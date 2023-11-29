Once enterprises commit to running business-critical applications in the cloud, they rarely move to another provider. One big reason: they\u2019re often locked into their chosen provider\u2019s ecosystem. The cost of migrating is simply too high, says Sid Nag, VP of cloud services and technology at Gartner. \u201cBut if you do your planning exercise properly, you shouldn\u2019t have to move your applications around,\u201d he says.\n\nPablo Del Giudice, cloudops and cybersecurity studio partner at professional services firm Globant, adds that migration is possible if you position your organization correctly. And he and his team have done so successfully. \u201cThe key is to strategically adopt open platforms and frameworks, relegating the cloud provider to the role of an infrastructure layer,\u201d he says. While this approach has a steeper learning curve, it yields more favorable results in the medium and long term, he adds. \u201cThe key is to bring in a platform-neutral software architect who can delineate business boundaries and create solutions that are less intertwined with a specific vendor.\u201d\n\nJamie Holcombe, CIO at the US Patent and Trademark Office, has a slightly more nuanced take: he wants to keep his options open to move applications between cloud service providers, and conducts market research with all the major ones. But doing this requires planning ahead early on, before moving an application to the cloud the first time.\n\nMinimize lock-in risks\n\nYou need to carefully weigh the tradeoffs when it comes to leveraging each vendor\u2019s cloud-native services. \u201cIf you choose not to use a cloud provider\u2019s native services in order to remain agnostic, you lose many of the \u2018better, cheaper, faster\u2019 business case metrics,\u201d says Holcombe. \u201cThere\u2019s a cost to being agnostic, just as there\u2019s a cost to vendor lock-in.\u201d\n\nDel Giudice breaks down cloud vendor lock-in into three forms. Platform lock-in occurs when you have a complete cloud foundation configuration (resource grouping, policies, RBAC, hybrid connectivity, monitoring, compliance, etc.) that make migration to another platform difficult due to the complexity of recreating all of that on a new platform.\n\nArchitectural lock-in is when the application relies on multiple managed services from the cloud provider. In this case you have to re-architect the application before you can migrate it.\n\nAnd then there\u2019s legal lock-in, where you\u2019ve committed to an enterprise service agreement for a predetermined amount of time. \u201cThese commitments are difficult to terminate and make it difficult to execute a migration,\u201d he says.\n\nSometimes vendor lock-in comes despite the CIO\u2019s best efforts to avoid it. Mergers and acquisition activity often leaves organizations with multi-cloud architectures, says Nag, and while CIOs typically want to consolidate, the cost is often too high to justify. Most of the time, those CIOs decide to keep the multi-cloud model because they\u2019re locked in. \u201cYou\u2019re trapped, big time,\u201d says Nag.\n\nBut organizations may have good reasons to migrate between IaaS providers, despite the obstacles, says Del Giudice. The most common are to obtain a better cost ratio between value and OPEX to take advantage of a competing cloud service provider\u2019s aggressive discount, and to leverage a multi cloud architecture when your organization wants to improve reliability.\n\nPlan ahead for potential future migrations\n\nThe desire, however, to move key applications between cloud providers, what Gartner calls \u201ccloud repatriation,\u201d is usually the result of bad planning, Nag says. He sees this with lift and shift deployments to the cloud, but also when organizations decide to use affordably-priced cloud-native middleware and development tools with the intent of moving the application back to an on-prem private cloud when completed.\n\nHe recommends retaining the services of an MSP or systems integrator to do the planning and ensure you\u2019re choosing the right applications to move to the cloud. \u201cThat\u2019s important because once you\u2019ve moved it, you\u2019re agreeing to be locked into the platform.\u201d\n\nFinancial services company USAA carefully chose which of its four cloud service providers host each of its workloads and regular business applications. \u201cWe aligned the cloud providers with the business or technical services they\u2019re most proficient at,\u201d says SVP and CTO Jeff Calusinski.\n\nThe institution\u2019s multi-cloud strategy is grounded in what he calls its \u201copen by design\u201d principles. \u201cWe use open standards, where they exist, thereby reducing the potential for vendor lock-in,\u201d he says, but admits some native services provide a compelling value proposition that must be weighed against the potential for lock-in.\n\nAlso, open design principles will only take you so far when it comes to lock-in, Nag says, because even when you\u2019re using modern services, the implementation on each platform differs. For example, Amazon\u2019s EC2 substrate does the same thing as Google\u2019s GCP, but an application running on EC2 won\u2019t run on GCP without a lot of expensive rework. And while Kubernetes is an industry standard, implementations of it, such as Azure Communication Services and Google Kubernetes Engine, don\u2019t work identically.\n\n\u201cHowever, some abstraction layers have emerged between cloud providers and applications,\u201d says Del Giudice, and those can simplify migrations even if native cloud provider services are used. \u201cThese services, such as pub\/sub, service invocation, secrets management, state management, and so on, abstract the components of the application no matter the cloud provider.\u201d So the bottom line, he says, is, \u201cYour options remain open, but some activities will still need to be carried out in order to move from one cloud provider to another.\u201d\n\nData requirements is another area that needs careful planning. \u201cMoving an app across clouds is expensive because you also need to move the associated data, and data egress is a very costly exercise,\u201d says Nag.\n\nSo plan for that in advance, adds Holcombe. \u201cDon\u2019t sign with a provider unless you have an agreement so you know how to get your data out and how to replicate those software services elsewhere,\u201d he says.\n\nBut even if having an adequate ETL strategy can ensure you can move data between providers in a structured way and in a usable format, says Del Giudice, those plans are often non-existent. \u201cAlthough cloud service providers emphasize the use of open platforms and data access protocols, which in theory are easy to use, network limitations and security to access these services are often overlooked,\u201d he says.\n\nWhen deciding which cloud-native services to use, sometimes organizations have no choice. Security is a good example. \u201cIf your security needs are high, generic cyber security might not be sufficient,\u201d says Holcombe. The more specific your needs, the more rigid the service gets in terms of vendor lock-in. And companies with data-intensive operations face both storage and bandwidth issues, he says, adding that PaaS and IaaS providers use both as competitive differentiators. \u201cIf you\u2019re trying to leverage high performance with both, that\u2019s sticky,\u201d he says.\n\nHolcombe follows what he calls the \u201cblack spruce\u201d approach to customizations that leverage native services. Just as the black spruce keeps its branches close to its trunk, USPTO keeps its customizations as \u201cskinny\u201d as possible, he says. Not only does that reduce lock-in, but it ensures the organization isn\u2019t saddled with what he calls an overladen and costly versioning path.\n\nCalusinski takes a similar approach. \u201cMost PaaS options have a core capability and a set of ancillary capabilities,\u201d he says. We limit the number of ancillary capabilities and focus on the core.\u201d\n\nThe same goes for SaaS-based applications, Holcombe adds \u2014 a maxim his team followed after moving from Remedy to ServiceNow and Salesforce. \u201cDon\u2019t customize a lot, and be able to change out when you need to,\u201d he says. \u201cWe\u2019re not beholden to them and it\u2019s been a good structural platform. But if it\u2019s overladen with optimizations, you\u2019re stuck.\u201d\n\nThis time, however, Calusinski approaches things differently. \u201cWith SaaS platforms, we adopt as much of the platform as possible because as a business we don't see enough differentiation [in] vendor capabilities, and the probability of change is low.\u201d\n\nHead off potential moving pains\n\nIt\u2019s clear that migrating between cloud providers presents myriad challenges. These include compatibility issues, security concerns, the need for extensive application reconfiguration, and dealing with images based on old operating systems and outdated technology stacks that won\u2019t seamlessly integrate into a new environment. Transferring large amounts of data can also lead to downtime and potential data loss, and ensuring consistent performance and scalability during the transition is crucial. \u201cManaging these challenges requires meticulous planning, thorough testing, and a well-defined rollback strategy,\u201d says Del Giudice.\n\nAlso, key failure points for PaaS migrations include not meeting cost or business expectations, underskilled resources, lack of standardization and security foundations, not leveraging cloud-native features, security and compliance concerns, and not adopting a cloud operating model.\n\nDel Giudice recommends a six-step approach for any organization considering migrating between cloud providers. First, evaluate the subscription model to make sure it aligns with your ROI goals. Adopt a hybrid cloud approach. Use cloud-agnostic solutions wherever possible to keep your future migration options open. When using native cloud services, design your applications with abstraction layers. Invest in data migration planning, testing, and backup strategies to mitigate risks. And review and adjust licensing agreements as needed.\n\nWeigh your options carefully\n\nAlways look at transition costs and data ownership when considering any cloud provider transition, says Calusinski.\n\nAnd when it comes to striking a balance between using native cloud services that increase lock-in versus staying agnostic, there\u2019s no right answer, says Holcombe, only an optimal one for your organization and its mission. The question, he says, is whether the cloud-based application aligns with your organization\u2019s mission and offers the best value for accomplishing that over time. \u201cIf you have an overly complex cost infrastructure, you can\u2019t change when the business model changes,\u201d he says, adding to keep your options open as the USPTO has with a multi-cloud architecture by design. \u201cMy primary reason was to have competition between service providers,\u201d he says.\n\nWhen strategizing a cloud migration, it\u2019s important to be mindful of pricing models, says Del Giudice. \u201cExplore potential cost-saving plans, and factor in data transfer costs,\u201d he says. \u201cThis approach is vital to prevent unexpected spikes in cloud operating expenses and ensure alignment with your budgetary constraints.\u201d When executing a migration strategy, consider two other factors, he adds. First, what services, such as microservices or serverless, are available from the cloud service providers to facilitate migration? You\u2019ll need to decide between using customized solutions or managed services from the cloud provider, which generate vendor lock-in risks. Second, the cloud provider may offer incentive programs for migrating applications, with discounts that can be substantial for large migrations. \n\nBy their nature, cloud migrations can be risky. But CIOs who plan ahead and are persistent enough to go through this process may see more cost-effective cloud services and pricing models, improved scalability and resource allocation, and enhanced performance and responsiveness. \u201cReduced vendor lock-in fosters greater agility and innovation,\u201d says Del Giudice. \u201cUltimately, cloud migration can drive greater competitiveness, innovation and efficiency.\u201d