Cloud Planning

A Cloud Vendor Lock-In Planning Checklist


One of our most popular articles is about cloud vendor lock-in. The lock-in problem is simple. An organization uses and becomes dependent on the tools, technologies, processes, and services of a specific vendor. If you wish to change vendors, or you need to change vendors, you have to replace those tools, technologies, processes, and services you've become so dependent on. You also have to retrain your people to use the new systems, tools, and processes. It's a costly and time-consuming proposition.

We wrote an article earlier that explains why it's inevitable, and how you can mitigate it, but people have asked us for something more, a simple reference, a checklist. So we've made one. In this article, we'll give you a checklist to plan for cloud vendor lock-in and make getting out easier. The best time to mitigate vendor lock-in is plan to for it when you adopt any cloud service. If you haven’t been doing that, you should evaluate your existing services as soon as possible and start developing a plan to mitigate vendor lock-in. This article tells you what to look for. 

Cloud Vendor Lock-In Planning Checklist

For all your exsiting cloud service, and any new services you adopt review the following:

  • Technology availability. Are the technologies such as OS, databases, and programming languages available from other providers in case you need to switch?
  • Technology versions. Are the same versions and features of technologies available from other providers?
  • Technology replacement. How would you replace those technologies or features in the event you switched providers?
  • Replacement time and costs. What would be the time and costs to replace those technologies and features? Calculate these costs and budget for them.
  • Integrations in use. What integrations are you or will you use with your services?
  • Proprietary services and integrations. Are you currently using or do you plan to use any services, integrations, or APIs that are proprietary or available from other vendors?
  • Proprietary service replacement costs. What would be the cost of replacing or rewriting the services, integrations, or APIs in the event of a provider change?
  • Third party or Open Source options. Are there commercially available third party or open source options that could be used in place of proprietary services, integrations or APIs in the event of a cloud vendor switch?
  • Size of data migration. How much data would have to be moved from the current provider to a new provider?
  • Data migration plan. How would you migrate the data to a new provider?
  • Data migration costs. What would be the costs of moving the data off of the current vendor?
  • Data migration time. How long would it take to move the data?
  • Data migration services. Does your current vendor, new vendor, or a third party offer data migration services that can make migration easier?
  • Data migration impact on IT. Given your analysis of the time, and expense of data migration, what are the impacts to business? For example:
    • `Would data or services need to be moved piecemeal in order to reduce migration times?
    • How much additional administrative time and costs would be necessary during the migration period?
  • Data migration impact on business. Given your analysis of the time, and expense of data migration, what are the impacts to business? For example: 
    • Would clients, employees, and partners have to change access credentials or access paths during or after migration, or could services be moved transparently?

Remember, vendor-neutral IT training like CloudMaster cloud computing classes can educate staff on vendor lock-in issues, and provide hands-on with cross-platform tools and services like RightScale that can help alleviate the issues of cloud vendor lock-in. See our class schedule for more details. 





The Missing Cloud Skills: Getting Cloud Project Approved [SlideShare]

Success or failure of a cloud computing project, be it a simple SaaS implementation, or a complex legacy application migration, or anything in between will hinge on the technical knowledge, skills, and training of your IT staff. What many CIOs and aspiring cloud project managers don't realize is that winning approval to start a cloud project can be one of the most difficult aspects of the project. Further complicating this is the fact that technical knowledge is not the most valuable asset in overcoming this cloud challenge. How you present the project, how you sell it, is the secret sauce for getting cloud projects approved. We wrote a full blog post on this topic that you can find here. It's been so popular; we also decided to make a companion SlideShare. In it, we quickly break down the issues, show you how sales and presentation skills help, and give you strategies to start honing those skills so that you can get approval for your next cloud project. Enjoy!






CarverTC provides IT training including CloudMASTER cloud computing classes in the Portland Oregon area, and across North America. Get 5% off your first CloudMASTER class or 10% off a class for three attendees!

The Top 5 Cloud Computing Barriers and How to Overcome Them [EBook]


Because we offer both cloud computing implementation consulting and cloud computing training, we have a lot of discussions about how to prepare to migrate to the cloud, or expand the use of cloud services. While each organization, and each case is unique, five issues almost always come up. Three concerns are brought up by our students or clients, cloud security, cloud compliance, and vendor lock in. Another barrier, internal resistance, is brought up our clients, if they've seen it, or us if our client isn't aware if it. The fifth issue, the need to sell your plan in order to get cloud projects approved, is something we always have tell our clients about. These issues are so common we've created a series of blog posts on them, but, last week, we took it a step further. We published a free, 48 page ebook that serves as a step-by-step guide to cloud computing requirements planning. In this article, we'll tell you what's in it, and how you can use it to plan for cloud adoption, migration, or cloud service expansion. 

The Ebook

Before we get too far along, you can get your free copy of the ebook, The Top 5 Cloud Computing Barriers and How to Overcome Them by clicking here.

Extras that Go Beyond Our Blog

While our blog posts are designed to explain these issues and options organizations have for dealing with then, this ebook goes much further by both providing cloud planning resources, and by providing more insights on how to address concerns and mitigate risks. This ebook contains:

  • Coverage for the five most common cloud barriers: security, compliance, vendor lock in, internal resistance, and getting cloud projects approved, in one place.
  • Concise explanations of the concerns and or risks involved.
  • Context, when needed, to explain why issues arise, and when you need to be concerned about them.
  • Planning checklists to help you identify these issues in your cloud project, and tips for how to address or mitigate the issues or associated risks.
  • Training resources that both you and your staff can use to address these concerns and overcome these barriers. 

How You Can Use This Resource

This resource is great for any CIO, IT manager, or cloud project manager that has any new project. If you're just thinking about going to the cloud, it will help you understand which issues to be aware of when assessing project requirements, and steps you can take to minimize risks. If you are already in the cloud, and are looking at multiple vendors, considering adding services, or must address changing IT security or compliance needs, this ebook will help you know which questions to ask, and how to compare cloud service vendors. 

You can never be too prepared, and this ebook is a great resource to help you plan your next cloud project. Check it out!




CarverTC offers cloud computing consulting and CloudMASTER cloud computing classes in the Portland Oregon area and across North America. 

Failing to Identify Cloud Computing Requirements Will Cost You


Chris Doig, CEO of Wayferry Managment, wrote an excellent article for CIO that discussed five issues related to inadequate requirements identification when selecting enterprise software that can wreak havoc on an organization. The article inspired me because those same five requirements issues apply to cloud computing projects. In this article I'll look at each of the issues, and explain how failing to identify or address cloud computing requirements can cause serious and costly problems for your organization. I'll also give you some tools and strategies for avoiding these problems. 

One quote from Chris' article applies directly to cloud computing projects:

"Requirements are to <cloud projects> as foundations are to a building. Get them wrong or leave things out and there always will be problems."

1) Inadequate Functionality

When talking about functionality in software, most IT professionals think about what the software needs to do. Of course, if software doesn't do everything is needs to, people can't do their jobs. Although its often difficult to identify all requirements for software, the problem is obvious. When planning cloud projects, the problem is not always so obvious. Requirements identification is difficult and time consuming. It can be tempting to do less than exhaustive requirements planning, especially around legacy applications, or integrated applications and services. Especially if services are well known. Two big name brand cloud services will always work together right? 

Integrating cloud services with on-premises systems, or other cloud applications can be as simple as clicking a button and adding some organization specific information or credentials. It can also be as difficult as writing a custom interface, essentially an entire new software application, to make two systems work. The difference between the two can be days versus months of implementation time, and tens or hundreds of thousands of dollars when you factor in development costs and lost productivity. You also have to remember that application integration is nuanced. How two applications work together, things like when data from one is visible in the other, and how access is granted between the two, may be just as important in terms of process and business capabilities as getting the different applications to communicate. Failure to properly identify if integrations exist, how they are implemented, their depth, and business process requirements can be costly and time consuming.

2) Discovering New Requirements During Implementation

As with software implementations, if you fail to identify all requirements ahead of implementing a cloud project, that failure will come to light during implementation. Cloud project teams will have to discuss the new requirements and find a way to address them. As Chris said in his article, "these meetings take time to organize; they consume time, and they slow down decision-making. This exerts pressure on implementation project deadlines."

Cloud projects are also susceptible to a particular type of new requirements, mobile access. The cloud is known to be always on, always available, and mobile friendly. If it's in the cloud, I can get it from my mobile device. One benefit many organizations hope to achieve by moving to the cloud is to make applications and systems accessible from mobile devices. This may be just to address how employees and clients access systems, or may be part of a larger Bring Your Own Device (BYOD) initiative. The problem is, that mobile access is dependent on the application, not on where is lives. Your five year old application that isn't mobile friendly today running on-premises will not be mobile friendly tomorrow running in the cloud. A web-based app may become more mobile friendly, but, depending on the app and how web pages are laid out, the mobile version might be an unusable mess. Applications generally need to be rewritten to some extent to become mobile friendly.

3) Implementing New Requirements During Implementation

To paraphrase Chris's article, if you decide to implement new requirements, your implementation workload increases. Many organizations have to perform trial and error resolution steps to resolve the issue which may mean exploring new software configurations, writing small (or large) amounts of custom code, purchasing additional services, or buying third party software. This is the same for cloud projects as it is for software projects. Finding a lot of new requirements, or even one time consuming one can cause project delays and cost overruns.

4) Business Disruption

If cloud systems are inaccessible, work differently than expected, integrations don't work, or data is not accessible, then business processes will be disrupted. Employees, partners, and clients may not be able to access required information. Performing routine job tasks may take longer. These issues can cost you money, clients, and even brand reputation. 

5) Unmet Expectations

As Chris stated in his article. When problems are identified due to missed requirements, IT staff and users must "scramble to resolve the problems. Typically, this takes the form of ad-hoc business process reengineering and it imposes significant extra work on employees" and IT staff. This may get cloud project managers fired. It may sour senior leadership on further cloud projects, and it may even stop cloud implementations while only partially complete. 

But there's another issue. As we discussed in a previous article, you often have to sell senior leadership on cloud projects before getting the green light. There is often internal resistance to cloud adoption, so others in your organization might be more than happy to point out missing requirements during your presentation.  If senior leadership discovers that you haven't properly identified requirements, your cloud project might be stopped before it ever starts. 

Strategies for Ensuring Discovery and Planning for Cloud Project Requirements

Requirements discovery is a long and often complex process. It's also something that must be done right. One of the first steps you can take when considering a cloud project is to assemble a team that has members who are familiar with systems, applications, and business processes. These people will bring their expertise to the table, and allow you to perform a better discovery, faster. They can also often identify people within departments who can shed light on obscure business processes and requirements. Another key is preparation through training. 

The CloudMASTER cloud computing classes delivered by CarverTC cover requirements planning in depth. The Cloud Technologies course discusses application requirement planning, and migration requirement planning and has an activity devoted to planning and executing a migration to cloud software. The Cloud Architecture course devotes an entire lesson to assembling a strong cloud project team, including identifying key roles in the organization and on the team. It also goes into detail about how to use best practice documentation processes, leverage internal resources, and use third party tools to aid in discovery of requirements. Beyond that, the Cloud Architect has you identify and document requirements in each lesson, essentially letting you do a "dry run" of your cloud project plan and presentation. This allows you to get feedback from both the instructor and other students on your plan, and your requirements identification. From this you'll gain invaluable insights and experience you can bring back to your organization and apply to your real cloud project plan! If you choose to get certified, the CloudMASTER cloud computing certification will provide proof that you know how to plan a cloud project to avoid the pitfalls poor requirements identification. 




CarverTC provides CloudMASTER cloud computing classes and certification prep in the Portland Oregon area and across North America. 


Preparation is the Key to the Challenge of Cloud Data Visibility


In a recent article in CIO, Maria Korolov reviewed the results of a survey from IDG. In that survey, it was no surprise that cloud security stood out as one of the major concerns of CIOs. What might surprise some people however, was the growing concern amongst CIOs, IT managers, and Compliance Officers about data visibility in the cloud. Simply put, with highly distributed and redundant architecture, you don't always know where your data is, especially as it moves around a cloud provider's infrastructure. This can be very problematic in scenarios with sensitive, or regulated data where compliance audits happen regularly. In this article, we'll look at the issue, and tell you what you can do right now, to help mitigate the problem.

The Data Visibility Issue

In the article, David Rubal, chief technologist for data and analytics at Herndon, Vir.-based DLT Solutions, stated the problem:

"In a cloud computing environment, data is stored in logical pools, the physical storage spans multiple servers and often locations. "With this model, it is very difficult for a cloud provider to pinpoint exactly where any portion of customer data is stored."

The issue here is when you're dealing with regulated data, you will be periodically audited for compliance. You have to respond to those audits and provide the information obligated to auditors about the regulated data. Since you no longer control that data or store it on-premises, you have to rely on your cloud service vendor to provide accurate, verifiable information about your data. Remember, compliance involves access of all sorts, electronic and physical. You might need to answer questions like:

  • Is the data in one data center or more that one?
  • Who has electronic and physical access to those data centers?
  • Does (or has) the data move across national boarders, where access laws and regulations might be different?

This is an important issue for organizations that must maintain compliance. If an auditor finds a problem with your data, it's on you to pay the fines and fix the problem. You can blame your cloud service vendor, but the fines are still yours to pay, and the regulating agency will put the onus on you to fix the problem.

Better Tools and Visibility are Are Needed

As stated in the article, there is a growing ecosystem of third party tools designed to provider visibility, security, and monitoring. There is also is a growing awareness on the part of cloud service providers, including major players like Amazon, Microsoft, and Box, that they need to make visibility in their solutions better.  However, as Richard Cassidy, technical director at Houston-based Alert Logic, Inc. is quoted as stated in the the article, "Vendors aren't required to share proprietary security information, and many will often provide details only to their largest customers."  It's also important to note that any new tools, and plans to increase data or infrastructure visibility won't help you if you're audited today. 

Other Options

There are of course other options to help you maintain compliance and achieve at least some of the benefits of cloud computing. First, a hybrid cloud may be an option for keeping sensitive data on-premises. Hybrid cloud solutions are popular because, as this Forbes article explains, it gives organizations choices and the flexibility to put infrastructure and data where it makes the most sense. Of course, those benefits have to be compared to potential downsides of keeping infrastructure on-premises, including the loss of rapid provisioning, rapid elasticity, and cloud provider support. 

Another option is private cloud. Private cloud implementations, at least according to some reports, are growing in popularity with certain types of enterprises. The major downside is the expense, both in hardware, and expertise needed to run private clouds effectively and efficiently. After all, if you implement a private cloud, you're in the cloud computing business along with whatever else you're doing. For some enterprises, especially large enterprises in certain regulatory environments, private clouds are the best choice. For smaller businesses and many other types of large enterprises, private cloud offers many challenges. Also, many industry experts question whether private clouds will be able to keep up with the innovation you'll see in public clouds. 

Key Takeaway: Compare and Evaluate Cloud Providers and Deployment Models

The key takeaway for us from this article, was the following quote:

"46 percent of the survey respondents said that they need to ensure that cloud service providers’ security meets their compliance requirements before moving ahead with deployments."

We couldn't agree more. You have to evaluate cloud service provider service level agreements (SLAs), and ask questions before you select a provider. You can only count on support, access, and visibility that you get in writing from your provider. Obviously we're biased because we offer cloud computing training. But, as the authors of these courses, we can tell you they were written to address just these types of issues. The CloudMASTER cloud computing classes and certifications not only cover compliance and audit issues in-depth across multiple lessons, the classes go beyond that, teaching critical cloud provider comparison and evaluation skills. Since CloudMASTER is vendor neutral, students review, compare, and discuss SLA provisions from different providers and are taught to consider vendor provisions through the lens of their corporate requirements rather than "industry norms." There's even a  a list of recommended compliance and audit related questions you should ask of any cloud provider you're considering. In addition, third party monitoring tools are covered at length, giving students hands-on experience with tools like Rightscale and other monitoring and management solutions that might be invaluable during an audit. Combine all of that with the deep coverage of public, private, and hybrid cloud implementations offered in the courses, students will leave CloudMASTER training well prepared to evaluate cloud service providers, and implementation options to find the best solution to meet your organizations requirements. 


The article makes it very clear. Cloud data visibility is a major concern for CIOs and IT managers. Cloud providers are trying to open up visibility to their proprietary infrastructure, and third parties are swarming to fill the gaps. But that's not enough if you have to be compliant today and tomorrow. It's on you to be compliant, and respond to audits. Your best preparation is to train your people well. Train them to think critically and evaluate providers, their SLAs, compare service offerings, and third party tools to give your organization the visibility it needs to be compliant every day.

Over to You

If you have tools you use, or processes in place to help your organization have visibility into your data that's stored in the cloud, let me know in the comments. 




CloudMASTER cloud computing class curriculum was authored by principals at CarverTC in conjunction with the cloud experts at the National Cloud Technologists Association and are distributed exclusively through our partnerLogical Operations