Almost every tech innovation or service gets cornered eventually by Big Tech, a perhaps inevitable consequence of scale, resources, and convenience.
But if left unchecked, this risks creating a parallel tech industry where only these behemoths define the pace and trajectory of digital transformation.
Unfortunately, this trend is seeping into cloud security, where the grip of the top cloud providers is gradually tightening.
This growing consolidation in such a crucial sector raises serious questions about competition, innovation, and business security.
To understand the dynamics at play, Techopedia sought insights from cloud professionals to determine whether the cloud security vertical is edging toward market dominance by select providers.
Key Takeaways
- Experts warn of the risk of cloud security monopolies by Big Tech providers.
- Vendor lock-in strategies limit innovation and customer choice — is it a fair price for security?
- Smaller security vendors face challenges competing with giants, and regulatory scrutiny on bundled security tools may intensify in time.
- There are calls for vendor-agnostic tools to safeguard cloud security in a free market.
Experts Fear “Walled Gardens” Will Define the Future of Cloud Security
Over the past decade, cloud computing has become the backbone of modern business. Statista’s recent market report shows that in the past year alone, cloud service revenue reached $313 billion and continues to be dominated by AWS, Microsoft Azure and Google Cloud Platform. This growing reliance on cloud infrastructure has, in turn, amplified the importance of cloud security.
However, the fact that approximately 63% of the cloud market is in the hands of a few top providers raises the specter of anti-competitive behavior in cloud security, a critical component for the long-term viability of the cloud ecosystem.
While there are smaller players in the cloud security segment, the level at which the cloud big boys are offering a comprehensive suite of security services integrated within their cloud platforms should not go unnoticed.
Jacob Kalvo, cloud and cybersecurity expert and CEO of Live Proxies, told Techopedia that this trend represents a growing winner-takes-all approach to cloud security offerings that is difficult to ignore.
He said:
“AWS Security Hub and Azure Sentinel would seem to offer a highly appealing proposition of convenience to companies in their respective estates.
“However, the problem is that this may create barriers for startups and independent vendors, who are generally seen to drive critical innovation.”
Other voices in the industry express similar concerns. “Big Tech, particularly companies like Amazon, Google, and Microsoft, has effectively cornered the market on cloud security offerings,” Kenny Van Alstyne, CTO at SoftIron shared with Techopedia.
Alstyne pointed out that a key issue is the tight integration of these companies’ security tools within their larger cloud platforms.
As an example, he cited Amazon’s suite of cloud security services, including IAM, KMS, CloudTrail, and Secrets Manager, explaining that these tools create a deep vendor lock-in, making it costly and complex for customers to switch to other platforms once they’ve become reliant on the AWS ecosystem.
John Jackson, founder of Hitprobe, a UK-based click fraud protection platform, offered a slightly different perspective, telling Techopedia that while a cloud security monopoly hasn’t yet materialized, the industry is sliding towards that direction and warrants attention.
Joe Warnimont, Security and Technical Expert at HostingAdvice, concurs with Jackson’s assessment that the cloud security space is “dangerously close to a monopoly”.
He further explained:
“The situation is a combination of what I call a “walled garden” and vendor lock-in, two of the main grey areas that brands use to argue they’re not a monopoly.
Warnimont argues that while “it’s possible to fuse third-party security tools within major cloud platforms, it’s pretty much a fool’s errand to try to merge, for instance, a non-Microsoft security tool with the tightly integrated collection of tools like Entra, Defender, and Azure.”
Will the Time Come for Antitrust Scrutiny?
Tech giants, including Meta, Microsoft, Google, and Apple have all been targeted for various antitrust cases in recent months.
As concerns about cloud security monopolies continue to grow, the possibility of antitrust regulatory involvement comes into question.
Alstyne suggested it’s less likely than the scrutiny of Google’s hold over search.
He said:
“Unlike the consumer-facing search monopolies, cloud security and infrastructure services are seen as more niche and specialized, which might make them less likely to attract immediate regulatory attention.”
However, he acknowledged that tight bundling of security solutions with other cloud offerings could eventually draw scrutiny if deemed anti-competitive.
Warnimont offered a similar perspective, arguing that the Google search differs fundamentally from potential cloud security monopolies.
He maintained that while regulators can readily identify Google’s anti-competitive practices, driven by profit and market dominance, cloud security providers have legitimate reasons to protect their infrastructures. However, he pointed out that some companies’ methods of “guarding” their ecosystems raise antitrust concerns.
Using Amazon as an example, Warnimont explained that the company bundles many cloud security features for free with its cloud services, a strategy he argues is “not protecting their ecosystem but forcing out smaller players in the market.”
This tactic, he suggested, uses profitable segments to subsidize less profitable ones, creating insurmountable pricing challenges for smaller competitors.
In the event of antitrust scrutiny, authorities would likely examine pricing strategies and broader cloud service bundling with security offerings to determine whether they are designed to disadvantage smaller competitors.
This scrutiny is currently playing out in both the U.S. and Europe, and while it is not solely focused on the cloud security segment, it is nevertheless relevant to the concerns raised about potential cloud security monopolies.
For instance, the UK Competition and Markets Authority has launched a legal battle against Microsoft for allegedly violating antitrust laws with its cloud services.
Meanwhile, the European Commission is stepping up efforts to tackle cloud monopolies with new antitrust regulations.
Why The Impact is Beyond Antitrust Concern
The risk of monopolies, even debatable ones, is that they stifle innovation. According to Warnimont, while bundled cloud offerings from companies like Amazon and Microsoft might seem convenient, they reduce the incentive for these large businesses to innovate and address customer concerns.
Moreso, it puts smaller, innovative security vendors at a disadvantage as they are often forced to work with the demands of major cloud providers and integrate with their native tools, or risk being left behind.
Echoing similar views, Sammy Basu, Founder & CEO of Careful Security, expressed concern that the dominance of major cloud providers impedes development.
He explained that while smaller, more agile companies often drive security innovation, they often struggle to compete with the “big three” due to their limited scale, higher costs, and lack of extensive data centers and customer bases.
Alstyne added that bundled cloud security offerings from the big three present customers with a difficult choice: either fully commit to a single vendor’s stack, sacrifice flexibility, and incur higher long-term costs, or adopt a “least-common-denominator” approach.
He concludes that cloud security is becoming more about managing complexity than genuinely improving it.
The Bottom Line
While it’s easier to accept Big Tech’s dominance in capital-intensive areas like AI, quantum computing and space exploration, the risks are greater in cloud security, given the cloud’s central role in business.
Monopolies threaten to shut out smaller competitors, hold back innovation, and often force them to play along or fade away, which leaves consumers shortchanged in the long run.
Therefore, there is a need to push for more vendor-agnostic security tools and frameworks that can be integrated across different cloud providers such as AWS, GCP, and Azure and on-premises systems such as VMWare, and OpenStack.
Otherwise, we risk being locked into a future where a few giants call the shots, making us all more vulnerable.
FAQs
What is a “walled garden” in cloud security?
Why are Big Tech companies dominating cloud security?
What are the risks of a cloud security monopoly?
Can vendor-agnostic tools prevent cloud security monopolies?
References
- Chart: Amazon Maintains Cloud Lead as Microsoft Edges Closer | Statista (Statista)
- Simplify IT. Regain Control. Transform Your Business. | SoftIron (Softiron)
- Stop Click Fraud Fast — Easy Setup — Rock Solid Protection (Hitprobe)
- Microsoft faces UK lawsuit over cloud computing licences | Reuters (Reuters)
- Expert Cybersecurity Solutions for Businesses and Startups | Careful Security (Carefulsecurity)