On 25 September 2020, the Cigref “Supplier Relations” Club organised its third press conference to share a review of this eventful 2019-2020 year in the digital services market with regard, on the one hand, to the relationship between user companies and major IT vendors and, on the other hand, to the market trends as perceived by the Cigref member CIOs.
Cigref represents 150 companies and public administrations, which together account for 1,700 billion euros in cumulative turnover and 50 billion euros in overall IT budgets.
Cigref Supplier Relations Club currently brings together 8 working groups (on AWS, Google Cloud, IBM, Microsoft, Oracle, Salesforce, SAP, and the Value in use of collaborative suites). These 8 groups constitute a community of 558 employees belonging to Cigref member organisations.
During the press conference, the President of Cigref and the President of the Supplier Relations Club developed the following messages:
- Suppliers have shown resilience during the crisis and have been very involved this year in Cigref’s working groups. However, not all of them have been cooperative partners in supporting the customers most in difficulty during the crisis.
- The health crisis has revealed, and sometimes accentuated, structural failures in the digital services market, particularly in SaaS and cybersecurity domains.
- Digital sovereignty has become part of the citizen’s debate. It must be obtained at the European level, through better cooperation between European players and through regulation.
- Cigref and its European associative partners see a real opportunity in the strategy of the new European Commission presidency to build a trustworthy digital Europe, which brings all players to play according to the same rules of competition.
Recurring revenue and customer lock-in: end the drift away from the SaaS business model
The search for recurrent revenue from SaaS providers (whether digital giants or smaller, native cloud players) leads them to reproduce certain illegitimate commercial practices from the software world. User organisations observe similarities in the SaaS maturity curve. This leads inexorably to customer lock-in and tariff stranglehold. The drama is played out in 4 acts:
The first act is the adoption of services by early adopters as the market is emerging. Customer and supplier are in the co-construction and co-promotion. There is a mutual transfer of expertise, it’s the honeymoon.
The relationship remains in good shape during the second act, which is the extension of the functional coverage. The volume of purchases continues to grow, driven by internal demand and the large-scale deployment of solutions throughout the group.
The relationship is slightly deteriorating during the third act, although the growth in acquisitions continues, driven by functional improvements, new features and the re-packaging of services by the supplier. Nevertheless, the client is looking to reap the benefits of past investments and is reluctant to accept “gadget” solutions pushed by the suppliers’ sales forces.
Act four is the market maturity and the hardening of business relationships at the time of renegotiation.
Should act five be the divorce act? It is neither in the interest of the customers nor in the interest of the suppliers that the relationship ends with the termination and the start of a new non-virtuous circle with another competing supplier.
Cigref also observes that suppliers are beginning to offer payment for added value rather than for use or users. For Cigref, value-added payment is not a satisfactory response to companies’ search for value because it is a drain on business growth, it is a tax on the innovation that companies invest in business.
Finally, Cigref observes that commercial practices considered illegitimate by customers in the digital services market are increasingly being watched by the public authorities of European States, which are responsible for ensuring healthy and fair competition, particularly with regard to service platforms and Big Tech. Without necessarily being illegal, these practices, which Cigref has been denouncing for years, are damaging the performance of user organisations, their profitability and therefore our economy. Users want to put an end to the provider revenue recognition model based on permanent growth. CIOs see it as their collective responsibility to re-examine the value of the offer and its model and to obtain the promise of a “real” pay-per-use cloud.
Cybersecurity: getting responsibility shared
Business adoption of extended and virtual work environment solutions has surged with the widespread adoption of remote working. This adoption has exposed companies to cyberattacks and they have responded urgently. The number of ransom attacks has increased tenfold in recent months. These attacks are due to the acceleration of the adoption of digital usages in companies and the professionalization of cyberattackers, but also to intrinsic flaws in products, which require a large volume of patches.
Cigref therefore calls on software and SaaS publishers to take responsibility and share the economic risk with their customers. It is abnormal that Software License Agreements (SLAs) are capped and that the amount of compensation does not reflect the criticality of the services provided or the potential extent of the damage.
Cigref pointed out too that application maintenance remained the non-negotiable element during the crisis, whatever the economic situation of customers. However, many companies consider it an aberration that they have to take out insurance from the first year to cover software design flaws. They consider that security patches on native flaws should be included in the license or subscription contract.
Finally, the President of Cigref called on the digital service and consultancy companies to provide more assistance to companies on cybersecurity in order to improve the companies maturity and better prepare them for cyberattacks.
Digital Sovereignty: towards a European Trusted Cloud
The Covid-19 crisis has not only accelerated the migration to the cloud through the adoption of collaborative tools and online videoconferencing, it has also drawn the attention of political representatives and public opinion to the issues of sovereignty, security and trust in the field of digital services. More than ever, the dependence of European companies on American (and increasingly Chinese) clouds is at the heart of all debates. This is no longer a subject reserved for experts, especially since the tracing of Covid-19 contact cases has also revived the question of data hosting and sovereignty in public opinion. Examples of strategic partnerships with non-European hosting providers are multiplying. It is abnormal that European companies have no other alternatives than GAFAM and BATX.
The challenge of creating a Trusted Cloud, which respects European values in terms of transparency and data protection, is a major one: the political games played by States are beginning to have a major influence on the technological choices made by companies. The window of opportunity is shrinking. European organisations must be in control of their technological future and limit the risk of being the plaything of geopolitical struggles. The deterioration in Sino-American relations illustrated by the “Huawei ban” makes black scenarios more tangible, such as the cessation of state-ordered services in certain areas and the dependence of the European economy on these services.
It is therefore as vital as it is urgent for Europe to take its digital destiny back into its own hands. The Digital Services Act is the first step in this direction. It is intended to update the e-Commerce Directive of 2000 and provide a better framework for the Big Tech, as well as the Commission’s thinking on a new tool to regulate competition in the digital services market.
Cigref and the other European associations representing the voice of digital services users are attentive to this work and are cooperating to provide input to the Commission. This cooperation is essential given the complexity of the issues and the major IT providers’ power, who have resources that are not commensurate with those of the user companies and have set up structured representative bodies present in Brussels.