An uncomfortable question: Does the cloud provider actually matter?


Today, even the most ardent naysayers are coming out and proclaiming cloud as the only way to do computing. This is especially true in my own jurisdiction of Jersey in the Channel Islands.

With technology suppliers suddenly telling you to use cloud, does it really matter which one you use, who owns the service provider, and where it stores your data? The quick answer to all three questions is ‘yes’ – but let’s look at each one:

Is there a difference between cloud service providers?

This question is probably thought about the least. There are people and suppliers that believe only the large cloud providers can be trusted, but how true is that?

Take Amazon and Microsoft. They’re the largest cloud providers in the world today, having multiple data centres around the world with thousands, if not hundreds of thousands, of customers. However, they have one big, often overlooked issue — they are lock-in clouds. Sure, they have some great technology, but once you start using it, you can’t get out.

Their technology is designed to be proprietary — you have to use them and only them. Whether you use Microsoft’s Azure or Amazon’s AWS, their tools, utilities and APIs only work in their clouds. If you want to move, it will cost you so much money that it becomes prohibitively expensive to leave.

Most companies moved away from technology lock-in years ago, as it hinders creativity and innovation, while ending up costing more in the longer run. Look for a provider that is technology independent, providing the flexibility to move in and out of its cloud services without penalty.

Who owns the cloud service provider?

Does it matter whether they are based in the US rather than the EU, or offshore? Currently this is a very grey area and shouldn’t be taken lightly.

US-based cloud service providers are at the heart of several outstanding court cases in the EU. Microsoft is trying to stop a US government warrant against them for data held in Ireland (they have already lost the initial case and one appeal). The European Court is currently reviewing whether the Safe Harbor agreement (the agreement that the US and EU work under so that data on EU citizens held by US companies meets EU regulations) is still fit for its purpose.

Currently the best advice from legal experts is to not use non-EU owned cloud providers or use a locally based provider within your jurisdiction until these issues are resolved.

Does it matter where data is stored? 

There are several reasons why data residency is fundamentally important. Firstly, most countries have laws about where you can store data, especially data that includes personal information. To ensure you meet these regulations, the best advice is —again—to make sure data is locally held within your jurisdiction or in the EU.

For offshore-specific businesses, most jurisdictions don’t have a legal requirement to keep data offshore, but many businesses will have client data that needs to stay offshore for compliance reasons, let alone client perception reasons. And then there is the very large and looming issue of the soon to be implemented new EU Data Protection law that will be putting enormous new burdens on businesses around data held on EU citizens.

This new law will also be coming to jurisdictions such as Jersey, as they will be required to have broadly the same laws in place to be able to trade with EU countries. This new law will also have a massive impact on US-based providers that will have to abide by the new rules, as well, simply having a data centre in an EU country will no longer suffice. 

Going forward

These examples are just scratching the surface. There are many reasons that choosing the right cloud provider is a critical decision and shouldn’t be undertaken without the due consideration it deserves.

With so many options, don’t be fooled into thinking that all technology suppliers are suddenly experts in cloud or that all service providers offer true cloud computing with free movement of data. And, with the laws around data protection changing rapidly, be certain that your service provider isn’t going to compromise your data protection obligations.

Finally, select a provider that truly understands cloud, security and data protection and places them at the heart of their offerings — ultimately a provider you can trust.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

15 Sep 2015, 11:22 a.m.

Great read, very informative


21 Sep 2015, 3:48 a.m.

Great article. I find that in the cloud delivery model that a provider needs to act more as a partner versus a vendor. For additional insight I humbly submit the follow blog article:


21 Sep 2015, 10:37 a.m.

These are all great points but I think there are a couple of other very important differentiators, both of a 'human' kind. Tha acid test I always apply is............ Has the vendor always run their own businesses on the same infrastructure from day one? If so you can bet its very resilient and highly secure. Examples are Google, Salesforce and Netsuite and of course VMWare as early pioneers. They were offering true cloud ( Google started in 1996) when Amazon was selling books and Microsoft was earning billions of dollars on keeping you on premise (now they're spending millions of marketing dollars trying to persuade everyone they invented cloud!). And as I alluded to before, WHEN they started to offer cloud infrastructures globally is also important. Those guys are on their 20 year iteration, improvement and refresh cycles whereas Azure for example is relatively recent hence the high outage figures when compared to the true pioneers.