The next bailout: Clouds too big to fail
Whilst regular hacking incidents have illustrated the security risks of the cloud to both enterprise users and consumers, the more subtle systemic risk of whole swathes of information infrastructure operating on common platforms has become apparent only as public cloud has become widely used. AWS has suffered a number of high profile outages, as have other public clouds.
Each of these became obvious to users because of the number of apparently unrelated sites and services that all fell over at precisely the same moment because of their shared infrastructure.
Some, including Steve Bezier of Canalys (who previously questioned the financial soundness of the entire cloud model have made the intriguing suggestion that this systemic technical risk could mutate into financial risk if a major cloud provider went bust.
Vital national infrastructure?
If a cloud provider hosted enough of the economy, would a government have to bail it out if it got into trouble? The history of financial crises in banking and public transportation suggests that the answer is yes. Operators of vital national infrastructure, whether railways, airlines, ports, bridge, or financial institutions have been rescued from financial collapse either overtly or covertly by governments for almost as long as they have existed. The failure of a cloud infrastructure provider operating, for example, 5% of a nation’s ecommerce and enterprise IT could cause short-term disruption on a scale comparable to many large pieces of physical infrastructure.
Just as governments have historically intervened in a wide range of industries, they have also been unwilling to recognise and respond to the evolving systemic risks that make this necessary. States have generally recognised risks of this kind only when forced to by their crystallisation – a point made succinctly by Joseph Stiglitz regarding the financial system: ‘There are two kinds of country; those with federal deposit insurance, and those who don’t know it yet’.
Were a nationally-significant cloud outage to occur, and a government be forced to intervene, this would likely be followed – as in banking, railways, and utilities – by regulation. Pursuing this to its logical conclusion, governments could potentially identify ‘systemically important computing providers’, require them to hold minimum levels of capital, and establish mechanisms for winding them down if they failed.
Such a regime would increase the operating costs of cloud. At the same time, it could turn public cloud into a stable oligopoly with big regulatory barriers to entry – like banking – reducing its risk, increasing its appeal to investors, and therefore reducing its cost of capital. What the net result in terms of cost and service would be for users is unknowable; a stable regulated cloud industry could be appealing, but there is no guarantee that at equilibrium it would be as large as the industry expects.
The ideas and conclusions contained in this column are the author’s own and do not necessarily reflect the views of Livingstone. They are for general interest only and should not be taken as investment advice or as an invitation to purchase or sell any investment.