Vendor lock-in: Is it worth worrying about in the cloud?

Gentleman in suit clicking on virtual padlock

Ask any cloud sceptic to list their biggest fears about moving to the off-premise world, and the words security, privacy, and reliability will almost certainly feature.

The phrase “vendor lock-in” is also highly likely to appear somewhere, as end user gripes about the openness and interoperability of different cloud technologies continue to bite.

In some of these instances, end users are right to be worried. The fallout from the 2013 NSA surveillance scandal is still looming large over the cloud industry, prompting a degree of wariness from individuals about how service providers might treat their data.

And, while end users have become savvier about maintaining access to data in the event of an outage, the knock-on effect of downtime on business productivity is still a concern.

What about vendor lock-in? Obviously, no-one wants to become so reliant on a product (either on-premise or in the cloud) that they won’t be able to ditch it later down the line should their business needs change.

But how concerned should end users be about falling into the vendor lock-in trap, and is it reason enough to put off moving to the cloud at all? James Staten, vice president and principal analyst covering infrastructure and operations professionals at Forrester, doesn’t seem to think so.

In fact, he says a lot of concerns raised about vendor lock-in by prospective cloud users are “overblown” because it’s a risk whenever new technologies are adopted.

“Any deployment type has some degree of lock-in, in that there [may be] some pain to migrate an app from one deployment to another,” he tells Cloud Pro.

This could be because they have opted for a solution that fulfills a specific function no other can offer, which is a common scenario for cloud users to find themselves in, says James Walker, president of open standards champions, the Cloud Ethernet Forum (CEF).

“Because cloud is [a] relatively immature [concept], there are services [one provider] can offer that are unique and no-one else can,” Walker says.

“That’s a form of voluntary lock-in... and you’ve got nobody to blame but yourself if you end up getting addicted to that feature and can’t move away.”

Being in that position shouldn’t necessarily be viewed as a problem, though, says Staten, as the functionality they get through being locked-in could give their business a competitive edge.

“Anytime you are innovating or are taking advantage of innovative services, you are risking lock-in. If your risk of lock-in outweighs your desire to lead, differentiate or deliver value in a more agile way, then don’t use the service,” he adds.

Furthermore, if they’re happy with the service they’re receiving, and the provider offering it, lock-in shouldn’t be a worry, says Peter Tsai, IT analyst from IT pro community Spiceworks.

The great escape

However, just because things are ticking over nicely now, doesn’t mean things will always remain that way, which is why he advises users to have an escape route mapped out just in case.

“If you’re stuck without a plan B, you might be forced to endure unwanted price increases, infrastructure changes that break your application, degradations in levels of services, or you might simply become stuck on a platform that no longer meets your needs,” Tsai warns.

To guard against this, Tsai says there are a few questions prospective cloud adopters should ask before signing up.

These include establishing whether the vendor uses proprietary technologies or formats, permits integrations with other applications or platforms, can afford to keep up with the pace of innovation happening elsewhere in the cloud market and – as such – will be able to grow with the users’ needs.

This is a view shared by CEF’s Walker, who says users should not be shy about quizzing potential suppliers about their attitude towards open cloud standards, particularly the use of non-proprietary APIs.

A lot of vendors are making an effort to become more open, as end users become increasingly savvy about the negative impact using proprietary technologies can have.

Even so, there are vendors out there making no attempt to embrace open technologies, warns Walker, and these are the ones end users should be wary about dealing with.

The other thing to bear in mind is that open standards are yet to be established for every conceivable cloud usage scenario. And, until that occurs, they might find themselves stuck.

“You might want one of your cloud providers to be able to pull out and use your financial data from another one... say Salesforce from SAP,” Walker explains.

“There are no standards to do that, no SLAs to do that and no APIs. So, even if you want something that’s open, there’s nothing today you can turn to to make that happen."

Clive Longbottom, service director at market watcher Quocirca, also cautions users against taking vendor claims about embracing open technologies at face value.

As an example, he cites vendors that try to put their own spin on non-proprietary platforms like OpenStack.

“It may look like OpenStack and be talked about as being OpenStack, but there may well be differences in how workloads are managed and run that will make it difficult to move them around at a later date," he says.

Moving on

Now, that advice is all well and good for those still working out how to embrace cloud now, but what about the unhappy users that have already embarked on the move off-premise and are feeling stuck?

“If they’re not happy with their cloud provider, users need to first work out exactly how locked-in they are,” advises Gordon Haff, a cloud strategist working in the hybrid cloud team at open source vendor Red Hat.

As part of this, they need to establish how important the application or feature the cloud provider offers is to their business, says Haff, as this will largely dictate how much effort is required to move elsewhere.

“Is this something that’s core to our business or a utility programme we use during quarter closing four times a year? Is it a prototype we’re planning to put into production?” he asks.

From here, they’ll need to drill down further to establish if the importance of that app justifies the resource and effort needed to change providers.

“Is it simply a matter of just one API that can be easily rewritten in a couple of afternoons or did the developers go crazy and use every proprietary API this provider has to offer?

“If it’s the second scenario that’s playing out, then the situation does become a little more complex,” he says, and – in turn – more costly for users to switch providers.

Competitive pressures

That being said, things are steadily improving, adds Tsai, as competition between vendors increase, and customers become more wary of lock-in, and shy away from suppliers it might be difficult to cut ties with later down the line.

“While moving your applications and services to a different vendor can be painful and expensive, many vendors now provide migration tools that make it easier to jump from one service to another,” he says.

“Additionally, increasing cloud competition has forced providers to innovate and compete with each other on price in order to keep customers happy.”

The take-off of containerisation technologies (such as Docker) that let users package apps and virtual machines so that they work in a wider range of environments will also lower the risk of lock-in for users, adds Longbottom.

“For those looking at cloud platforms now, I would make sure that the first question is ‘what containers do you support, and what is your view on the future use of containers,’ as this should provide them with greater safety from lock-in as time goes on,” he concludes.

Locking down clouds

  • Vendor lock-in isn’t exclusively a cloud problem, as it’s an issue that’s blighted enterprise IT decision makers for decades. But it’s more likely to occur in Software-as-a-Service (SaaS) deployments than anywhere else.
  • This might be because of some unique functionality the cloud-based software offers, or because of limitations on the types of environments these apps can be run from.
  • “With Software-as-a-Service, there is inherently going to be a degree of lock-in in most cases,” Red Hat's Gordon Haff says.
  • Where Infrastructure-as-a-Service (IaaS) offerings are concerned, the risk of lock-in is lower as users tend to have a greater degree of control over how entrenched they become with their services.
  • “If you have a provider like Amazon Web Services (AWS), for example, that offers a lot of specific, unique to AWS services and you choose to use all of those, you might find that you can’t easily move,” he explains.
  • But that’s something IT directors will need to consider beforehand. How “all-in” are they prepared to go with a provider, and what’s the downsides of doing so?
  • “With IaaS, you’re very much more in control of how much lock-in you choose to have,” Haff adds.
Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.