Should IT chiefs be wary of vendor lock-in when moving to the cloud? [Q&A]
In the dash to move systems to the cloud it's easy to become dependent on the services of a specific vendor, making it time-consuming or costly to move to an alternative at a later date.
We spoke to Cooper Lutz, chief architect, digital solutions at AHEAD, to get his advice for IT teams making their way to the cloud on the best practices to mitigate vendor lock-in.
BN: How can enterprises ensure that moving an app to the cloud makes sense in the first place? How does an IT leader make that determination?
CL: The most effective method for determining the appropriate underlying cloud platform(s) is centered around the application or use case. Organizations should consider which set of cloud platform capabilities, tools and technologies most effectively support the needs of the application. However, if organizations do this on an application-by-application basis they can quickly encounter tool sprawl and an inability to maintain consistent governance, security and operations without immense scale and investments. So, we must pair this with the approach that is right for the organization as a whole.
Overall, organizations need to take both of these into consideration when determining which cloud platforms they will support across the enterprise. The goal should be to develop their cloud platform criteria based on a broader set of strategic applications or use cases (i.e. one standard private cloud, one standard public cloud, one standard container orchestration), with the understanding that these options provide a large variety of needs that may come up across the entire application portfolio and enable the organization to more effectively support and operationalize this subset of tech.
Other applications may require some give and take to fit into a model that solves a majority of the needs, in addition to having a mechanism in place to justify deviations when applicable.
BN: How can companies guarantee application portability? Should containers play a role?
CL: In the context of third-party COTS (Commercial Off-The-Shelf) apps, keep your applications up to date and stay in tune with the vendor. Many IT managers are providing and updating their applications to be utilized by more modern platforms (i.e. Containers, PaaS) but they are mostly reliant on the vendor's capabilities. When organizations are reliant on vendors who haven't modernized their applications, there can still be value in automating these applications to ensure minimal untangling and relearning in the event that a layer of the underlying platform needs to be modified.
If an application has developed customized applications, containerization can play a big role in ensuring portability, as containers can be run on top of different cloud platform layers. While the underlying container orchestration technology could have its own elements of lock-in, it is a much lower effort to replace this layer instead of rewriting a tightly coupled, monolithic application to exit a hardware lock-in situation.
BN: Can you briefly describe what vendor lock-in is and its key risks?
CL: As it relates to cloud, vendor lock-in is when a company is essentially forced to utilize a product because switching away can be too cost-prohibitive or impractical. This is not a new concept and is often not a huge concern for enterprises, as long as they have a plan to mitigate it.
Today, vendors will provide incentives for customers not to navigate workloads off their service stack. For example, charging customers each time data leaves their platform or adding services that have a high degree of interoperability or security built in. But the key tradeoff is that you get high-quality services that work well together for the exchange of some amount of lock-in in return.
As for risk, the main one is the chance that a cloud provider's services decline in quality over time, leaving you with sub-par tools to operate in a digital environment. This can happen when IT groups have reached a certain level of lock-in, usually due to a lack of guidance or a misunderstanding of the vendor’s terms.
BN: What do you think are some of the best practices to minimize vendor lock-in risks for cloud-based workloads?
CL: Don't overanalyze and overthink risks to the point of inaction. Analysis paralysis is far too common with all the options and combinations that exist today. Despite regular anxiety over vendor lock-in, it’s usually not a true concern for cloud-based workloads. Depending on the business and the complexities of an organization’s cloud, some degree of vendor lock-in is more or less necessary. Most of the impact can be mitigated if tech buyers take the proper steps and clearly understand their vendors’ terms.
Here are some best practices to mitigate vendor lock-in risk.
- Determine which layer of lock-in is most concerning or problematic to the organization. (Hardware? Virtualization? Operating System? Public Cloud Provider? Container Orchestration?)
- Utilize cross Cloud Platform agnostic tools and technologies to ensure functionally similar capabilities and configurations.
- Reduce the use of long-term financial contracts and incentives to utilize a particular cloud platform.
- Use caution when putting a large dependency on smaller, early-stage, open-source projects.