is google too big to fail?

Pu t t i ng i t tog e t h er

Is Google Too Big to Fail? By Win Treese

Dependence on Google services motivates our common interest in seeing the company survive and thrive.

O

ver the past year, considerable public discussion and media attention has focused on whether certain companies are “too big to fail.” If a particular company would go out of business, are the consequences so great that national governments would be compelled to intervene? The concern is often how the effects will ripple out through an ecosystem of customers, suppliers, competitors, employees, and others participating in the marketplace. These effects are frequently considered a “systemic risk”—the risk of damage to a larger system from the failure of a single part of the system. For example, a bank might be considered too big to fail because such failure would disrupt the operations of thousands of other businesses or millions of consumers. Last fall, the U.S. government decided that insurance company AIG was too big and important to fail, but investment bank Lehman Brothers was not. Some analysts have questioned whether General Motors is too big to fail, but (at press time) it appears that the U.S. government will likely not intervene to save it from having to file for bankruptcy. The technology industry has never really faced this dilemma. Technology companies come and go. Many are

acquired by other companies. Product lines are discontinued. Customers make transitions as needed, sometimes smoothly, sometimes in a scramble as a vendor ceases operations. The failure of a single company would produce ripple effects, of course, but historically the damage to the overall system was limited. Is this situation changing? Have some technology companies become so large and important that they, too, cannot be allowed to fail? How will this affect Google? Imagine that, for some reason, Google finds itself without sufficient cash and credit to continue operations. It seems unlikely, of course, but so did the collapse of Lehman Brothers. As a result, Google goes dark. No search engine, no ad placement, no Gmail. What then? First, of course, we would no longer be able to find things so easily. For many people, and many organizations, the prospect of searching without Google, or managing email without Google, alone might be frightening. Albert Einstein once said, “Never memorize what you can look up in books.” The modern equivalent is “Never memorize anything you can google.” The Google search engine has about 60 percent of the worldwide search market, with

n e t Wo r ke r | Summer 2009 | 11

Pu t t i ng i t tog e t h er

Yahoo! second with around 20 percent. (As an aside, I have always found these numbers curious, because Google’s market share among the people I know seems to be about 100 percent.) At least for a while, our collective ability to find the information we need would be disrupted. I imagine that, directly or indirectly, this disruption would be felt at all levels of most organizations, even up to the level of national economies. Whether President Obama uses Google directly is irrelevant, because his staff certainly does. And surely the blogosphere would feel like it had lost its mind. Second, a significant amount of email would stop flowing, and the email archives of millions of users would no longer be available. Individual and small-scale disruptions of email happen every day. Most of the time, it’s not an overwhelming problem, but it can be quite inconvenient for both senders and receivers. A system outage for a large email provider can become front-page news in The New

12 | Summer 2009 | n e t Wo r ke r

York Times and The Wall Street Journal; a permanent loss of Gmail would be news for days. Third, ads would not be served up on Web pages by Google AdSense. Well, we might not miss that so much. Other Google services (such as documents, calendars, and collaborative sites) would also be unavailable to millions of users worldwide. In terms of broad effect, they are much less significant, though to the affected users the problems would likely be quite serious. Could substitutes take over for the Google services? Of course. For search, we would still have Yahoo!, along with any number of smaller search engines (such as Microsoft LiveSearch and AltaVista) that get much less use today. As long as these sites are able to handle volume far in excess of what they presently manage, we can probably adjust to a new set of idiosyncrasies for the sake of the software that helps us find things. For email, we have Yahoo!, Hotmail, and innumerable other email hosting services, including Inbox.com and FastMail, that few consumers have ever heard of. The problem with losing email

five years? Or 10? Google will undoubtedly continue to introduce new and innovative Internet-based services. Often, they will be intended for use as a primary aspect of business customers’ operations or an integral part of individual’s lives. Also, like any business, Google is constantly working to attract more customers for the services it already provides. If Gmail eventually attracts a billion users, will this infrastructure be too big to fail? If we are already so dependent on email, imagine how dependent we will be in 10 years. Although this scenario is hypothetical, the impact of Google disappearing begins to look significant enough to consider as a matter of public policy. The question is not exclusively about Google, of course. Critical computing infrastructure includes many services we depend on today, as well as many that have yet to be invented. As “cloud computing” becomes more popular and critical to business operations, the market leader (or leaders) may become too important to their customers’ operations for service providers to be allowed to fail. That certainly seems to be their intent, as cloud computing providers argue that they can provide IT services more cost-effectively than in-house IT

Photogr aPh by MyKL roVentine

service isn’t just that we’d have to switch addresses, but the sudden loss of contact lists and archived messages. Moreover, there are many, though less wellknown, services that offer online document collaboration, shared websites, calendars, and maps. So the immediate consequences might be significant but not catastrophic. On the other hand, what about in

pu t t i n g i t tog e t h er operations. This bold claim may indeed be true, and some large companies will manage their risk through outsourcing operations. The potential for large-scale financial risk and business disruption becomes apparent only when we consider the entire system. Suppose the market-share leader for cloud services, like Google in search, grows to control 50 percent of the outsourced-to-the-cloud IT market. If the economics are so much in favor of the cloud, then let’s estimate that 80 percent of core IT operations move to the cloud. If the market leader would suddenly collapse, it would take out the core computing capabilities of 50 percent of the market. Unable to run their IT on their own, these companies—the market leader’s customers—would be unable to operate their businesses. Information technology is that crucial to companies today. This scenario involves many assumptions and may seem farfetched. Yet it seems worth considering from a public-policy point of view, as a problem involving systemic risk. Individually, companies make what we assume are rational decisions about the most cost-effective way to operate and earn a profit. In total, they can create an environment in which the cloud service provider is a single point of failure for the economic system as a whole. Two trends today—computing as a service and shared infrastructure— produce this challenge. In the past, the largest share of the technology market consisted of products sold to companies (or consumers) who operated the systems themselves. When companies outsourced IT operations, the computing hardware, software, and other infrastructure were dedicated to a particular

customer. In systemic terms there is little difference, and the failure of a service provider, even a large one, could be managed. Shared infrastructure changes this equation. No longer are the assets identifiable; if the whole stops operating, the components cease to operate by themselves. Moreover, in outsourcing their computing operations, companies also outsource some amount of their data storage. As in the example of Gmail disappearing, losing the data, even for a short time, can be incredibly disruptive to companies, to individuals, and even to governments. Ironically, this scenario may be the inevitable result of the dream of “utility computing.” For years, a common vision has been to have computing resources

major events most closely related to the issue of being “too big” were probably the antitrust cases against IBM in the 1970s and Microsoft beginning in the 1990s. In both (regardless of your opinion of the merits), the question was about whether the companies were abusing a monopoly position in the marketplace. In terms of thinking about systemic risk in the technology industry, these cases are not especially instructive. Neither is how the U.S. Department of Justice managed the 1984 breakup of AT&T, which at the time was a regulated monopoly. It would certainly be inconvenient, or worse, for most of us if Google were to disappear, and it would probably be quite a while before we felt like the

No search engine, no ad placement, no GMail. What then? available as ubiquitously as electricity and running water, with the same simple model of metered “pay as you go” pricing. Indeed, this brings into focus what we think of as a public utility; some regulation goes with it, precisely because the utility is part of our critical infrastructure. Electricity, water, roads, and telecommunications are all shared critical infrastructure, and (in the U.S., at least) they operate with some level of mandatory government involvement and regulation. In large part, the regulation exists for precisely the same reasons we are talking about Google: The risk of not having the services provided by the utility is too great to ignore. As a matter of public policy and government intervention, the two

Internet infrastructure was as useful and productive as it is today. As companies and individuals move more of their computing and data to shared services, as useful as they are, we should be thinking about the systemic risk inherent in the move. Individually, the changes to outsourced services may represent low risk. Taken together, they could represent a very large risk to the overall economy.  Win Treese ([email protected]) is director of advanced technology at SiCortex, Inc., and co-author of Designing Systems for

Internet Commerce.

DOI: 10.1145/1540392.1540396 © 2009 ACM 1091-3556/09/0600 $10.00

n e t Wo r ke r | Summer 2009 | 13