The Cartographer and the Cloud: Isolationism’s Impact on Cloud Computing
Is the internet truly borderless? Or will digital companies suffer in an era of rising isolationism?
The internet seems borderless. How can cartographers and governments regulate the digital world? Yet as we enter a new era of protectionism, internet companies are surprisingly vulnerable. When Satya Nadella ascended to Microsoft’s top job in 2014, he outlined a “cloud-first” vision for the company.[1] But Nadella’s dream of a cloud-driven future has stumbled at centuries-old national borders. In a major challenge for cloud computing, many countries are introducing data localization requirements that restrict the flow of digital information. Until new trade treaties are written to address these localization requirements, Microsoft’s cloud computing business will face supply chain challenges more familiar to traditional manufacturers than to internet behemoths.
Data Localization and Cloud Computing
What is cloud computing? Very broadly speaking, cloud computing is software provided over the internet rather than on a user’s local device. In Q3 2017, Microsoft’s cloud-based platforms generated $20 billion of run-rate annual revenue.[2] Office 365 enables access to Microsoft Office from anywhere with a web connection. LinkedIn, a Microsoft subsidiary, is the world’s largest professional social network. And Microsoft Azure is a cloud-based service that functions as the backbone for thousands of other internet applications. While these are all cloud-based products, the data ultimately sits on physical servers in data centers around the world. Though the supply chains for these services transport data rather than physical goods, they are nevertheless threatened by protectionism.
Data localization regulations disrupt cloud computing by restricting the flow of data across national borders. These regulations come in many forms, including mandates that companies keep local copies of certain data and bans on taking data out of the country.[3] Countries with data localization requirements include Australia, China, Germany, India, Russia, South Korea, and more.[4] National motivations for these regulations vary and include protecting domestic industry, guarding citizen’s privacy, and enabling government surveillance.[5] Data localization laws create a difficult choice for Microsoft and other cloud computing players: they must either build duplicative infrastructure to store data locally or withdraw from certain markets entirely.
Trade agreements can curb localization requirements and harmonize various national regulations. For example, the now-abandoned Trans-Pacific Partnership (TPP) would have banned local storage requirements and also included a commitment to allow data to cross national borders unimpeded.[6] But in an era of rising isolationism, the prospects for such agreements seem dim.
Living in a Localized World
In the short term, Microsoft has two strategies for managing data localization requirements. When the cost of compliance is high, Microsoft sometimes withdraws from a market. LinkedIn withdrew from Russia in 2016 after the government passed a law requiring local data storage.[7] In other cases, Microsoft has invested substantial capital to comply with these regulations. For example, there are Office 365 data centers located in Japan, Australia, India, Canada, the UK, and South Korea, and a seventh data center is planned for France.[8]
Microsoft has also forcefully lobbied for legal reforms to help control the panoply of national regulations. In 2016, Microsoft published a 222-page book entitled A Cloud For Global Good, which outlined a suggested policy platform to manage the growth of the cloud. The book endorsed the TPP and also supported proposals for a US-EU treaty and a WTO agreement to further curb data localization requirements.[9] Microsoft President and Chief Legal Officer Brad Smith explained, “We’re not fans of data localization—the last thing the world needs is 193 members of the United Nations demanding that data only be stored within their own borders.”[10] Smith has also testified before Congress to draw attention to the issue.[11]
Next Steps
What more should Microsoft do? First, despite the high costs of complying with localization regulations, Microsoft should compete aggressively in international markets. Many of Microsoft’s businesses exhibit network effects. For example, the more users on LinkedIn or companies deploying software on Azure, the more valuable these platforms become. When Microsoft is an early mover in a market, it can develop a sustainable competitive edge. But if local competitors become entrenched while Microsoft sits on the sidelines, those rivals benefit from network effects and become difficult to supplant. Second, wherever data localization requirements exist, Microsoft should lobby for even enforcement. While Microsoft’s size guarantees government scrutiny, smaller competitors may evade detection. As long as costly data localization regulations exist, Microsoft should seek to ensure that competitors cannot shirk these costs.
Many questions remain. What more should Microsoft do to compete in markets where data localization requirements create substantial barriers to cloud computing? And how should Microsoft address the public policy arguments in favor of data localization laws? Though the cloud-computing supply chain is digital, the challenges posed by a new era of isolationism are no less real.
Word Count: 773
Endnotes
[1] Satya Nadella, “Satya Nadella Email to Employees on First Day as CEO,” Microsoft News Center, February 4, 2014, https://news.microsoft.com/2014/02/04/satya-nadella-email-to-employees-on-first-day-as-ceo/.
[2] “Microsoft Cloud Continues to Grow, Powers First Quarter Results,” Microsoft Corporation Form 8-K (filed October 26, 2017), accessed November 14, 2017, https://www.sec.gov/Archives/edgar/data/789019/000119312517321202/d483053dex991.htm.
[3] Anupam Chander and Uyên P. Lê, “Breaking the Web: Data Localization vs. the Global Internet,” Emory Law Journal 64, no. 3 (2015): 677–739.
[4] “Data Localization Snapshot,” Information Technology Industry Council, July 29, 2016, https://www.itic.org/public-policy/SnapshotofDataLocalizationMeasures7-29-2016.pdf.
[5] Chander and Lê, “Breaking the Web.”; Nithin Coca, “The Missing Trade War against China’s Digital Protectionism,” Engadget, September 15, 2017, https://www.engadget.com/2017/09/15/china-digital-protectionism-firewall-trade/.
[6] “Trans-Pacific Partnership Agreement, Chapter 14,” Office of the United States Trade Representative, accessed November 14, 2017, https://ustr.gov/trade-agreements/free-trade-agreements/trans-pacific-partnership/tpp-full-text.
[7] Ingrid Lunden, “Russia Says ‘Nyet,’ Continues LinkedIn Block after It Refuses to Store Data in Russia,” TechCrunch, March 7, 2017, http://social.techcrunch.com/2017/03/07/russia-says-nyet-continues-linkedin-block-after-it-refuses-to-store-data-in-russia/.
[8] “Moving Core Data to New Office 365 Datacenter Geos,” Microsoft Developer Network, September 20, 2017, https://msdn.microsoft.com/en-us/library/dn878163.aspx.
[9] Microsoft, A Cloud for Global Good (Redmond: Microsoft, 2016), 43, https://news.microsoft.com/cloudforgood/_media/downloads/a-cloud-for-global-good-english.pdf.
[10] Andrea Peterson, “Microsoft’s President Explains the Company’s Quiet Legal War for User Privacy,” Washington Post, July 22, 2016, https://www.washingtonpost.com/news/the-switch/wp/2016/07/22/microsofts-president-explains-the-companys-quiet-legal-war-for-user-privacy/.
[11] “Written Testimony of Brad Smith: Hearing on Law Enforcement Access to Data Stored across Borders,” May 10, 2017, https://www.judiciary.senate.gov/imo/media/doc/05-24-17%20Smith%20Testimony.pdf.
What happens when an unstoppable force meets an immovable object? For years, we used to regard everything related to technology (and especially the internet) as an unstoppable force for progress. At moments, we used to believe that there was nothing large tech companies could not achieve eventually. It is remarkable that we are now starting to question this, not on the inherent limitations of scientific and technological knowledge in a market economy, but on the regulatory and protectionist side. Why can’t these super-powerful companies successfully lobby for changes in regulation which would allow them to grow? What are the incentives countries like Russia, China, etc. face when they decide to put pressure on companies to host data locally? My advice for Microsoft would be to shift the discussion away from geopolitical aspects and reflect on the actual costs for doing business which will be passed to the customer as a consequence of redundancy and data localization. But the outlook is not good. States are waking up to the fact (with China leading) that having national control of key digital players will be a key advantage in the international conflicts to come.
TOM2017, thank you for sharing a digital perspective on isolationism, as oftentimes, we just focus on traditional physical forms of commerce.
I agree with TOM2017 that Microsoft should continue to compete aggressively in international markets. In addition to the mentioned network effects, cloud computing providers tend to offer very sticky products and are able to capture additional value as their clients grow. Such can be illustrated by examining Box, a cloud content management provider that publicly discloses churn and expansion data. In its most recent earnings presentation, Box reported 4% churn and 16% net expansion, resulting in 112% net retention. Once acquired, the customers typically deploy the software for a long time and frequently require more storage and a larger contract. Such high retention tends to support a strong customer lifetime value and profitability. Box has grown internationally with “Box Zones” leveraging AWS and IBM data centers in Frankfurt, Dublin, London, Tokyo, Singapore, Sydney, Melbourne, Montreal, and Toronto. While Box needed to invest in the associated infrastructure for these many locations, the company is now cash flow positive with its product stickiness as one of the main reasons. As Microsoft likely experiences high retention as well, it would presumably also see a positive return on its data localization investments.
Furthermore, Microsoft is the most popular global office suite, and consumers and enterprises want to utilize its services. As such, governments should be incentivized to acquiesce to Microsoft’s demands, such as less stringent data localization policies. Microsoft has $138 billion of cash, cash equivalents and short-term investments, so there is plenty of accessible capital to support such lobbying efforts.
Sources:
https://s21.q4cdn.com/328470014/files/doc_presentations/2018/Q3/Box-Q3FY18-Earnings-Presentation.pdf
https://cloud.app.box.com/v/ZonesDatasheet
https://www.microsoft.com/en-us/Investor/earnings/FY-2018-Q1/press-release-webcast
Thanks for posting! I found your description of data localization to be fascinating from both a business and geopolitical standpoints.
As you’ve described in your piece, internet companies face increasing barriers to entry, most notably seen in data localization requirements. Microsoft’s example seems to be particularly reminiscent of the broader complications in American companies seeking to enter the Chinese market (i.e., initiating joint-ventures with local companies, in order to gain access to the market).
On the geopolitical / historical front, your piece reminded me of the work of a well-regarded Harvard historian, Charles S. Maier. In much of his work, Maier describes the role and evolution of “territories” over time. In his description, the frontier is essentially the fault line over which empires contest for supremacy. Based on your article, there appears to be a new frontier emerging as it relates to countries’ data. It will definitely be an interesting development to follow in the future.
Brief review of one of Maier’s books: http://www.columbia.edu/~saw2156/TheFinalFrontiers.pdf
TOM2017 and khernandez, what an interesting marriage of age-old policy and 21st century technology.
Another piece of this picture that would be interesting to explore is how cyber attacks and cyber threats affect thinking about the relationship between data security and national security. As US residents, we’re on the “same side” as many of the largest data storage and online identity providers. I’d be willing to bet that if Alibaba were running data centers with sensitive information in the US, the government would take an interest.
Do you think data could become such a critical and sensitive part of our national infrastructure that it would be regulated like the electrical grid? I mean I’m not hoping for his future because utilities have a bad rep for efficiency and innovation, but government-regulated monopolies or oligarchies seem to be the go-to solution for any infrastructure where national security is involved.
Really great read. I’d been exposed to forms of data localization requirements in my previous life for countries such as China but did not realize so many other countries had similar regulations. Also, never thought of the impact of trade agreements on data flow, so I really learned a lot here.
Partly based on my ignorance to this topic before reading your piece, I would recommend Microsoft and other tech firms to do even more lobbying and public relations efforts to increase awareness. These efforts should be two-fold. One they should be here in the States so that trade agreements remain intact or form anew. Second, they should go to the markets with the requirements and educate the citizens there on the benefits they are missing out on due to these regulations.
I agree with John that the NPV of investing in global expansion is more than likely positive with a long road to achieve it. I think Box’s choice to share data centers with others makes a ton of sense. I think you could see the rise of a third party willing to own these data centers and lease them to AWS, Box, Microsoft, etc. if these policies continue. I think partnerships to absorb costs together is the best short-term solution in a world of continued regulations.
I think per the essay’s point that smaller companies may evade detection, Microsoft can promise the governments greater transparency, security, quality, and other forms of protection to their country vs. just passing on costs to consumers as Tigran suggests. As there will be many fragmented competitors, passing on cost becomes less feasible to stay competitive.
Thank you for the article!
I would mention that even though LinkedIn is officially blocked in Russia, many users still use it through VPN services that are extremely widespread (at least as of now) – 60% of Russian users are retained. [1] Microsoft refused to move its data center to Russia due to political and economic reasons (prices for utilities, services, etc). At the same time, those users that had premium accounts and used LinkedIn extensively are continuing to use it. In my opinion, LinkedIn and Microsoft made a great choice – haven’t lost much revenue and avoided additional costs.
[1] https://www.similarweb.com/website/linkedin.com#overview
This article was fascinating and I had some firsthand experience working around such regulation when I worked in UK. I was tasked with CRMs and databases to store our contacts and the Software as a Service (SaaS) that was the best fit for the organization unfortunately didn’t comply with EU data regulation’s privacy shield because it was based in the US and most of their customers were in the US. My understanding is that there is a review next year to further tighten these regulations, which has been largely led by Germany to increase privacy requirements. This raises costs for software companies and I’m sure Microsoft is no exception.
I wonder how much Microsoft and other software companies can pressure governments to ease access across borders. Even in the US, we are about to lose net neutrality and that is already the reality for countries like Portugal. Such regulation will also limit what services Microsoft can provide over the cloud.
https://www.privacyshield.gov/welcome