Cloud freedom: Avoiding vendor lock-in

Visualisation of cloud with padlock inside, with hand reaching towards it from behind

The promise of cloud computing is the ability to transform and revolutionise – opening up new ways of thinking and doing things. In essence, it offers businesses, regardless of where they’re based or what industry they’re operating in, a sense of freedom – freedom to think and behave differently and freedom from traditional constraints linked to cost, scale, security and so on.

But freedom is also about the ability to choose which cloud product and services you want to consume, when, and how. So the idea of being locked into what can feel like infinity with just one cloud vendor seems unthinkable, right?

Unfortunately, while it’s unthinkable and unrealistic for many, it’s normality for others, with some cloud providers essentially promising the world, but only willing to deliver the goods if customers are willing to sign-up to fixed terms of service, complex small print and large financial penalties if they want to leave earlier than planned.

More or less?

Research by Bain & Company, published in September 2020, found that the majority (65%) of CIOs plan to use multiple cloud vendors. The reasoning is varied, with some citing price and others citing variety, but the worry about lock-in is a clear driver for many, according to the study.

The uneasiness surrounding potential lock-in can have adverse knock-on effects and result in companies working with more cloud providers than they might otherwise need to in order to avoid putting all their cloud eggs in the same basket. This, best case scenario, could result in spending far more time, effort and budget than would otherwise be needed. Worst case, multiple lock-ins. Either way, trying to forge more partnerships because you’re worried having just one will be dangerous isn’t a solid strategy.

That’s where specialist cloud firms and a multi-cloud approach arrive on the scene. Having the right mix of providers working together to deliver on your business needs, you can actually simplify rather than complicate things.

Analyst firm IDC has dubbed 2021 as the year of multi-cloud and it’s easy to see why, based on the evidence presented against vendor lock-in itself and knee-jerk reactions by organisations to try and avoid falling foul of being locked in.

"The widespread disruption caused by the global COVID-19 outbreak has reinforced the critical importance of businesses being agile enough to scale up or down with fluctuations in demand," said IDC's Jyoti Lalchandani, group vice president and regional managing director for the Middle East, Turkey and Africa (META).

"A public cloud platform provides enterprises with an agile, scalable, and cost-effective IT infrastructure that supports their business processes. However, public cloud is not necessarily an appropriate option for all types of workloads. As such, some enterprises are choosing to keep certain workloads on-premises – using an in-house data centre – or on private clouds. This approach helps them achieve better performance, 24/7 availability, enhanced security, and greater compliance with regulations."

As a result, IDC has predicted that the majority (more than 90%) or companies will follow a multi-cloud path come 2022, seeking out fit-for-purpose specialists rather than generalists where and when it makes the most sense.

Fellow experts agreed with Michael Warrilow, VP analyst at Gartner, who said: “Most organisations adopt a multi-cloud strategy out of a desire to avoid vendor lock-in or to take advantage of best-of-breed solutions. We expect that most large organisations will continue to willfully pursue this approach.”

The need for speed?

But Warrilow does urge caution before going all-in on multi-cloud and advises against moving from A to B too quickly.

“There are many nuances between platforms, and trying to build services in more than one simultaneously is challenging. Starting slowly also allows time for in-house staff to develop their skills and learn how to manage the cloud.”

“Should you really embrace the entire stack from a single vendor just to take advantage of their speciality services?” Wasabi CEO and co-founder David Friend wrote in a blog post. “While it’s convenient, what are the risks? It’s not as though the cloud has eliminated all technology risks. So what risks remain, and how are you going to address them?

“Whether you’re worried about it or not, if you go with a single cloud provider you are in fact tying yourself to that vendor, with all that entails. From the transfer fees to get your data back out (for any reason, including no longer being a customer of the vendor, extended downtime of the provider, etc.), to the closed APIs that your solution is built on that would require varying levels of refactoring (at the least), to blowing it up and trying again in order to deploy on another cloud.”

He continued: “Moving to the cloud? Don’t repeat past mistakes. Avoid vendor lock-in and build it your way with a best-of-breed, multi-cloud strategy.”

As companies realise what will work best for them when it comes to cloud, spending in this area will increase. Indeed. Gartner predicts that public cloud spend will top $396 billion this year and grow by 21.7% to reach $482 billion next year. More specifically, the analyst firm believes spend on public cloud will surpass 45% of all enterprise IT spend by 2026 – a figure that’s up from 17% this year.

“The economic, organisational and societal impact of the pandemic will continue to serve as a catalyst for digital innovation and adoption of cloud services,” said Henrique Cecci, senior research director at Gartner. “This is especially true for use cases such as collaboration, remote work and new digital services to support a hybrid workforce.”


Another Gartner research piece suggested that the pandemic had served as a catalyst for re-defining whether mission-critical workloads needed to be on-premise or in the cloud.

“The events of last year allowed CIOs to overcome any reluctance of moving mission critical workloads from on-premises to the cloud. Even absent the pandemic there would still be a loss of appetite for data centres,” said Sid Nag, research vice president at Gartner.

Nag added: “Emerging technologies such as containerization, virtualisation and edge computing are becoming more mainstream and driving additional cloud spending. Simply put, the pandemic served as a multiplier for CIOs’ interest in the cloud.

“...Cloud will serve as the glue between many other technologies that CIOs want to use more of, allowing them to leapfrog into the next century as they address more complex and emerging use cases. It will be a disruptive market, to say the least.”

The cloud will also play a key role in strengthening your security posture, which makes flexibility and the avoidance of lock-in even more important. The need to plan and tread carefully in this area will only grow as the threat landscape intensifies.

Ransomware was called out as the main threat facing organisations as we move further into the final calendar quarter of 2021, according to Gartner. Other key concerns related to a growing skills gap and how to best support new ways of working and hybrid collaboration, but the possibility of new and emerging ransomware threat remains the biggest headache.

“The negative impact of evolving ransomware attacks is seen as so severe by executives that it tops a notable list of risks related to an ongoing pandemic and the disruption of the global supply chain,” said Matt Shinkman, vice president with the Gartner Risk and Audit practice.

“While new models of ransomware attacks are frightening in their own right, the consequences for organisations are even worse. Prolonged operational delays, data loss and exposure, as well as the reputational damage that follows, present potential existential risks to an organisation that executives are all too well aware of, especially if the attacks occur as a result of inadequate cyber security controls.”

Money talks

In April this year, BAE Systems suggested that the majority (74%) of banks and insurers had experienced an increased exposure to cyber crime since the pandemic began. Despite the growing risk curve, just over a quarter (26%) of firms said the budget they had to dedicate to fighting such battles had decreased in the past 12 months.

“We’re noticing a clear collaboration emerging between different groups of criminals across the wider landscape of serious and organised crime,” said Adrian Nish, Head of Cyber at BAE Systems Applied Intelligence. “Fraudsters and cyber criminals seek to exploit fear, uncertainty and change, and the pandemic has offered them new opportunities to probe for weaknesses they can monetise and new ways to disguise their activity.

“Attackers are building increasingly advanced capabilities to target core banking systems and becoming more aggressive, harming victims’ ability to respond to attacks. Online criminals have reacted fast, adapting their approach to hunt out remote working security gaps and prey on the vulnerable.”

Even without the worry of vendor lock-in, security remains a boardroom concern, but add the idea of inflexibility when you need it most and you could be opening up a threat-based can of worms.

Wasabi’s Friend wrote about such concerns in a recent Fintech Herald article, highlighting that even the Bank of England was concerned about the impact on certain cloud providers and services when it came to financial security.

“Where cyberthreats are concerned, ransomware is one of the highest priority threats to banks, and cloud vendor lock-in can exacerbate the threat ransomware poses,” Friend wrote.

“By pitching themselves as a ‘one stop shop’ for data storage and management, bigger providers encourage developers to build their entire technology infrastructure on their platforms, while making it hard to move business to other cloud providers. Such a concentration of power lends itself to the risks identified in the Bank of England report, as it can give rise to opaque business practices whereby security information and how to monitor risks isn’t transparent.”

He added: “Diversifying your cloud providers is important to mitigate against the security risks of vendor lock-in. It will minimise the risks of data loss and downtime while also enabling cost savings in the long-term by avoiding getting locked into long term contracts with a single vendor.”

It’s clear, then, that lock-in can actually exacerbate existing issues and create new ones, especially when it comes to cost, complexity and security. That’s why there should never be a one-size-fits-all approach to the cloud. Businesses should be afforded the opportunity to consider – and work with a trusted partner to validate – what matters to them and proceed, albeit with caution, from thereon in.

“Many customers are beginning to feel locked into services with AWS and Azure and are looking towards alternatives to support their cloud storage needs,” according to Nucleus Research.

“In 2021, companies like Wasabi will show enterprises that there are cost-effective alternatives to the larger cloud service providers, and these solutions can be implemented without compromising performance or overall capabilities.”

Learn more about Wasabi’s services


ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.