Cloud concentration and its discontents¶

The Patrician has observed that Ankh-Morpork’s essential services have gradually concentrated among a small number of providers through entirely natural market forces. The water supply, the waste disposal, and the food distribution are each controlled by guilds that achieved their positions through superior efficiency, aggressive acquisition of competitors, and the natural advantage that comes from being the incumbent everyone already depends on. This concentration is excellent for the guilds and mostly adequate for the city, though The Patrician maintains careful relationships with guild leaders, because the alternative is the city discovering quite how dependent it has become on organisations whose interests and the city’s interests are related but not identical.

The internet’s infrastructure has concentrated similarly. Three companies provide the majority of cloud computing services that underpin enormous portions of global commerce, communication, and digital life. This concentration is excellent for the three providers and mostly adequate for everyone else, though the dependencies create strategic vulnerabilities that become more concerning the more one contemplates them. Most organisations prefer not to contemplate them. The Patrician does.

How we got here¶

The cloud concentration emerged through rational decisions by companies concluding that operating their own infrastructure was expensive, complicated, and provided no competitive advantage compared to using infrastructure provided by specialists. This logic was correct. The migration to cloud computing has been largely successful. These facts do not make the resulting concentration less concerning. Many things that were individually rational produce collectively awkward situations.

The capital requirements for building cloud infrastructure at scale are extraordinary. Data centres cost hundreds of millions of euros. Maintaining global presence across multiple regions requires resources only the largest companies can muster. The barriers to entry for competing with AWS, Azure, and Google Cloud are sufficiently high that new competitors emerge rarely and succeed even more rarely. This is not an accident. It is a consequence of how infrastructure economics work, and it shows no signs of changing.

The switching costs that accumulate as organisations integrate deeply with provider-specific services make leaving difficult even when dissatisfaction is genuine. An organisation using proprietary databases, serverless functions, and provider-specific management tools faces substantial reengineering to migrate. The costs are not insurmountable. They are sufficient that most organisations only switch under duress rather than for modest improvements. The providers are aware of this. The pricing reflects it.

What the concentration actually means¶

Cloud provider outages affect enormous numbers of services simultaneously, because so many depend on the same infrastructure. The outages are typically brief and limited to specific regions. The concerning scenario is a major outage affecting multiple regions through cascading failures, which becomes more plausible as systems grow more complex. When this occurs, everyone simultaneously discovers that their disaster recovery plans were optimistic.

Pricing power is real. Providers can adjust prices knowing that switching costs constrain customer response. They generally use this power cautiously because aggressive increases would accelerate multi-cloud adoption and regulatory attention. The power exists regardless of whether it is currently being exercised aggressively. The Patrician notes that power exercised with restraint is still power, and that the restraint is self-interested rather than permanent.

Service terminations, where providers discontinue services that customers depend on, happen regularly as product catalogues are rationalised. The migrations are customers’ responsibility regardless of disruption and cost. Transition periods are provided. They are sometimes adequate.

The multi-cloud aspiration¶

Many organisations declare multi-cloud strategies to avoid dependency on single providers. The aspiration is reasonable. The reality is that genuine multi-cloud is expensive and complicated, while token multi-cloud provides minimal risk reduction.

Creating architecture that works identically across providers requires using only services available on all of them, which means accepting less functionality and higher costs. The providers’ competitive advantages come from their proprietary services. Avoiding those services to maintain portability means sacrificing the benefits that justified using cloud providers in the first place. This is a genuine dilemma with no tidy resolution.

The common pattern is using different providers for different purposes rather than true redundancy. One provider hosts production infrastructure, another hosts development environments, a third provides specific services unavailable elsewhere. This is multi-provider rather than multi-cloud and provides minimal risk reduction, because losing the production provider is still catastrophic regardless of where development environments live.

The Patrician observes that claiming multi-cloud while actually having a primary provider plus auxiliary usage is common and reflects the gap between stated risk management and actual risk management that characterises most organisational security and resilience planning. He does not find this surprising. He finds it consistent.

The Patrician’s assessment¶

The current arrangement has been efficient and has mostly worked well. In early 2026, Azure growth hit what analysts described as an infrastructure wall, with Microsoft’s shares falling as the scale of AI data centre investment began visibly exceeding what demand could absorb. Whether this represents a temporary friction or the early stage of a structural correction remains to be seen. The concentration will persist regardless, because switching costs increase over time and because even providers experiencing margin pressure remain far preferable to the alternative of building your own data centres during a period of infrastructure overcapacity.

The risks are manageable through careful architecture, data portability planning, and disaster recovery preparation. Most organisations implement minimal precautions because the providers are reliable enough that elaborate preparations seem wasteful. The risk-reward calculation favours minimal preparation until a significant failure demonstrates its inadequacy, at which point everyone simultaneously discovers their assumptions were optimistic. This is the normal cycle.

The Patrician suggests that organisations should maintain awareness of their dependencies, architect for data portability even if they never exercise it, and avoid assuming that current provider behaviour will persist indefinitely. Commercial entities make decisions in their interests rather than their customers’ interests when these conflict. This is entirely rational behaviour from the providers’ perspective. Customers should plan accordingly rather than assuming otherwise.

He has seen many arrangements that worked well until they did not. The cloud concentration is not exempt from this historical pattern. He recommends not being surprised when it eventually demonstrates this.