In a press and analyst Q+A at VMworld Europe, Bill Fathers, Executive Vice President and General Manager Cloud Services at VMware, made a bold statement. He stated that from the VMware perspective, a network of (regional or local) service providers will better help in fulfilling customer requirements (particularly around compliance and data sovereignty) than a single, homogeneous US entity can do.
The statement was been made during a discussion of the impact the recent EuGH (Europäischer Gerichtshof, European Union High Court) decision on whether the U.S. can still be considered a “Safe Harbor”.
When I think again about the multitude of conversations with US-based cloud providers, these companies can be grouped in four segments:
- Some rely on other IaaS providers for delivering their PaaS or SaaS service.
- Some have their own US only data centers.
- Others have started building their own data centers in other regions such as the EU or APAC. Among these, there are again two groups: The ones that can split data per tenant, which includes most service providers focused on enterprise customers, and the ones that aren’t capable of doing that, such as search engines and “social” networks.
- The fourth group are providers that rely optionally or exclusively on local or regional service providers.
Some are supporting both approach #3 (with segregated tenant data) and approach #4.
VMware, with its One Cloud approach focusing on the technology enabling the range between fully on-premise and fully cloud-based delivery models, obviously is well-targeted to push model #4 – their core business is not delivering IaaS or a single SaaS solution, but the underlying technology for building such infrastructures. Furthermore, VMware also supports an approach they’d call a #3+ model. They are using own (or partnered) data centers running VMware-operated cloud services. These are designed to operate under local country-level legal jurisdiction and privacy laws. E.g. in Germany, vCloud Air has an contract based on EU model clauses with legal and privacy addendums specific to German law, which allows for greater confidence in addressing exactly these types of challenges. VMware currently has 11 data centers worldwide running vCloud Air, each operating with this focus on local country-level legal and privacy specification. When that still isn’t enough, VMware supports approach #4 – services powered by the vCloud Air stack but operated by the VMware partners.
Obviously, relying on a network of (regional/local) service providers eases the compliance and security discussion significantly. If the service is provided locally, it is far easier to comply with the ever-changing and ever-tightening regulations. And providing multiple options to the customers allows them making decisions based on local regulations, their specific understanding and requirements for compliance, their risk appetite, and other aspects such as pricing.
Clearly, going regional is not the only possible answer – but having that option available has a strong potential for shortening sales cycles. There is more than one answer for dealing with the regulatory challenges and customers concerns. Regional services operated by local service providers is one of them.
Notably, I wouldn’t rate “going regional” as a “balkanization” of the cloud market. It is not (primarily) about splitting up related data. In contrast, most commonly data and processing move closer to the tenant, which even provides advantages regarding potential latency issues.
Finally, when it comes to understanding cloud risks when selecting cloud service providers, you might ask KuppingerCole for our standardized Cloud Risk Assessment approach.