May 05, 2020  

Should I worry about cloud vendor lock-in?

Should I worry about cloud vendor lock-in?

Many of our clients have bad experiences with vendor lock-in, replacing an underlying technology or software package which forms a core part of your IT estate is fraught with complexity and cost.

Long tie-in contracts and annual license costs that rise year on year with little additional value, mean that a deal which seemed attractive five years ago can quickly become an expensive disadvantage which constrains both your competitiveness and annual budget. It isn’t long before the services you provide are entirely dependent on a single technology vendor and you’re feeling held to ransom.

So it’s no surprise that when moving to cloud and considering their future technology strategy, many companies put “not being tied to a single vendor in the future” high on their list of priorities.

However, the past is not always a good indicator of the future – cloud is a completely different technology and while there are factors you must consider carefully before selecting a vendor, some of the issues encountered with traditional technology solutions are less relevant.

When considering costs, you’re only paying for what you use and so while it’s essential companies monitor their spend carefully and use cloud cost optimisation techniques to stop annual cloud costs spiralling out of control, you will avoid paying for data centre space you’re not using and won’t waste money procuring space to cope with future expansion, you also won’t need to wait for hardware to be delivered, installed and configured.

Interestingly, we’re seeing the cloud spend in most companies rise significantly year on year – teams are unconstrained so tend to spin up new environments rather than re-use existing ones. Few companies are accurately allocating cloud costs to teams based on their usage so why should teams bother restricting their consumption? If they don’t use it then another team will and they’ll still get allocated the same costs in the annual budget either way.

Cloud costs continue to fall, as long as you are committing to a vendor you believe will remain price competitive and will pass future savings to their customers, you are future proofed to a greater extent. The leading cloud vendors also don’t tend to have contractual lock-in periods, you can simply reduce your usage at any time, with no commercial restrictions.

It’s important companies understand the value (and cost savings) cloud vendor native services bring – the goal of a cloud vendor is to make the lives of developers and platform engineers easier, services are highly available, resilient and offer easily configurable security controls such as enabling encryption at rest. If you choose a vendor who is cheaper but provides fewer services you will introduce additional time and complexity for engineers which carries a hidden cost in both delivery time and end product quality, ultimately your engineers will spend less time building new features and more time wrestling with infrastructure and process.

There are considerable advantages to picking a single cloud vendor rather than diversifying across multiple vendors within your organisation:
• close integration of services providing a better user experience
• the ability to reuse common patterns and components across services
• a shared security and monitoring approach backed by mature management tools
• consolidated billing or management across the organisation
Creating a highly available, secure and cost effective platform on a single cloud provider is hard, creating it across many vendors stretches the time and investment in all aspects.

Also, don’t forget there are significant differences between cloud solutions, you’ll need to find engineers who are specialists with each vendor you select. Highly skilled cloud engineers are hard to find for the more popular cloud solutions, it’s difficult to find experienced engineers for some of the less popular cloud solutions and almost impossible to find engineers with deep knowledge and experience across multiple vendors.

From personal experience I know that while it’s absolutely possible to build services which are cloud agnostic, it will take double if not triple the development time, code will be more difficult to maintain and you will lose all of the benefits provided by your cloud vendor of choice (quite often needing to choose suboptimal alternative solutions in order to maintain independence).

The cost of migrating to a new cloud vendor at some point in the future is far less than the cost of building and maintaining cloud agnostic code for multiple years. It’s absolutely possible your cloud vendor will raise prices such that you’re paying more than you would with an alternative, but is the annual cost difference less than the cost and impact of migrating? Typically you’re not locked in by the cloud solution, you’re locked in by the connections you’ve built to other third party systems (who may not be able to change at the same pace your own teams can – how easy will it be to have them change if you want to migrate?).

There is the risk that a cloud vendor data centre could go down, while the leading vendors are constantly adding failure mitigation into their data centres it’s still possible. With AWS you have the option to mandate a specific geographic region (which will have it’s own backup and recovery capability) however it’s also possible to build a failover solution in a different region or availability zone – we recommend this approach for any customers who need to keep their services running 24*7.

There is risk in the fact that AWS currently dominate the cloud industry with circa 50% of companies choosing AWS as their cloud vendor (depending on whose statistics you believe). So what happens if AWS goes out of business or suffers a major security breach?

Clearly cloud service providers are attractive for cybercriminals because if compromised they would hopefully get access to many customers. Take time to understand the security controls cloud service providers have in place and make sure you compare “like for like” as part of your selection process. Of course the reputation and safety of all cloud vendors is critical for their business, you can be sure they are all taking security incredibly seriously, in fact it’s highly likely the security practices of the leading cloud vendors are better than those in your own data centre.

Moving to cloud is not an excuse to lower security standards or assume security is entirely the responsibility of the cloud vendor. It’s unlikely (not impossible) that a cloud vendor could be breached however, it’s your responsibility to ensure your applications and data are effectively secured within the cloud such that if that happened the data in your systems would be safe. Ultimately, it’s more likely your systems would be breached but contingency plans and exit strategies form an important part of any organisations cloud strategy.

Digital Dimensions can explain how to architect secure applications within the cloud, contact us to find out more.

Digital Dimensions recommends choosing a single cloud vendor and not building a vendor agnostic platform however, choosing your preferred cloud vendor is the first step, next you need to build a single platform for your organisation with the appropriate standards and controls to ensure the security and maintainability of your systems is consistent – that’s where we can help. We’ve already created large scale, global cloud platforms for organisations which have helped them control costs, set common standards and security controls and ultimately make better use of cloud technology.

Neil Butler

READ MORE

You might also be interested in these

Being agile outside of I.T.
Feb 17, 2020
BY NEIL BUTLER
Culture

Being agile outside of I.T.

When most organisations talk about ‘being agile’ they really mean ‘making I.T. agile’… few make changes to the way they structure, run and measure progress…

read more
Digital Transformation Leadership – Clarity of direction
Mar 24, 2020
BY Jackie Keane

Digital Transformation Leadership – Clarity of direction

We are living through an era of immense technological change, the opportunity to use digital and cloud technology to transform your services and better engage with customers is huge – those who adapt and are first to market will thrive…

read more