cloud computing security

How to Mitigate the Problems and Costs of Cloud Service Vendor Lock In


Cloud service vendor lock in is an issue that keeps CEOs and CIOs up at night. Vendor in lock (also called supplier or provider lock in) has existed in the IT industry and other industries for a long time. The problem is simple. An organization uses, and becomes dependent on the tools, technologies, processes, and services of a specific vendor. If you wish to change vendors, or you need to change vendors, you have to replace those tools, technologies, processes, and services you've become so dependent on. On top of that you have to retrain your people. It's a costly and time consuming proposition. The prospect is particularly stressful to CEOs and CIOs because it's not an "if," it's a "when."  At some point, you will have to change cloud vendors. That means at some point you will have to deal with cloud vendor lock in. In this article, we'll look at the issues that can arise from cloud vendor lock in, and give you strategies to help you thoughtfully prepare, and mitigate problems that can arise.

Vendor Lock In Isn't a New Issue but the Cloud Adds New Challenges

Being dependent on a single vendor isn't necessarily new to the IT world, as organizations who have built large Microsoft, Sun, or Linux infrastructure environments can attest. However, cloud service vendor lock in brings its own set of issues that are unique to cloud computing environments, and that many organizations aren't prepared for when they arise. These include: 

  • Data migration. Cloud applications and infrastructure tend to be accompanied by a lot of data. What hapAdobeStock_4974492 (Custom).jpegpens if you wish to move it to a different cloud provider? Many providers offer expedited services to move data into their clouds, but offer fewer options for moving data out of their clouds. Moving multiple terabytes of data can be inconvenient at best. At the worst it can be costly, and very time consuming especially if bandwidth for data download is limited. Remember, the data is in a cloud data center, you can't just plug in a high speed direct connection and dump the data to a portable drive (unless the cloud service provider gives you that option). 
  • Proprietary provider services. This is where things can move from inconvenient to complicated. Many cloud service providers offer application services such as messaging, queuing, data access, storage, authentication and more. These services fully integrate with other cloud services provided by the vendor such as redundancy, elasticity, and multi-regional deployment. These are the types of benefits that organizations hope to achieve by moving their applications and infrastructure to the cloud. The problem is, these services and add-ons are often proprietary. If you want to change cloud providers, you're going to need to rewrite the affected portions of your applications, or implement replacement services. That can mean a lot of time and expense rewriting code, redeploying services, and testing both infrastructure, and applications, just to get to the same place with a new cloud service provider, that you're already at with your old cloud service provider.  
  • Technology choices and availability. Another complication is that non-proprietary technologies available from one cloud service provider may not be the same as those offered by others. Many providers offer Microsoft and Linux platforms, but the flavors and add-ons offered may be different. Moreover, databases, and third party integrations may not be the same. This adds additional layers of complexity that must be considered when it comes time to switch cloud service providers. 

No matter how big you are, or what providers you work with, these issues aren't easy to address. See the issues that Spotify ran into when it moved from AWS to Google Cloud.

Why is Cloud Service Vendor Lock In Inevitable?

There are many reasons organizations switch cloud service providers including:

  • To get better pricing.
  • To get access to new or better features, capabilities, or regions.
  • To address new compliance needs or concerns.
  • To get better service.

But the impetus to switch cloud service providers may not come from inside your organization, it may come from outside. Your company might merge with another, or be acquired. After which there may be a desire or need to consolidate cloud service providers.

The need to switch may even be forced on an organization by the current cloud service provider itself. Providers offer a commodity of services, and grow by offering the most popular set of services to their customers. Services, applications, and integrations take time and money to support and maintain. Services that aren't in high demand may be discontinued. If your organization is using a service, application, or integration that is being shut down by a service provider, you're going to have to find a replacement. In that event, the best choice may be to switch to another service provider.

Ultimately, there is one reason why cloud service vendor lock in is unavoidable. Time. Over time it's likely the service provider or your organization will change to such an extent that you will need to seriously consider switching providers. Consider this, does your IT infrastructure look anything like it did 10 years ago? The need to switch cloud service providers is not necessarily inevitable, but it is highly likely. You absolutely need to plan for it. 

Mitigate Vendor Lock in Impact with Planning and Training
Assuming your organization will have to deal with vendor lock in is a good approach, because it forces you to plan and train for it. Planning helps you do the following:

  • Ask the right questions as soon as possible. Including how data can be migrated off of a provider's system, and if there are any exit migration services available. 
  • Mitigate the three primary pain points created by vendor lock in:
    • Expense. Companies that casually adopt cloud services as they grow, and don't train or prepare for vendor lock in are often AdobeStock_120869172 (Custom).jpegblindsided by the costs of migration, development, or consultant fees required to move or consolidate cloud services.
    • Time. If a provider discontinues a service, or regulations force your organization to adopt a level of compliance not supported by your provider, you're suddenly on a cloud service change time line that is not of your creation, and that is not under your control. Proper preparation and monitoring will help ensure that you see changes coming, and have contingencies in place.  
    • Seamless transition. Whether you decide to switch cloud service providers, or have to switch cloud service providers, you want a seamless transition. Your people, your partners, and your customers must have the infrastructure, applications, and tools available to do their jobs. Without that, your business is at risk. 

Honestly, the best time to plan how to mitigate vendor lock in is before you adopt any cloud service, and whenever you add a new cloud service. If you haven’t been doing that, you should evaluate your existing services as soon as possible and start developing a plan to mitigate vendor lock in. It all starts by asking the right questions, comparing and evaluating cloud service provider options. But how?

AdobeStock_104920578 (Custom).jpeg

The best way is training.  Training is what gives your IT staff the information and skills to plan properly, perform those cloud provider comparison and evaluations, and identify the best options, both now and later. Certainly, consulting companies can help with this. We help our clients with these types of evaluations. But technologies, cloud provider services, and organizational needs are always evolving. The vendor lock in mitigation plan that you develop today will be obsolete at some point in the future. It will need to be updated with every cloud service added, and with every change in IT, security, and compliance requirements.  Well trained, in-house staff is the best resource for this. 

The best training to prepare staff to do this, are the CloudMASTER cloud computing classes we offer. The Technologies course has an entire lesson on addressing barriers to cloud adoption including vendor lock in and compliance, and provides hands-on training with tools like Rightscale, a cloud infrastructure management tool, that can be used to manage multiple clouds and move configurations and data seamlessly between cloud providers, blunting the impact of vendor lock in. The Operations course provides hands on experience deploying and managing apps and infrastructure on nearly 20 of the most popular cloud services including AWS, Azure, Rackspace, Chef, Heroku, and Digital Ocean and more. IT staff that take the Operations course will have touched, used, and seen what different cloud providers have to offer. The Architecture course teaches learners to consider things like vendor lock in, security, and compliance from the very start, at the point of initial cloud infrastructure design.

The CloudMASTER classes, and the associated certifications are vendor neutral, and that provides what we believe is the biggest benefit of these classes. They teach students to think critically about cloud services. They teach the skills to perform cloud provider comparison and evaluations. To think about the future, and look for the best solution in a sea of cloud service options.  IT staff that have taken CloudMASTER training are going to be well equipped to prepare any organization to address the challenges of cloud service vendor lock in now, and as the organization, requirements, and cloud services evolve. 

Over to you

I've you've experience vendor lock in related to cloud services, let me know in the comments.