When news broke last year of the National Security Agency’s PRISM surveillance program, which enabled direct access to the servers of some of the nation’s largest Internet companies, industry executives and analysts immediately warned that U.S.-based cloud providers would lose hundreds of billions of dollars in revenue as European and other foreign organizations moved their data elsewhere.
But so far, the mass exodus from U.S.-based cloud providers doesn’t appear to have materialized. Not only have the biggest players in the U.S. cloud market reported increases in foreign revenues and users, many have outlined aggressive international expansion plans for cloud services and data centers, according to Securities and Exchange Commission filings reviewed by FedScoop.
In a series of telephone and email interviews, however, analysts and industry executives paint a more complex picture of the post-Snowden cloud market. Although anecdotal evidence remains strong that European companies and governments are more wary of U.S. cloud providers, the length of cloud contract commitments and the resources necessary to move to the cloud have led organizations to focus more on security and data localization rather than a mass abandonment of the biggest U.S. cloud providers.
Cloudy with a chance of recovery
The most notable example of the U.S. cloud industry’s resilience is the continued domination of Amazon Web Services, which announced the opening last month of a new regional data center in Frankfurt, Germany — ground zero of the European backlash over NSA surveillance targeting German Chancellor Angela Merkel. The AWS move appears to be part of a larger trend by U.S. cloud providers to establish data centers locally in an effort to appease public and private enterprises that believe their data is more secure if it is stored within its own national borders.
The strategy has caught on with the likes of Salesforce.com, which inked an agreement with T-Systems to use that company’s data centers in Germany, as well as IBM, Microsoft, Oracle, Rackspace and VMware — all of which see a future in being on the ground throughout the Europe, Middle East and Asia (EMEA) markets.
IBM is expanding SoftLayer’s cloud data centers globally. According to its latest SEC filings, IBM has opened cloud data centers in London and Toronto and has added cloud capacity in Amsterdam and Singapore. In addition to two federal data centers outside of Dallas and Washington, D.C., Big Blue’s latest plans call for it to open a new data center in Paris before the end of 2014.
A review of Microsoft’s latest 10-Q filing with the SEC shows that the company’s commercial cloud revenue grew $662 million or 128 percent, due mainly to subscriber growth. Microsoft’s Azure revenue also grew 121 percent, reflecting a growing customer base, higher commitment levels and increased usage. The company received a major boost in April when European Union data protection authorities announced Azure met the EU’s strict privacy laws.
VMWare Inc.’s latest quarterly report shows that international revenues outstripped U.S. revenues for the past two years, with a large part of the company’s revenues stemming from its data center virtualization products.
Oracle also posted a 59 percent increase in revenue compared to last year for its cloud infrastructure-as-a-service offerings throughout the EMEA markets, according to its latest quarterly 10-Q report.
These earnings data and the increased investments in data centers support the most recent predictions by International Data Corp. that peg the European cloud market at $8.2 billion next year, an increase from only $560 million in 2010.
A senior Microsoft executive, who spoke to FedScoop on background, said the economics of the cloud are likely just too powerful for organizations in Europe to ignore — even in the face of the NSA and PRISM. “Security concerns are still front and center for certain workloads and PRISM only heightened those concerns,” the executive said. “But many customers [are] segmenting workloads and industry has put security front and center, at least the top tier providers.”
Beyond earnings reports
Agatha Poon, the research manager for global cloud computing at 451 Research LLC, said the revenue figures and growth reported by cloud vendors tell only part of the story.
“It depends on how cloud revenue is recognized,” Poon said, in an email to FedScoop. “Rackspace, for example, they are known to include all email revenue in the total cloud revenue. Some providers may include a portion of the managed services / network services. What is truly driving business growth is debatable.”
San Antonio, Texas-based Rackspace is a managed cloud provider with data centers on four continents. And nearly one-third of the company’s net revenue during the first six months of 2014 came from non-U.S. customers, according to its quarterly 10-Q report, filed in August. “Our growth strategy includes targeting additional international customers as we continue our expansion in continental Europe, the Asia-Pacific region and Latin America,” the company said.
But it is the growth rates over time that may be much harder to recognize, said Robert Neivert, the chief operating officer at Private.me. According to Neivert, earnings growth rates for U.S.-based cloud providers may drop over time because of the continuing fallout of the Snowden revelations.
“The growth rates will fall,” Neivert said. European companies and governments are “starting to look at alternative vendors but this could take months or years. But once they’re qualified it’s long term. Once its done, it’s done for 10 years,” he said.
Neivert also said he doesn’t think U.S. cloud providers have heard the last word from Europe on the Snowden revelations. “As new projects come out, U.S. vendors won’t be allowed to bid on them,” he said.
Requirements: They are a-changin’
Claire Galbois, the London-based director of cloud solutions at Accellion Inc., said the debate about the security of U.S. cloud providers is still “very lively” throughout Europe and has provided “a wake-up call” for many organizations that were once considering public cloud options. The Snowden revelations “made them reconsider the security of their data in the public cloud,” Galbois said, in a telephone interview with FedScoop.
Likewise, the movement toward providers that offer local data storage in Europe is “a very big trend right now,” Galbois said. While there isn’t necessarily a mass exodus away from U.S.-based cloud providers, those that are unable to provide scalable security and data encryption beyond the data center to mobile devices “will be very challenged” in the European market, Galbois said.
“With or without the Snowden controversy, security is still the biggest hurdle for cloud adoption, particularly in the enterprise segment,” Poon said. “Industry verticals that are still subject to stringent regulatory requirements, they are unlikely to offload workloads to third-party public cloud providers. The typical, preferred model we see so far is private cloud deployment — a dedicated private cloud with physical isolation (both on-net / off-net), followed by virtual private cloud [and] hybrid cloud.”
The new demands being placed on cloud providers by European customers may be manageable, but they are also an added cost, Neivert said. “Much of the [Snowden] fallout is also hidden in the cost line, not the revenue line,” he said, referring to emerging requirements to store data locally and add new encryption requirements.
Ben Young, general counsel at Canadian managed cloud provider Peer 1 Hosting, said despite what the revenue data reported by U.S. cloud providers may indicate, his company has seen a massive uptick in the number of potential clients seeking cloud services with written guarantees to avoid U.S. territory and third parties.
“We have seen a huge spike in that since the Snowden revelations — it’s increased five-fold,” Young said. “We’ve seen customers want to attach privacy and security addenda to our contracts. We’ve been part of [requests for proposals] that completely exclude U.S. providers.”
Young said the reaction to U.S. cloud companies has been “decidedly hostile,” and as a result many companies are taking it upon themselves to offer encryption and data centers that are outside the reach of government agencies. “That may be a reason why they’ve been able to stem some of the losses.”
Europe’s reaction to the Snowden revelations may also damage U.S. cloud providers by Balkanizing the Internet and making it significantly more expensive for U.S. companies to do business overseas, Neivert said. “That’s a huge cost structure increase,” he said. “It breaks the scaling capabilities for cloud companies everywhere. They will have to deploy data centers all over the world.” Follow @DanielVerton