One of the key worries involved in a multi-cloud strategy is the fear of vendor lock-in. “Vendor lock-in” means that a customer is dependent on a particular vendor for products and services, and unable to use another vendor without substantial switching costs or operational impact. The vendor lock-in problem in cloud computing is the situation where customers are dependent (i.e. locked-in) on a single cloud service provider (CSP) technology implementation and cannot easily move to a different vendor without substantial costs or technical incompatibilities.
This is a major headache for organisations. According to a February 2019 survey from Fujitsu, nearly 80 per cent of respondents worry about the risk of vendor lock-in. The survey also found that sourcing flexibility, which helps avoid vendor lock-in, has become a major element of hybrid IT adoption. It is rated as “business critical” or of “high importance” by over 80 per cent of those surveyed.
And this is not just a recent trend. A July 2018 article from Network World warns that:
“With more enterprises adopting multi-cloud and hybrid cloud computing strategies, it's more important than ever to avoid getting locked into just one cloud provider's tools and technologies. Multi-cloud and hybrid cloud deployments offer many benefits. They include the ability to pick and choose which cloud vendor's add-on services are right for your business, as well as the ability to implement best-of-breed solutions when the time is right. Multi-cloud also adds redundancy and security because all of your proverbial eggs are not in one basket. Despite the trend toward multi-cloud, however, there are still plenty of ways to find yourself locked in.”
Cleary, this is an issue that is on a lot of people’s minds. But I believe it is a bit overblown. Sure, there are risks. But the risk of vendor lock-in is a bit overhyped for a few reasons that I outline below.
Vendor lock-in: Public cloud vs. traditional infrastructure
Before the cloud, IT was running in dedicated on-premises environments. Of course, this required long-term capital investments and an array of software license commitments and never-ending hardware refresh contracts. Based on that experience, it is understandable that a customer would be concerned about lock-in. Many large IT vendors like Oracle, IBM, HP, and Cisco would “lock” customers into 3-5-10 year Enterprise License Agreements (ELAs) or All You Can Eat (AYCE) hardware and software license agreements, promising huge discounts and greater buying power – but only for their products, of course. I used to sell these multi-year contracts. There is a common ground for sure, as the customer was locked-in to the vendor for years. But that was then, and this is now. Is vendor lock-in really a concern for public cloud users?
Isn’t the point of cloud to provide organisations the agility to quicken innovation and save costs by rapidly scaling their infrastructure up and down? I mean, I get it – your servers, data, networking, user management, and much more are in the hands of one company, so the dependence on your CSP is huge. And if something goes wrong, it can be very detrimental to your business – your IT is in the cloud, and if you’re like me, your entire business is developed, built and run in the cloud. Most likely, some or all of your organisation’s IT infrastructure where you are developing, building and running applications to power your business and generate revenue, is now off-premise, in the cloud. But although “lock-in” sounds scary, you are not stuck in the same way that you were with traditional hardware and software purchases.
Can you really get “locked in” to public cloud?
Let’s talk about the realities of today’s public cloud-based world. Here are a couple of reasons why vendor lock-in isn’t as widespread of a problem as you might think:
- No Long-Term Commitments: Customers can adopt the cloud on their own terms. AWS, Azure, and Google Cloud are designed so customers only use the services when they see value, and they are free to use the technology of their choice. Pay-as-you-go pricing provides customers with the ability to shut down their environment, export their data and virtual machines (VMs), and walk away without ever incurring another expense. Customers are billed monthly without any required long-term commitments or contracts regardless of spend or support tier.
- Customer Choice: Today’s cloud customers have alternatives to proprietary tools with advances in open source software technologies, along with a range of ‘as-a-service’ capabilities that can remake traditional IT — IaaS, PaaS, and even SaaS. A wide range of solutions that support industry standards allow customers to choose what they want to invest in and architect for application portability from the beginning, if they so choose.
- Moving Into and Out of a CSP: Generally speaking, cloud services are built to support both migration into and out of their platforms, and CSPs and the industry at large provide many tools and documented techniques to make it easy to do both. Many cloud service providers offer tools to help move data between networks and technology partners. Customers can securely move information in and out of the cloud regardless of where that information is going: cloud-to-cloud or cloud-to-data centre.
How to mitigate risk with a multi-cloud strategy
Of course, the cloud is not without risk. When I talk to customers and potential customers, the primary vendor lock-in concerns I hear are related to moving to another cloud service provider IF something goes wrong. You hope that this never has to happen, but it’s a possibility. The general risks include:
- Data transfer risk – it is not easy to move your data from CSP to another.
- Application transfer risk – If you build an application on one CSP that leverages many of its offerings, the reconfiguration of this application to run natively on another provider can be an extremely expensive and difficult process
- Infrastructure transfer risk – Every major CSP does things a little bit differently.
- Human knowledge risk – simply put, AWS is not the same as Azure, which is not the same as GCP, and your IT team has likely gained a lot of institutional knowledge about that provider’s tools and configurations.
To minimise the risk of vendor lock-in, your applications should be built or migrated to be as flexible and loosely coupled as possible. Cloud application components should be loosely linked with the application components that interact with them. And, of course, adopt a multi-cloud strategy.
How much should you worry about vendor lock-in?
Many companies are familiar with vendor lock-in from dealing with traditional enterprise companies mentioned above – you begin to use a service only to realise too late what the terms of that relationship bring with them in regard to cost and additional features and services. The same is not entirely true with selecting a cloud service provider like AWS, Azure, or Google Cloud. It’s difficult to avoid some form of dependence as you use the new capabilities and native tools of a given cloud platform. In my company (ParkMyCloud), we use AWS. And we can’t just wake up tomorrow and use Azure or Google Cloud. However, it’s quite possible to set your business up to maintain enough freedom and mitigate risk, so you can feel good about your flexibility.
So, is this a genuine crisis? And just how much should enterprises worry about vendor lock-in with public cloud? In truth, it is not a major problem and enterprises need not worry much.
Jay Chapel, CEO, ParkMyCloud