The hyperscale providers continue to dominate the cloud infrastructure and hosting market. According to industry watcher Synergy Research in May, the combined market share of Amazon Web Services (AWS), Microsoft and Google alone was 56%.
Yet one area has the potential to cause concern – and it has pricked the ears of other players looking to capitalise.
In August, CloudTech reported on the ending of the Privacy Shield agreement by the European Court of Justice (ECJ). The EU-US initiative aimed to ‘provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements in support of transatlantic commerce’. Yet this was ruled as invalid by the ECJ after a challenge by privacy advocate Max Schrems, citing inadequate US security laws.
The use of Standard Contractual Clauses (SCCs), a mechanism used by companies to move EU user data to the US for processing, was not explicitly curtailed as part of the ruling. Legal experts saw this as a reprieve in name only, without additional protections from US government surveillance. The European Commission is to issue new SCCs and guidance by the end of this year.
This concern has been brought about partly through the the US CLOUD Act (Clarifying Lawful Overseas Use of Data), passed in 2018, which enables US government agencies to ‘ask a US court to issue a warrant demanding that suppliers subject to US law hand over data they store for customers, even if that data is stored outside the United States, including the EU.’
The result is that companies are questioning their relationships with the US-headquartered hyperscalers. For cloud providers such as IONOS, part of the web hosting brand 1&1, an opportunity has clearly arisen.
“We’re CLOUD Act-safe because we’re based out of Berlin,” Sab Knight, UK & Ireland head of sales at IONOS (left), tells CloudTech. “If the US authorities knocked on our door and said [they] wanted a client’s data, the best case is they would need to go to the German authorities and subpoena them.”
The selling point for smaller, niche providers traditionally comes in the form of lower latency and – to a certain extent – data sovereignty. IONOS cloud platform is aimed at small and medium businesses promising “transparent prices, maximum data privacy in certified data centres, an unbeatable backbone connection, simple use… and reliable live vertical scaling.”
For Knight, informing clients and prospects of these enhanced opportunities forms a large part of his team’s role. “You’d like to think my sales team should just concentrate on selling cloud solutions, but today it’s actually about educating clients more about their data and data privacy, Privacy Shield, and GDPR,” he says. “I spend more time training teams about these arguments and conversations; the technical bits are now more led by solution engineers than salespeople.”
Knight also looks to educate in a more general sense by speaking at industry events, including the Cyber Security & Cloud Expo, in March next year. At one event, Knight recalls how one attendee ‘came over with his mouth open… [he] just didn’t realise the gravity of the situation he was in.’
Yet for companies such as IONOS, they are not just competing against the panoply of features the hyperscalers possess, but the brand recognition. You may have the best thing since sliced bread, Knight notes, but if you’re not AWS, then you hit a brick wall.
“It’s like the 1980s when IBM was selling these really expensive computers, and you’d find these IBM-compatible machines for a fraction of the price,” he says. “Yet a manager back in the 80s would just buy IBM because you wouldn’t get fired for buying IBM.
“I’ve come across that same conversation – ‘no offence, but you’re not AWS. If [I] have an outage with IONOS, my boss is going to sack me, but if I have an outage with AWS, they’ll just give me a slap on the wrist,’” Knight adds.
IONOS has written extensively on its company blog around the perceived threats of the CLOUD Act, GDPR and Privacy Shield. In one post, from this time last year, the company noted the CLOUD Act ‘clearly contradicts the aims of the GDPR.’ “In a globalised world, the law is ever more complicated, and ever more important. But the advantages of digitisation are something that no company can do without,” the company wrote.
“There are European providers who operate their cloud solutions in accordance with European data protection regulations. Trusting a business partner, as well as having the possibility to effectively enforce legal disputes ensures digital control and security for your business – even for medium-sized companies that do not have a large legal department or the resources to expand for one.”
Knight is keen to stress that these claims should not just be taken at face value – due diligence and research is required on the legal ramifications. The hyperscalers, particularly after the Privacy Shield ruling, said they could back up claims of their clouds’ security and privacy, be they AWS, Azure or Google.
Yet Knight again looks back in time to envisage how things will move forward. “If you look back in the 1990s, it was mainly American companies that were doing all the hosting,” he explains. “Small UK hosting companies then started to appear, saying ‘why host in the US where there are terrible latencies?”
“In the same way it created the whole industry for hosting companies in the UK back in the early 2000s for latency and speed, you’re going to see the same happen again because of data.”
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.