by Bob Violino

6 strategies for avoiding cloud vendor lock-in

Sep 30, 2019
Cloud ComputingIT Strategy

A credible threat of defection can help you leverage competitive pricing opportunities and escape long-term relationships gone bad.

hands tied restricted locked in handcuff trapped in contract by nattasaadzic getty
Credit: natasaadzic / Getty Images

In an ideal business world, enterprises would forge strategic partnerships with their cloud services providers that lead to prosperity for all involved.

It doesn’t always work out that way, however. Things change over time, and in many cases the relationship between the customer and its cloud provider does not evolve to account for that change. Or maybe costs are not in line with what was initially expected, or the quality of services is not what was promised.

Whatever the reason or reasons, there might come a time when an organization needs to break up with its cloud provider, specifically for software-as-a-service (SaaS) offerings. The key is having the flexibility to do this when the time comes, without significant negative impact to the company.

Companies need to be able to maintain a credible “threat of defection” strategy. For example, they must avoid being locked in to a particular vendor and keep open the possibility for other options, should the terms no longer align with business plans.

The strategy doesn’t mean automatically assuming there will be a breakup with the cloud provider at some point. But it does leave open the possibility if things go wrong.

Here are some suggestions of how to go about creating and implementing such a strategy.

Design for flexibility and portability

“One key factor is keeping your data and applications easier to move,” says Merim Becirovic, managing director within the CIO organization at Accenture, an IT services and consulting firm.

The company has digitally transformed its entire enterprise, and the cloud has been a crucial part of that, Becirovic says. Accenture currently has 95 percent of its infrastructure running in the cloud.

“Journeying far into the cloud allows us to focus on adopting native cloud solutions,” Becirovic says. “Our team established a process to manage and continuously introduce safe, standardized cloud-native products for applications to provision and consume.”

To date, there are more than 70 cloud-native services offered in this fashion, Becirovic says.

Using open source standards to write code is one way to prevent vendor lock-in. “Depending on the service being used, this approach will help minimize the cost of any refactoring to use a cloud-native service from another supplier where there is like-for-like capability,” Becirovic says.

Maintaining portability can be easier said than done, notes Robert Walden, CIO at IT service provider Epsilon. The company uses public cloud services extensively for both its client-facing, revenue-generating offerings and for its back-office IT operations.

“The more portable you can keep your applications the more agile you will be when it comes to switching providers,” Walden says. “Some solutions are easier to containerize than others.” In reality, completely portable cloud services are rare, he says, but striving for portability whenever possible should be a primary goal for cloud users.

Deploy an architectural plan to avoid lock-in

“Vendor lock-in must be thought about up front, whether we are talking about a cloud instance or not,” says Charlie Turri, CIO of the IT People Network (ITPN), which provides advisory, consulting, and IT services.

ITPN both uses services from cloud providers and advises clients on selection, setup, and management of cloud services. Internally, the company leverages cloud providers for the majority of its internal applications, infrastructure, and data storage.

One thing a company can do to address the lock-in concerns is

evaluate a more “uncoupled” architecture.

“A lot of firms are moving down the abstraction scale and are familiar with virtual machines and containers, and we work with clients to move as far down that scale as practical,” Turri says. “There are many good reasons for this approach and one is that it helps minimize the impact of lock-in.”

A good approach is to look at the overall architecture and have a plan in place that can be developed on the initial move to the cloud or at any time if a contract with a cloud provider is already in place. “The plan details the best approach for minimizing impact to any type of lock-in,” Turri says.

Another approach is to add a layer of abstraction to obfuscate the provider, Turri says. “There are some drawbacks to this, but it can be a viable response to lock in,” he says. Specifically, for serverless functions all the cloud providers’ offerings work generally the same way, he says, but do have some specific differences.

“The differences can be managed via an abstraction layer,” Turri says. “We’ve built a proof of concept to validate [that] this approach works. The cost to build and maintain the abstraction layer would need to be weighed against the cost of lock-in.”

Careful planning either up front before the move to the cloud or before an incumbent provider’s service no longer works can help lower the lock-in headaches, Turri says. “Look at decoupling and abstracting as much as possible,” he says. “The less dependencies the better.”

Go the multi-cloud route

Organizations increasingly are creating multi-cloud environments, and that can help maintain the threat of defection if things don’t work out with a particular service provider.

“We choose to work with a number of cloud providers for our own workloads, to help prove out multi-cloud operations, to balance our risk across the ecosystem, and to help compare and contrast cloud service providers so that we can better inform our clients,” Becirovic says.

Competition among cloud providers is fierce, as costs to provide services and different options become more optimized, Becirovic says. “The consumers of those services, in this case enterprises, are positioned to be able to reap those benefits,” he says.

Organizations should strive to have at least two public cloud platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) providers, Walden says. “And you will have a larger number of SaaS providers,” he says.

Leverage open source technologies where possible

One of the major selling points of cloud service providers is the ease with which new technologies can be evaluated and implemented, says Nick Wilson, vice president of TechOps at GoSpotCheck, which provides a mobile workforce software platform.

“This can be a double-edged sword, however, in the case where these technologies are proprietary,” Wilson says. “The best solution for avoiding lock-in is using components based on well known open source technologies, and use of cross-platform tools for managing these components.”

For example, GoSpotCheck is building its next-generation services using containers running in Kubernetes. “Every cloud provider has their own variation of a Kubernetes offering, but the underlying technology is open source and platform-agnostic,” Wilson says. “This makes it possible for us to move our clusters and containers around.”

The company has built its SaaS platform natively in the public cloud, leveraging PaaS providers such as Heroku and IaaS providers such as Google and Amazon Web Services to power its web applications, mobile backends, and data warehousing and advanced analytics.

Take advantage of contract renewal opportunities

Negotiating out of an existing contract is usually best done at renewal time, Wilson says.

“When we came up for renewal on a long-term enterprise contract with one of our providers, we opted to not renew and instead revert to higher pay-as-you-go pricing,” Wilson says. “The provider would have preferred us to stay locked into an enterprise contract. But it didn’t make sense for where we are heading as a business.”

The cloud provider ultimately supported GoSpotCheck in its decision, and the companies are still working together, “just at a more manageable footprint that we are in the process of right-sizing,” Wilson says.

There are always trade-offs when deciding on what level to work with a cloud provider, Wilson says. “The pay-as-you-go model is great when starting out,” he says. “But generally [it] has the least favorable pricing in exchange for the greatest flexibility. So when deciding to lock into a term contract, it is important to have a long-term vision of what you want your cloud footprint to be.”

Have an exit strategy in place from the beginning

It might sound overly negative, but it’s prudent to assume that something will go wrong with a cloud provider and plan for that eventuality even before signing the contract.

“You can avoid the pitfalls of vendor lock-in by thinking about the exit from the first day,” says Charlie Li, executive vice president and chief cloud officer at technology consulting firm Capgemini North America.

“That means ensuring your design, data, and processes are written in such a way that can be easily applied to future technology environments,” Li says. “If portability is likely to be required, only use niche cloud vendor-specific services where they absolutely provide definite business benefits and justify the ROI [return on investment] within a two- to three-year timeframe.”

Don’t use proprietary cloud vendor services just because they are available, Li says. “Take the time to use industry standard tools to make a migration in the future easier,” he says. “What’s more, you can future-proof your cloud operations by heavily leveraging containers, microservices architecture, and an API [application programming interface] strategy, thus becoming platform-independent.”