Power and Dependency: The Perils of Corporate Cloud Computing

It’s almost impossible to do anything on the internet without encountering the underlying services of Amazon, Microsoft, or Google.

A tangled technological landscape of wires and conveyor belts illustrates how various intertwined services depend on the centralized, corporate cloud providers AWS, Google, and Microsoft.
Ian Wenstrand

Last November, people around the world discovered that their favorite apps and websites no longer worked. In fact, thousands of them — a significant chunk of the internet — were disrupted for hours. This wasn’t the result of a sophisticated, coordinated attack on the online services that we use to work, play, learn, and communicate. The problem lay with just one company, Amazon, and a technical issue with the servers of its cloud division, Amazon Web Services (AWS).

Such are the pitfalls of the centralized cloud. The AWS outage was the latest in a series of such disruptions that demonstrate how many of the user-facing internet services that we’ve come to rely on now depend on underlying services provided by just a few companies. Amazon largely dominates this space, with fellow tech giants Microsoft and Google enjoying significant shares alongside smaller players like IBM, Cloudflare, and Salesforce. 

The consequences of centralization in technical supply chains raises some important questions: What are the dangers of relying on only a few companies to underpin our increasingly digital society? What kind of power does this give to those who dominate? And what can we do about it?

Cloud computing has become a familiar concept to much of the public. We might use cloud software like Microsoft 365 for work or cloud storage like Dropbox to backup files and photos. Perhaps less well known is that much of today’s user-facing web also depends on infrastructure services provided by many of the same companies. Even competitive services offered by smaller providers may themselves rely on those of the bigger players. Increasingly, it isn’t just the web that works this way — cloud services make up the technical supply chains that support a wide range of apps, devices, and systems. It’s now almost impossible to use anything with an internet connection without encountering the underlying services of Amazon, Microsoft, or Google. Even the smaller providers can have extraordinary global reach. 

This means that if you want to build an app or an online service, or if you want to sell an internet-connected device, you don’t need to run your own servers or develop your own systems. Instead, you can pick and choose from a range of off-the-shelf services offered by various providers, building a bespoke supply chain to suit your needs and enable your business to scale. These aren’t just the services that most people are aware of, like software or hosting, but a whole array of other things as well: content delivery and management, advertising, analytics, database services, payment processing, security, authentication, and AI-backed capabilities like voice transcription or facial recognition, to name a few. These days, virtually anything is available “as a service.”

“It’s not just the products and services branded with the big tech giant’s name,” noted Kashmir Hill, a reporter who wrote a series of articles about her attempts to cut Big Tech companies out of her life. “It’s that these companies control a thicket of more obscure products and services that are hard to untangle from tools we rely on for everything we do, from work to getting from point A to point B.”

The most obvious problem this brings is that the centralization of different layers of tech infrastructure can make user-facing systems, services, and devices more fragile. When only a few providers dominate supply chains, it’s more likely that one provider’s failure will affect many of their customers, which is precisely what happened with the AWS outage in November. This is also a potential security risk. Just as a failure in a provider’s systems can spread widely, a security vulnerability in an underlying service can make everything that relies on it vulnerable. 

Critical services that rely on cloud providers may be less stable and more fragile than we might expect. These providers usually employ top-notch technical teams and rarely have problems serious enough to bring everything crashing down. But no code is without bugs, hardware can fail unpredictably, and, as security experts often say, there is no such thing as a secure system. Increasingly complex supply chains may also exhibit unpredictable properties and behaviors that don’t arise when individual infrastructure services operate alone. When something does go wrong, centralization around a few companies means that the consequences can be much more widespread.

More fundamentally, these companies occupy positions that give them considerable power. The ways that technologies are designed and operated can permit, restrict, and otherwise influence the behaviors, choices, and opportunities of those who rely on them. Technologies are not neutral; they encode the goals, priorities, blind spots, and assumptions of those who control them. The effects they produce can be far-reaching, empowering some and potentially disempowering others. Cloud computing is what we can call an “inherently political” technology because it produces asymmetrical relationships of power and dependency between cloud providers and the customers who rely on their services. 

Because of this, whomever designs and controls these technologies can have the ability to exert significant influence. Centralized cloud providers are situated and empowered to act as gatekeepers. They choose when to withdraw their services from existing customers and on what basis. Hosting services can cancel a customer’s access, rendering any devices they’ve sold to others unusable. Content delivery networks, which play a crucial role in making sure that the content you’re looking for reaches your screen without delay, can drop customers, leaving apps sluggish. Security services, such as those protecting websites and apps from coordinated attacks that aim to overload their servers and take them offline, can similarly withdraw, leaving websites inaccessible.

Importantly, each of the big three cloud providers — Amazon, Microsoft, and Google — are also active in many other areas of the digital economy. Kashmir Hill found Amazon and Google particularly difficult to avoid. “I came to think of Amazon and Google as the providers of the very infrastructure of the internet,” she concluded, “so embedded in the architecture of the digital world that even their competitors had to rely on their services.” This raises the possibility of them abusing their position to deny potential competitors in other sectors access to key services. They are similarly well placed to use data analytics about competitors’ use of their networks and systems to their own advantage.

The prospect of these companies using their products and services in anti-competitive ways is not far-fetched. Since 2010, the European Commission has fined Google nearly $10 billion for various antitrust infringements, including for using search results to promote its own services over those of others. Amazon is currently under two active investigations by the European Commission: one, for allegedly leveraging information about competitors’ products gathered through its retail business to its own advantage; the other, for allegedly favouring sellers who use Amazon’s own logistics and delivery services. Microsoft’s notorious antitrust problems in the US and the EU around using the dominance of its Windows operating system to its unfair advantage nearly destroyed the company.

In some cases, this gatekeeping power might not seem like such a bad thing. In 2017, Cloudflare — a major provider of content delivery and security services, among other things — dropped The Daily Stormer, a neo-Nazi website, following vigorous criticism. Two years later, it dropped the website 8chan after it was implicated in an attack on a mosque in Christchurch, New Zealand, that left 51 people dead, as well as mass shootings in the United States that killed another 24. “We reluctantly tolerate content that we find reprehensible,” stated Cloudflare CEO Andrew Prince, “but we draw the line at platforms that have demonstrated they directly inspire tragic events and are lawless by design.” Without Cloudflare’s services, 8chan struggled to find a replacement provider that would enable it to stay online, and disappeared from the web.

At first glance, it’s no great loss to the world if websites that foster neo-Nazism and murderous extremism can’t find cloud providers to support them. But this is a double-edged sword. The same power that allows providers to take action against sites like 8chan also allows them to withdraw services that support sex workers and other vulnerable or marginalized groups that they may deem commercially undesirable. If we’ve learned anything from recent controversies around various content moderation decisions and algorithm changes over the last decade or so, it’s that these matters are fraught with difficulty. Moreover, tech companies are rarely consistent, transparent, or publicly accountable in their decision-making. Even if they were, the key problem would remain: ultimately, these decisions shouldn’t be theirs to make.

Why shouldn’t cloud providers make these decisions as they see fit? These are their services, after all, offered on the open market. But providers are now positioned as private regulators of digital society, controllers of the technological infrastructure on which economic and social life increasingly relies. This is no accident — they have aggressively pursued commercially lucrative strategies that have situated them in the middle of everything. As a result, it’s virtually impossible to escape the power of major providers if you want to use the internet. Yet there is little evidence that these providers can be trusted with this kind of power, and plenty of evidence that they shouldn’t. They should instead be tightly regulated as providers of services that are now essential to society.

Thankfully, the gatekeeping power that these companies now hold and its potential for abuse has not escaped attention. Jerry Nadler, a member of the US House of Representatives antitrust subcommittee, recently compared the role now played by major tech providers to that of other providers of essential infrastructure: “In some basic ways, the problem is not unlike what we faced 130 years ago, when railroads transformed American life — both enabling farmers and producers to access new markets, but also creating a key chokehold that the railroad monopolies could exploit.” But lawmakers and regulators in many jurisdictions have been slow to respond with substantive legislative or regulatory interventions. The EU’s recently proposed Digital Markets Act, for instance, is a welcome step forward, but focuses more on ensuring a competitive marketplace than on constraining infrastructure providers’ decision-making. In any case, it faces a lengthy legislative journey before becoming law.

In considering regulation, we should remember that the current model of cloud services was not inevitable, nor is it unalterable. The centralized, privately controlled digital economy of today is the product of economic, political, and ideological choices made by governments and companies over decades. That cloud services necessarily create asymmetric relations of power between providers and their customers doesn’t mean that this power should be left unconstrained. Nor does it mean that cloud providers must be the same few companies that dominate the digital world. 

More radically, there may be other ways of arranging these services that avoid many of these problems — just as there may be alternative ways of arranging other online services to curb the power of the tech giants and promote a healthier ecosystem. It may even be possible to move beyond the cloud model, finding new ways of decentralizing internet-connected services and the computing infrastructure they rely on — though simply decentralizing computing services doesn’t necessarily mean that the power will follow.

Of course, anyone can set up their own servers and their own systems instead of relying on major cloud services. But the costs of doing so can be prohibitive. These services usually provide up-to-date tech with economies of scale that are otherwise unachievable. Not having access to the content delivery networks, payment processors, and protections from attack that cloud services offer may stunt growth. Once you’ve established your business on the services of one provider, it can also be technically difficult to switch away. While going it alone is an option, it’s not practical for many. And just because some might prefer to go off-the-grid doesn’t mean we shouldn’t regulate an otherwise essential utility.

Regulation, though, is not a silver bullet. Such processes can be slow and cumbersome, and law itself can be a tool to entrench power and lock in advantage. Even the best intentions can be watered down and subverted by concerted corporate lobbying. In any event, between the prospect of regulation and the development of more radical means of transformation, it’s important to recognize that the unaccountable power of major tech corporations cannot be left to run unchecked.

Follow The Reboot

Join a growing community that’s examining the state of the internet and exploring its future. Subscribe to our monthly newsletter.

A tangled technological landscape of wires and conveyor belts illustrates how various intertwined services depend on the centralized, corporate cloud providers AWS, Google, and Microsoft.

Artwork By

Ian Wenstrand

Contact Us

Have an idea for a story or illustration? Interested in discussing partnerships? We want to hear from you. Send us a note at info(at)thereboot(dot)com.

Recommended Reading