Towards Global Multi-Cloud Strategies: Insights into AWS and Alibaba Cloud Synergy
Pith reviewed 2026-06-26 13:01 UTC · model grok-4.3
The pith
A case study of IoT workload migration identifies technical trade-offs between AWS and Alibaba Cloud for multi-cloud use.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
By comparing AWS and Alibaba Cloud and migrating an IoT workload with both native and open-source IaC tools, the analysis reveals key technical trade-offs and best practices for secure multi-cloud deployments.
What carries the argument
Exploratory case study on migrating Internet of Things workloads between the two clouds using Infrastructure-as-Code tools.
Load-bearing premise
That the results from the specific IoT workload migration case study are representative of general workload migration challenges between AWS and Alibaba Cloud.
What would settle it
A replication study using a non-IoT workload, like a machine learning training pipeline, that finds substantially different migration issues and no overlap in best practices.
Figures
read the original abstract
Multi-cloud strategies are increasingly adopted by modern enterprises to improve agility and resilience and to reduce vendor lock-in. Integrating workloads across providers, such as Amazon Web Services (AWS) and Alibaba Cloud, remains challenging due to interoperability and migration issues. This paper presents a comparative analysis of AWS and Alibaba Cloud, focusing on architectural, service, and policy differences affecting workload migration. Using both provider-native and open source Infrastructure-as-Code tools, we conduct an exploratory case study about the migration of Internet of Things (IoT) workloads. The results highlight key technical trade-offs and best practices for secure multi-cloud deployments, offering guidance for organizations pursuing AWS and Alibaba Cloud interoperability.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The manuscript claims that a comparative analysis of architectural, service, and policy differences between AWS and Alibaba Cloud, together with an exploratory case study migrating IoT workloads using both provider-native and open-source IaC tools, identifies key technical trade-offs and best practices for secure multi-cloud deployments and interoperability.
Significance. If the case-study findings prove generalizable, the work could supply concrete guidance for organizations seeking to reduce vendor lock-in via AWS-Alibaba multi-cloud setups, an area of growing practical interest in distributed systems. The dual use of native and open-source IaC tools is a methodological strength that could be leveraged more explicitly.
major comments (1)
- [Case Study (as described in Abstract)] The central claim—that the IoT migration case study yields key technical trade-offs and best practices applicable to general AWS-Alibaba interoperability—rests on the assumption that IoT-specific observations reflect provider-inherent differences. IoT workloads center on device connectivity, event streaming, and edge integration; these may not exercise core differences in compute (EC2 vs. ECS), storage (S3 vs. OSS), networking, or IAM/policy models that dominate other workloads. Without additional evidence or qualification that the observed trade-offs are not workload-dependent, the guidance offered to organizations is not supported.
minor comments (1)
- [Abstract] The abstract would benefit from naming one or two concrete trade-offs identified, rather than stating only that they are 'highlighted.'
Simulated Author's Rebuttal
We thank the referee for the constructive feedback. The comment on the scope of the case study is well-taken, and we address it directly below.
read point-by-point responses
-
Referee: [Case Study (as described in Abstract)] The central claim—that the IoT migration case study yields key technical trade-offs and best practices applicable to general AWS-Alibaba interoperability—rests on the assumption that IoT-specific observations reflect provider-inherent differences. IoT workloads center on device connectivity, event streaming, and edge integration; these may not exercise core differences in compute (EC2 vs. ECS), storage (S3 vs. OSS), networking, or IAM/policy models that dominate other workloads. Without additional evidence or qualification that the observed trade-offs are not workload-dependent, the guidance offered to organizations is not supported.
Authors: We agree that the IoT focus of the exploratory case study limits the direct applicability of the observed trade-offs to general workloads. The manuscript already frames the work as an exploratory case study rather than a comprehensive benchmark, but the abstract and conclusions do not sufficiently qualify the scope. We will revise the abstract, introduction, results discussion, and conclusion to explicitly state that the identified trade-offs and best practices are derived from IoT workloads involving device connectivity, event streaming, and edge integration. A new limitations subsection will be added to discuss potential workload dependency, note that core differences in compute, storage, and IAM may not have been fully exercised, and recommend future studies on additional workload types to assess generalizability. revision: yes
Circularity Check
No significant circularity; empirical case study is self-contained
full rationale
The paper conducts a comparative analysis and exploratory case study of IoT workload migration between AWS and Alibaba Cloud using IaC tools. No equations, derivations, fitted parameters, or self-citation chains are present. The central claims rest on direct observations from the specific case study rather than any reduction to inputs by construction. This is a standard empirical presentation with no load-bearing steps that qualify as circular under the defined patterns.
Axiom & Free-Parameter Ledger
Reference graph
Works this paper leans on
-
[1]
Amazon and Microsoft stay ahead in global cloud market,
F. Richter, “Amazon and Microsoft stay ahead in global cloud market,” 2025, Accessed: 2025-03-18. [Online]. Available: htt ps://www.statista.com/chart/18819/worldwide-market-share-o f-leading-cloud-infrastructure-service-providers/
2025
-
[2]
Canalys: Global Cloud Infrastructure Spending Rose 22% In Q2 2025,
D. Singh, “Canalys: Global Cloud Infrastructure Spending Rose 22% In Q2 2025,” 2025, Accessed: 2025-09-11. [Online]. Available: https://channelpostmea.com/2025/09/11/canalys-glo bal-cloud-infrastructure-spending-rose-22-in-q2-2025/
2025
-
[3]
Compliance and regulatory challenges in cloud computing: A sector-wise analysis,
D. Seth, M. Najana, and P. Ranjan, “Compliance and regulatory challenges in cloud computing: A sector-wise analysis,”Inter- national Journal of Global Innovations and Solutions (IJGIS), vol. 3, Jun. 2024, https://ijgis.pubpub.org/pub/n5sgt1c7.DOI: 10.21428/e90189c8.68b5dea5
-
[4]
J. Alonso et al., “Understanding the challenges and novel architectural models of multi -cloud native applications – a systematic literature review,”Journal of Cloud Computing, vol. 12, p. 6, Jan. 2023.DOI: 10.1186/s13677-022-00367-6
-
[5]
Exploring cost-efficient bundling in a multi-cloud environment,
G. Chatzithanasis, E. Filiopoulou, C. Michalakelis, and M. Nikolaidou, “Exploring cost-efficient bundling in a multi-cloud environment,”Simulation Modelling Practice and Theory, vol. 111, p. 102 338, May 2021.DOI: 10.1016/j.simpat.2 021.102338
-
[6]
Multi -cloud: Expectations and current approaches,
D. Petcu, “Multi -cloud: Expectations and current approaches,” inProceedings of the 2013 International Workshop on Multi - Cloud Applications and Federated Clouds, ser. MultiCloud ’13, Prague, Czech Republic: Association for Computing Machinery, 2013, pp. 1–6.DOI: 10.1145/2462326.2462328
-
[7]
The cloud interoperability challenge,
R. Ranjan, “The cloud interoperability challenge,”IEEE Cloud Computing, vol. 1, no. 2, pp. 20–24, 2014.DOI: 10 . 1109 /MCC.2014.41
2014
-
[8]
Multi -cloud resource management: Cloud service interfacing,
V . Munteanu, C. Sandru, and D. Petcu, “Multi -cloud resource management: Cloud service interfacing,”Journal of Cloud Computing: Advances, Systems and Applications, vol. 3, p. 3, Dec. 2014.DOI: 10.1186/2192-113X-3-3
-
[9]
CloudCmp: Comparing public cloud providers,
A. Li, X. Yang, S. Kandula, and M. Zhang, “CloudCmp: Comparing public cloud providers,” inProceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, ser. IMC ’10, Melbourne, Australia: Association for Computing Machinery, 2010, pp. 1–14.DOI: 10.1145/1879141.1879143
-
[10]
Cloud computing: Comparison and analysis of cloud service providers – AWS, Microsoft and Google,
M. Saraswat and R. Tripathi, “Cloud computing: Comparison and analysis of cloud service providers – AWS, Microsoft and Google,” in2020 9th International Conference System Modeling and Advancement in Research Trends (SMART), 2020, pp. 281–285.DOI: 10.1109/SMART50582.2020.9337100
-
[11]
Parameters for compar- ing cloud service providers: A comprehensive analysis,
V . V . Rajendran and S. Swamynathan, “Parameters for compar- ing cloud service providers: A comprehensive analysis,” in2016 International Conference on Communication and Electronics Systems (ICCES), 2016, pp. 1–5.DOI: 10.1109/CESYS.2016.7 889826
-
[12]
Exploring vendor capabilities in the cloud environment: A case study of Alibaba cloud computing,
G. Zhang and M. Ravishankar, “Exploring vendor capabilities in the cloud environment: A case study of Alibaba cloud computing,”Inf. Manage., vol. 56, no. 3, pp. 343–355, Apr. 2019.DOI: 10.1016/j.im.2018.07.008
-
[13]
Mulder,Multi-Cloud Administration Guide: Manage and Optimize Cloud Resources Across Azure, AWS, GCP, and Alibaba Cloud
J. Mulder,Multi-Cloud Administration Guide: Manage and Optimize Cloud Resources Across Azure, AWS, GCP, and Alibaba Cloud. De Gruyter, 2024,ISBN: 9781501519482
2024
-
[14]
Comparison of cloud-computing providers for deployment of object-detection deep learning models,
P. Rajendran, S. Maloo, R. Mitra, A. Chanchal, and R. Aburukba, “Comparison of cloud-computing providers for deployment of object-detection deep learning models,”Applied Sciences, vol. 13, p. 12 577, Nov. 2023.DOI: 10.3390/app132 312577
-
[15]
A comparative analysis of cloud migration strategies for enterprise systems architecture,
M. Hussain, “A comparative analysis of cloud migration strategies for enterprise systems architecture,”World Journal of Advanced Engineering Technology and Sciences, vol. 15, pp. 747–756, May 2025.DOI: 10.30574/wjaets.2025.15.2.0622
-
[16]
Exploring infrastructure as code using Terraform in multi-cloud deployments,
R. Kyadasu, “Exploring infrastructure as code using Terraform in multi-cloud deployments,”SSRN Electronic Journal, Jan. 2025.DOI: 10.2139/ssrn.5075647
-
[17]
Enterprise SaaS workloads on new -generation Infrastructure-as-Code (IaC) on multi-cloud platforms,
S. Achar, “Enterprise SaaS workloads on new -generation Infrastructure-as-Code (IaC) on multi-cloud platforms,”Global Disclosure of Economics and Business, vol. 10, pp. 55–74, Jul. 2021.DOI: 10.18034/gdeb.v10i2.652
-
[18]
Supporting multi-cloud in serverless computing,
H. Zhao, Z. Benomar, T. Pfandzelter, and N. Georgantas, “Supporting multi-cloud in serverless computing,” in2022 IEEE/ACM 15th International Conference on Utility and Cloud Computing (UCC), 2022, pp. 285–290.DOI: 10.1109/UCC564 03.2022.00051
-
[19]
V . Yussupov, U. Breitenbücher, F. Leymann, and C. Müller, “Facing the unplanned migration of serverless applications: A study on portability problems, solutions, and dead ends,” Dec. 2019, pp. 273–283.DOI: 10.1145/3344341.3368813
-
[20]
AWS Infrastructure,
Amazon, “AWS Infrastructure,” 2025, Accessed: 2025-05-08. [Online]. Available: https://aws.amazon.com/about-aws/global- infrastructure/regions_az/
2025
-
[21]
Alibaba Cloud Infrastructure,
Alibaba, “Alibaba Cloud Infrastructure,” 2025, Accessed: 2025- 05-08. [Online]. Available: https://www.alibabacloud.com/en/g lobal-locations?_p_lc=1#J_5253092060
2025
-
[22]
AWS China,
Amazon, “AWS China,” 2025, Accessed: 2025-05-08. [Online]. Available: https://www.amazonaws.cn/en/about-aws/china/
2025
-
[23]
AWS Documentation,
Amazon, “AWS Documentation,” 2025, Accessed: 2025-03-23. [Online]. Available: https://docs.aws.amazon.com/
2025
-
[24]
Alibaba Cloud documentation,
Alibaba, “Alibaba Cloud documentation,” 2025, Accessed: 2025-03-23. [Online]. Available: https://www.alibabacloud.co m/help/en
2025
-
[25]
Alibaba Cloud Services Migration Guide Service Comparison,
Alibaba, “Alibaba Cloud Services Migration Guide Service Comparison,” Accessed: 2025-08-04. [Online]. Available: http s://www.alibabacloud.com/en/product/product-mapping
2025
-
[26]
AWS S3 API Documentation,
Amazon, “AWS S3 API Documentation,” 2025, Accessed: 2025-05-05. [Online]. Available: https://docs.aws.amazon.com /AmazonS3/latest/API/API_ListObjectVersions.html
2025
-
[27]
Alibaba OSS API Cloud Documentation,
Alibaba, “Alibaba OSS API Cloud Documentation,” 2025, Accessed: 2025-05-05. [Online]. Available: https://www.alibab acloud.com/help/en/oss/developer-reference/listobjectversions ?spm=a2c63.p38356.0.i2#reference-n2s-xy3-fhb
2025
-
[28]
Thingsboard Documentation,
Thingsboard, “Thingsboard Documentation,” Accessed: 2025- 08-04. [Online]. Available: https://thingsboard.io/docs
2025
-
[29]
M. Zizler, “Global Multi-Cloud Strategies: Efficient Utilization of AWS and Alibaba Cloud for Scalable Cloud Applications,” Master’s Thesis, Ostbayerische Technische Hochschule Am- berg-Weiden, Sep. 2025.DOI: 10.5281/zenodo.17400896
-
[30]
General Data Protection Regulation (GDPR), Regulation (EU) 2016/679,
European Union, “General Data Protection Regulation (GDPR), Regulation (EU) 2016/679,” 2016, Official Journal of the European Union, L 119, 4 May 2016
2016
-
[31]
Data Security Law of the People’s Republic of China (DSL),
National People’s Congress of the People’s Republic of China, “Data Security Law of the People’s Republic of China (DSL),” 2021, adopted on 10 June 2021, effective from 1 September 2021, translation by DigiChina (Stanford University)
2021
-
[32]
Cybersecurity Law of the People’s Republic of China (CSL),
National People’s Congress of the People’s Republic of China, “Cybersecurity Law of the People’s Republic of China (CSL),” 2017, adopted on 7 November 2016, effective from 1 June 2017, translation by DigiChina (Stanford University)
2017
-
[33]
Multi-Level Protection Scheme 2.0 (MLPS 2.0) – Classified Protection of Cybersecurity,
Ministry of Public Security of the People’s Republic of China, “Multi-Level Protection Scheme 2.0 (MLPS 2.0) – Classified Protection of Cybersecurity,” 2019, adopted on 13 May 2019, effective 1 December 2019, translation not publicly available
2019
-
[34]
Principles for the proper manage- ment and storage of books, records and documents in electronic form and for data access,
Federal Ministry of Finance, “Principles for the proper manage- ment and storage of books, records and documents in electronic form and for data access,” 2019, translation, notice dated 28 November 2019, valid from 1 January 2020
2019
-
[35]
Sarbanes–Oxley Act (SOX),
United States Congress, “Sarbanes–Oxley Act (SOX),” 2002, Public Law 107–204, enacted July 30, 2002
2002
-
[36]
Health Insurance Portability and Accountability Act (HIPAA) of 1996, Security Rule – 45 CFR §164.308(a)(4) Information Access Management,
U.S. Department of Health and Human Services, “Health Insurance Portability and Accountability Act (HIPAA) of 1996, Security Rule – 45 CFR §164.308(a)(4) Information Access Management,” 1996, codified in Title 45 of the Code of Federal Regulations (CFR), Subpart C – Security Standards for the Protection of Electronic Protected Health Information
1996
-
[37]
Cloud Com- puting Compliance Controls Catalogue (C5:2020),
Federal Office for Information Security (BSI), “Cloud Com- puting Compliance Controls Catalogue (C5:2020),” 2020
2020
-
[38]
ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection – Security techniques – Information security man- agement systems – Requirements,
International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), “ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection – Security techniques – Information security man- agement systems – Requirements,” 2022
2022
-
[39]
Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive),
European Parliament and Council of the European Union, “Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive),” 2022, Official Journal of the European Union, L 333, 27 December 2022, pp. 80–152
2022
-
[40]
Act on the Federal Office for Information Security (BSI Act – BSIG),
Federal Republic of Germany, “Act on the Federal Office for Information Security (BSI Act – BSIG),” 2021, translation, as amended by the IT Security Act 2.0 of 28 May 2021
2021
-
[41]
Second Act on increasing the Security of IT Systems (German IT Security Act 2.0),
Federal Republic of Germany, “Second Act on increasing the Security of IT Systems (German IT Security Act 2.0),” 2021, translation, promulgated in the Federal Law Gazette I, No. 25, 27 May 2021, pp. 1086–1103
2021
-
[42]
Clarifying Lawful Overseas Use of Data Act (CLOUD Act), H.R. 4943,
United States Congress, “Clarifying Lawful Overseas Use of Data Act (CLOUD Act), H.R. 4943,” 2018, enacted March 23, 2018, as Division V of the Consolidated Appropriations Act, 2018 (Public Law 115–141)
2018
-
[43]
Gaia-x policy rules document,
Gaia-X European Association for Data and Cloud, “Gaia-x policy rules document,” 2022, Version 22.04, April 2022
2022
-
[44]
Gaia-x trust framework,
Gaia-X European Association for Data and Cloud, “Gaia-x trust framework,” 2022, Version 22.10, October 2022
2022
-
[45]
Personal Information Protection Law of the People’s Republic of China (PIPL),
National People’s Congress Standing Committee, “Personal Information Protection Law of the People’s Republic of China (PIPL),” 2021, adopted on 20 August 2021, effective 1 Novem- ber 2021, translation by DigiChina (Stanford University)
2021
-
[46]
Questions and Answers on Data Outbound Security Management Policy,
Cyberspace Administration of China, “Questions and Answers on Data Outbound Security Management Policy,” Apr. 2025, Accessed: 2025-07-21. [Online]. Available: https://www.cac.g ov.cn/2025-04/09/c_1745906286623776.htm
2025
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.