Tag: cloud computing

Posted on by

AWS and Microsoft could face ‘targeted intervention’ from CMA over UK cloud competition concerns

The competition watchdog has published the provisioning findings from its long-running investigation into the inner workings of the UK cloud infrastructure services market, which shows that competition in the sector is not working as well as it could be. For this reason, Kip Meek, chair of the CMA’s independent inquiry group, said it is advising the regulator to “consider investigating the largest cloud service providers using its new digital markets powers”.

This is because its findings suggest end-user organisations could be paying more than they need for cloud services, and are possibly at risk of being locked into using platforms that do not meet their “evolving” needs.

In a seven-page report, detailing the provisional findings of its investigation, the CMA said the lack of competition in the cloud market could mean UK customers are collectively paying hundreds of millions more per year than they need to for services.

It went on to state that UK cloud users can be locked into their “initial choice of provider” due to technical and commercial barriers that prevent customers from seeking out the services of other cloud suppliers who might have better-priced or a more innovative portfolio of services.

“We have provisionally found that AWS and Microsoft have been generating sustained returns from their cloud services substantially above their cost of capital in cloud services for a number of years,” the report said. “Customers say that cloud services offer both quality and innovation to them. However, we consider that a more competitive market would have sustained better market outcomes, including more consistently competitive prices, as well as further improvements in quality and innovation.”

Controversial licensing practices

The report also called out Microsoft’s controversial licensing practices, which typically see it charging customers more for running its software in its competitors’ cloud, as impacting on the competitive position of AWS and also Google by “partially foreclosing” them from the market.

As well as being in-scope of the CMA probe, Microsoft’s behaviour on this front is also the subject of a European Commission complaint, filed by Google in September 2024.

“[The licensing piece] exacerbates the harm we have provisionally found arising from high market concentration and barriers to entry and expansion in relation to Microsoft’s significant unilateral market power,” the report added.

To remedy the situation, the report suggests the CMA board should use powers conferred on it through the roll-out of the Digital Markets, Competition and Consumers Act 2024 (DMCCA) on 1 January 2025 to mark AWS and Microsoft out as suppliers with “strategic market status”.

This would mean the CMA could impose legally binding conduct requirements or pro-competition interventions on both firms to limit and remedy the toll their activities have allegedly had on the market.

As detailed in the report, such powers are “specifically designed to be effected in digital markets … that share a combination of characteristics that can cause them to ‘tip’ in favour of one or a few firms” by allowing the CMA to take a “targeted and iterative” approach to tackling the behaviour of such providers.

“We consider that measures aimed at AWS and Microsoft would address market-wide concerns by directly benefiting the majority of UK customers and producing wider, indirect effects by altering the competitive conditions or other providers,” the report stated.

Before any action can be taken by the CMA, a consultation on the provisional findings of its investigation needs to take place, with cloud market stakeholders now invited to share their feedback on the conclusions raised so far. The final report from the CMA’s investigation is due to drop by 4 August 2025.

In the meantime, AWS has responded to the CMA’s provisional findings by describing its proposed intervention under the terms of the DMCCA as “not warranted”, and urged it to think about the long-term impact of such a move.

“We urge the CMA to carefully consider how regulatory intervention in other areas will stifle innovation and ultimately harm customers in the UK,” a spokesperson for AWS said. “We will continue to work constructively with the CMA as they work on their final report.”

Rima Alaily, corporate vice-president and deputy general counsel in the competition law group at Microsoft, seemed to suggest in a statement to Computer Weekly that the contents of the CMA report are mistargeted. 

“The draft report should be focused on paving the way for the UK’s AI-powered future, not fixating on legacy products launched in the last century,” she said. “The cloud computing market has never been so dynamic and competitive, attracting billions in investments, new entrants and rapid innovation. What could be better for UK businesses and government?”

Meanwhile, Chris Lindsay, vice-president of customer engineering for Europe, the Middle East and Africa at Google Cloud, said the company was pleased to see the impact that restrictive licensing practices have on cloud customers feature in the CMA’s provisional findings.  

“Restrictive licensing harms UK cloud customers, threatens economic growth and stifles innovation, and we are encouraged that the CMA has recognised the harm of these practices,” he said.

Source

Posted on by

Challenging the cloud giants: Is a new era of competition on the horizon?

The UK’s Competition and Markets Authority (CMA) sent shockwaves through the tech industry in October 2023 when it announced its investigation into potential anti-competitive practices in the UK cloud infrastructure services market.

The CMA is not ploughing a lonely furrow: regulators across the world – from Spain and Denmark to South Africa and (if reports are to be believed) the United States – are examining various aspects of cloud computing and its impact on competition.

This scrutiny is long overdue, and it marks a significant step forward. For too long, regulators have looked the other way as the Western world’s cloud market quietly amalgamated around just two cloud providers.

While these tech giants have undoubtedly played their part in a global digital industrial revolution, their dominance is often accepted as an inevitable and unchangeable reality – even if it may have been achieved by anti-competitive practices. 

This implicit acceptance of the status quo is a false narrative because there are alternatives. Challenger cloud providers stand ready to compete, asking for nothing more than a level playing field.

For inquiries like the CMA’s to succeed, it is crucial that decision-makers do not allow the dominant cloud providers to monopolise the conversation and they need to give equal weight to the voices of those challengers.

At the beginning of next year, we will learn about the CMA’s provisional opinion on the four “theories of harm” under investigation.

These range from concerns about exploitative pricing practices to barriers that restrict customers from switching providers.

During the summer, the CMA proposed numerous remedies to combat these. While we can’t second guess the exact conclusions, one thing is clear: challenger cloud providers hold strong and united views, based on decades of cumulative experience.

These challengers offer a vital dose of reality to what can often become dry, legalistic debates.

 While the industry may be guilty of using jargon like “data egress fees” and “anti-competitive licensing practices”, these terms have real-world consequences. 

Ask a challenger provider to explain what these practices mean for their business, and you’ll hear stories of dominant players charging exorbitant fees to customers who try to leave their platforms or dramatically increasing the cost of widely-used software when it’s run on a competitor’s cloud. These practices have profound implications for competition.

If the CMA can create a framework that enables competition, the benefits will ripple through the market. Challenger cloud providers, with their agility and innovation, will drive down prices, expand consumer choice and spur further technological advances. They will also help to address critical concerns like cloud concentration risk and digital resilience, which become ever more pressing as our dependence on cloud services grows.

The stakes couldn’t be higher. This isn’t just about today’s challengers and consumers; it’s about future-proofing the entire cloud ecosystem. Emerging markets such as AI and quantum computing – both heavily reliant on cloud infrastructure – must not fall victim to a “winner takes all” scenario.

 Such an outcome would stifle innovation and concentrate power in ways that could threaten global digital resilience and even national security.

The CMA, alongside its international counterparts, has a unique and urgent opportunity to reset the dial. This is a moment to usher in a new era of openness, competition, and fairness in the cloud market.

Challenger cloud providers will be watching closely to see how the CMA’s provisional decision translates into meaningful solutions that benefit not only the industry but also consumers, the wider economy, and the future of digital innovation.

While the last twelve months may have fired the starting gun on investigating the cloud market, the next twelve could be when we see real change begin.

Source

Posted on by

What do the Home Secretary’s policing reforms mean for the future of the Police Digital Service?

The Department for Science, Innovation and Technology (DSIT) has become a landing zone for Whitehall’s various digital functions since the new government came to power in July 2024.

Responsibility for running the Government Digital Service (GDS) and the Central Digital and Data Office (CDDO) has transferred from the Cabinet Office to DSIT, but it seems the government’s digital reshuffle might not be over yet.

On 19 November 2024, home secretary Yvette Cooper released a statement about the government’s plans to take a more “active leadership role” to restore the public’s waning confidence in UK policing.

“Confidence in policing has fallen in recent years,” she said. “Visible neighbourhood policing has been decimated. At the same time, crime has become more complex, and policing lacks the systems and technology to respond. Police, and the public they serve, need a system that is fit for purpose and fit for the future.”

The policing sector needs to be reformed, she continued, to ensure it can operate effectively and efficiently – and so that local forces can improve the level of service they provide to the public.

The statement outlines the various actions the Home Office will take to achieve its goals, including the creation of a National Centre of Policing (NCoP) that will have IT in its purview.

“We are determined to work with policing to consult on the creation of a new National Centre of Policing to bring together crucial support services, such as IT and forensics, that local police forces can draw upon, to raise standards and improve efficiency,” it said.

The Home Office’s involvement in UK police IT

What is notable about this is that the Home Office already has a hand in directing the UK’s policing sector’s technology use, through its funding of the privately owned Police Digital Service (PDS).

According to the most recent set of accounts, filed with Companies House on 28 November 2024, the Home Office National Police Capabilities Unit provided PDS with a £32m grant during the financial year ending 31 March 2024.

Previous accounts from PDS have neglected to provide details of the exact size of the grants or funding the Home Office has provided the organisation with.

However, Computer Weekly understands the department defines the £32m grant as being a single-year funding stream, issued on the “basis of need”. As such, there are no guarantees PDS will receive a Home Office grant from one financial year to the next.

For context, during the financial period this grant was issued, PDS made a loss of just over £1m in 2024, having posted a profit of £2.4m in 2023. Its staffing costs also increased from £11.9m to £20.4m during the same 12-month period.

The organisation is tasked with the development and delivery of the National Policing Digital Strategy, which is focused on enabling forces through technology to tackle increasingly complex crimes and, in turn, improve public safety.

With the Home Secretary emphasising the need for more efficiency in policing, does it make sense for two organisations with similar-sounding responsibilities to exist when there is a risk that they could be duplicating efforts?

PDS reform

Owen Sayers, an independent security consultant and enterprise architect with over 20 years’ experience in delivering national policing systems, told Computer Weekly back in mid-July 2024 that he expected the new Labour government would seek to reform PDS when they came to power.

Several months on and it appears his prediction could be coming true, with Sayers now of the view that PDS, or at least its responsibilities, will most likely end up getting folded into NCoP. “I do not doubt the Home Office will seek to build on the work that PDS has done thus far, just as the new administration has lifted the entirety of the CDDO and GDS and placed them into DSIT to ‘continue their good work’ and ‘rely on their expertise’,” he said.

That said, PDS does “carry significant baggage”, he continued, which might make it difficult for the government to “base any new central service upon them”.

To this point, two individuals working for PDS were arrested and bailed in July 2024 on suspicion of bribery, fraud and misconduct in public office – and within two weeks of this news being made public, the organisation’s CEO – Ian Bell – resigned.

The organisation has also been heavily and repeatedly criticised in the past for championing the use of US-based hyperscale cloud services by the policing sector, despite there being a persistent misalignment between how these platforms operate and the policing sector’s own data protection laws.

“PDS, in particular, has overseen and promoted adoption of technologies that breach UK data laws, and that’s not a great CV,” said Sayers. “In addition, there remains serious questions as to whether a body packaged as a profit-making limited company, operating in the heart of government, is an acceptable model to build upon.”

Particularly one that is losing money and receiving multimillion-pound grants from the government. “Making a loss for a public body is nearly as bad as making a profit,” he added.

Invoice data

Invoice data from public sector market watcher Tussell shows that – despite reporting a loss of over £1m for the 12 months to 31 March 2024 – PDS brought in £29.6m of business.  

Computer Weekly contacted the Home Office for clarification on what the creation of NCoP means for the future of PDS, but the department did not directly answer the question.

Computer Weekly also contacted PDS to see if it had received any indication from the Home Office about what the creation of the NCoP means for its future, and received a statement in response from its interim CEO, Tony Eastaugh.

There is no detail in the statement about how PDS and the NCoP will be expected to coexist, but Eastaugh said his organisation “hugely welcomes” the prospect of the NCoP’s creation, describing it as a “once-in-a-generation opportunity” for the policing sector to “design, build and deliver a new construct” that will make communities safer.

“PDS exists solely to support our policing colleagues in that mission – and so we welcome the prospect of being asked to bring our skills, experience and expertise to the discussions on how digital, data and technology in law enforcement needs to look over the coming years,” he said.

“It’s genuinely an exciting opportunity for all of us to deliver tangible change – and PDS is fully committed to doing everything it can to help build that new body with colleagues from across the sector.”

The need for reform

On the same day Cooper’s statement about the need for policing reform went public, she gave a speech at the National Police Chiefs’ Council and Association of Police and Crime Commissioners annual conference, where she shared a few more details about the NCoP’s remit.

“As a starting point, I see this body [NCoP] taking on responsibility for existing shared services [and] national IT capabilities,” she said, having talked about “outdated technology holding policing back” earlier on in her speech.

As an example of this, she pointed to the 50-year-old Police National Computer (PNC). “It was cutting-edge when I was five,” said Cooper.

The government is already working with the sector to create a “collaboration and efficiencies” programme that will seek to cut the costs of IT contracts, among other things, in the interests of saving “hundreds of millions of pounds over the next few years” that can be reinvested in frontline policing, she continued.

“[We’re also] working with you on tackling the bureaucracy that drags policing down – including reforms on redaction, and use of new technology – to free up more time for officers to get back on the frontline,” said Cooper.

Expanding on this point, she said technology procurement is an area that every force wrestles with repeatedly, “with the same questions about new software, IT changes or records management – wasting time, pushing up costs and creating news systems that aren’t even interoperable”.

“Instead of technology driving great leaps forward in policing, too often it is holding policing back,” said Cooper.

Technological changes

Calum Baird is a digital forensics incident response consultant at managed security services provider Systal Technology Solutions, who previously served as a detective constable specialising in cyber investigations for Police Scotland. Speaking to Computer Weekly, he said there are myriad ways that forces are hampered in their ability to fight crime and protect the public because of IT limitations, but also because of how quickly changes to the technological landscape occur.

“Legislative change can take time, and often technology advances at a faster pace, [and] this means that police and legal professionals have to identify how potentially criminal acts fit into existing legislation,” said Baird.

“[Also] think about recent advancements, such as generative AI, cryptocurrency and cloud computing – many of which lack explicit mentions in existing legislation,” he said.

At the same time, forces are often on the back foot when it comes to tackling online forms of crime, because officers need a mix of both investigative and technical skillsets to do so effectively.

“These can be a challenge to develop individually, and even more challenging to develop continually,” said Baird. “Investigative skills take time to develop in law enforcement, and whilst they can be taught, much is learned through practical experience.”

“Cyber security technical skills [as an example] can be developed, but require considerable dedication and often funding to do so,” he said.

What the future holds

For the time being, it remains to be seen how PDS will fit in with the Home Office’s vision of what the future of policing should look like.

However, Secon Solutions’ Sayers said the Home Office would be wise to “turn back the clock” and seek inspiration from how IT was delivered across the policing and criminal justice sector during the latter stages of the last Labour government. “[Back then] the UK had services that were internationally considered to be at the leading edge – both in terms of their technology adoption and exemplars of good governance,” he said.

Sayers cited the Labour government’s early 2000s “Joined-Up Justice” Criminal Justice IT (CJIT) programme that sought to link up the IT systems used by the police and court system. The National Policing Improvement Agency (NPIA) was another example called out by Sayers.

The latter was a non-departmental public body created in 2007 that was set up to support police by providing expertise in IT and data-sharing, among other areas. It closed down during the 2012–2013 financial year.

“During NPIA and CJIT’s tenure, they introduced over 30 national systems, and a host of lesser-known, but still critical, public safety systems,” he said.  

“They worked hand-in-hand to deliver on the joined-up justice agenda, reflecting the reality that criminal justice has many participants, but that for the bulk of cases, the data journey begins in policing,” said Sayers. “This means if the integrity of the data or IT is compromised there, it will never regain good provenance, and the justice process suffers accordingly.

“Rebuilding police technology has to be recognised as foundational to rebuilding all justice IT, and requires organisations to be modelled more on NPIA and CJIT models than police-centric structures like PDS,” he added.

More specifically, Sayers said he would like to see the NCoP change the direction of travel for policing IT, which has seen the sector develop a growing reliance on the US-based cloud hyperscalers, despite their services being “wholly unsuitable” for police and justice use.

“Those technologies are familiar, popular and helped the UK to manage Covid, but the pandemic is behind us now, and we need to build technology platforms suitable for a more diverse operating future,” he said. “Tactical decisions hastily made to address times of urgent need are rarely the right fit for strategic use and growth.

“That is, however, exactly where we are today in policing – where systems born out of our need to react to Covid are being increasingly built upon to form, and constrain, our future thinking,” said Sayers. “We need to be brighter than that.”

We also need the policing sector to start adopting technology offerings that are “optimised for UK laws” because they are built by homegrown providers.

“This does not mean we revert to monolithic and non-interoperable systems … nor should we continue to invest in single-provider technology stacks that lock UK criminal justice into generic commercial services requiring us to compromise on the UK’s mandatory security and vetting requirements – or require UK laws to be changed for use,” said Sayers.

“Whatever the NCoP’s form, it should be tasked to include delivery of a future technology landscape that is based on open standards and federated services, and can provide services at a national scale independent of a reliance on a primary supplier,” he said.

“The next five years can see a renaissance of UK-bred justice technology innovation, but only if the government are brave enough to choose to do so.”

Source