve part of its purpose. In Japan, military budgets must be spent mostly on US suppliers. This prevents a small business act or compliance requirements to be implemented in favour of local alternatives.
Unless some laws can efficiently solve the current imbalance in cloud purchase decision making, only justice and litigation remain to change the decision making process.
Despite is negative tone, litigation is - sadly - more efficient than positive approaches as we are going to demonstrate hereafter.
In 2019, Nexedi introduced Rapid.Space - a new alternative cloud service - to a European government through a direct email to counsellors. Rapid.Space became the only European company with a license to operate a cloud in China. It took weeks to get a reply and more than a month to meet counsellors in charge of cloud sovereignty. There is no outcome yet, which is quite understandable. In a state of law, no government counsellor can impose a purchase decision to a government MIS.
In 2020, a relative of Nexedi CEO announced to a local member of the governing party of the same European country that a group of companies would initiate a lawsuit against the government because the government had chosen a US (GAFAM) cloud provider despite the existence of dozens of local companies in that country - some of which with better service or better compliance. It took 24 hours to get a phone call from a government counsellor and just a bit more to set a meeting within a week. Government knows that whenever a law is broken by an MIS during the purchasing process, it become liable if it does not take action.
This experience demonstrates why litigation can be useful to stimulate a more rational decision making process. As long as MIS have in mind that "nobody can be blamed for selecting US (GAFAM) or Chinese (BAT) cloud companies", they will make no effort to write tenders differently and take no risk for their own career. However, if MIS are aware that selecting US (GAFAM) or Chinese (BAT) cloud providers has an equal risk than selecting an alternative, they will have to take both risks into consideration. Other decision factors, including price, trade secret or features will also become more important once a personal career faces equal risks no matter the type of supplier.
Alternative cloud providers should thus team up and organise lawsuits from time to time - either against government or against private corporations. This will ensure that MIS take into account the existence of an equal risk of litigation each time they purchase cloud services, each of which may have a short term impact on their career. This litigation approach is inspired by Alstom in the rail industry.
Regarding civil servants hired by US (GAFAM) or China (BAT) cloud providers, who then act as evangelists for foreign private interests, personal motivations can be complex: It can be monetary interest but more often a meaningful position is pursued in the absence of national support of local alternatives (from government MIS especially). It can also be a way to acquire know-how abroad before creating a local company and develop alternative solutions. Movements of civil servants from government to private corporations can even be beneficial for the taxpayers by introducing social diversity in the private sector and accelerating economic growth. Yet, movements of civil servants back and forth between state and private foreign interests are no longer accepted by public opinion.
Finding the right type of litigation against this phenomenon is however challenging: too much litigation risk might even lead to the impossibility for governments to hire skilled civil servants.
Price is not enough as a competitive advantage, except maybe for big data or cost conscious industries.
Litigation itself does not create a sustainable product or project.
For alternative solutions to exist and grow, it is necessary to introduce a unique advantage that US (GAFAM) or Chinese (BAT) cloud providers do not have and - if possible - can not copy.
We believe that two useful features could be easy to implement and difficult to copy by existing market leaders: hyper openness and international sovereignty.
A Hyper Open cloud (a.k.a. Free Cloud) is a cloud which is entirely transparent: Free / Open Source software, open source hardware and open source management procedures. All information is available to a third-party to operate the same service on their own, with the same software and at no license cost. Even the hardware is open source, which means that local suppliers could even manufacture it.
A Hyper Open cloud solves the problem of "customers jailed into horrendously expensive and mutually incompatible services" by having all 200+ services of a typical cloud implemented as open source devops profiles that can be deployed on any physical infrastructure and by any staff, based on open source manuals and operation procedures. This includes the ability to bring back on premise all cloud services at any time and operate them independently of any cloud provider. This includes the ability to customise and improve cloud services, including the operation management and billing platform.
International sovereignty is the idea that one should be able to decide which government will be able to do surveillance. Since all governments are trying to implement surveillance of their national cloud providers, there is no way to escape from surveillance besides hosting all infrastructure on premise. With international sovereignty, a Chinese company can decide if they want their servers in Europe to be under French or German surveillance. A German company can decide if their servers in Asia should be under Japanese or Chinese surveillance. Even though it is ethically desirable to eliminate government surveillance completely, this is not going to happen any time soon: lawful interception is a requirement of ITU, ETSI, etc.
Implementing international sovereignty requires a juridical architecture based on a federation of independent companies owned in each country by citizens or companies of that country. There should be no consolidation of capital, else laws such as the US CLOUD Act could apply outside their origin country.
A few companies are currently building a global hyper open cloud with international sovereignty: Rapid.Space (subsidiary of Nexedi), NixCloud (part of the NixOS ecosystem), etc.
Rapid.Space is OS neutral and focuses on Enterprise applications. It is available worldwide including in China. It provides full disclosure of architecture and procedures.
NixCloud leverages the NixOS ecosystem. It is available in Europe and in the USA. It relies on existing cloud providers (Hetzner, Amazon, etc.).