everythingpossible - Fotolia

Cloud lock-in fears aren't as prevalent as you might think

Enterprises are using multiple clouds, but not because they're afraid of lock-in. See why they're being smarter about cloud selection and forgoing portability in favor of speed.

Vendor lock-in has long been the boogeyman of cloud computing, but enterprises no longer fear it like they once did.

Organizations become concerned about lock-in when they feel they can't easily move away from a technology, especially if they're unhappy with the provider of that technology. However, fears of cloud vendor lock-in may be overblown -- or at least greatly on the decline.

Lock-in is slowly moving down the list of objections to cloud adoption, falling behind topics like security, cost management and data locality, said Melanie Posey, research vice president at 451 Research.

Only 10% of organizations are "very concerned" about IaaS/PaaS public cloud vendor lock-in, according to recent survey data from 451 Research, part of S&P Global Market Intelligence. Another 32% report being "somewhat concerned."

"It's something that people say, but it's not really what's holding them back from using cloud and it's really not a problem when you get down to the nuts and bolts level of things," Posey said.

Indeed, discussions about cloud vendor lock-in have become more nuanced in recent years as enterprises are now more familiar with the technology. And in many cases, they've opted to eschew those concerns in favor of greater agility in software development.

A brief history of cloud lock-in

Concerns about being beholden to an IT vendor are nothing new. For decades, organizations with on-premises data centers felt they had been burned by long-term server deals and onerous software contracts. Enterprises carried those scars with them in their early resistance to cloud adoption, while also holding out hope for a paradigm shift that would give them greater leverage over IT vendors.

Melanie Posey, Analyst, 451 ResearchMelanie Posey

Specifically, open source evangelists saw OpenStack as a panacea. Users hoped this software would be a means to deliver interoperable cloud infrastructure so organizations could move applications from one provider to another as they saw fit. The goal was to break the early stranglehold AWS had on the burgeoning IaaS market. But OpenStack was notoriously difficult to deploy and manage. The project also fell victim to competing interests among its backers.

Lock-in concerns were not enough to stem the tide of proprietary cloud adoption, and OpenStack floundered at the same time AWS saw exponential growth and large-scale enterprise deployment. Microsoft Azure and Google Cloud Platform (GCP), two other proprietary clouds, emerged as the top alternatives.

Yet, cloud vendor lock-in concerns persisted, serving as a backdrop for emerging technologies like Docker and Kubernetes, which opened the door to greater portability through containerization. Multi-cloud proponents envisioned arbitrage scenarios, with enterprises hosting the same app on different clouds and negotiating better deals by pitting vendors against one another for the benefit of their business. It's a concept that is yet to pan out.

"That's a fool's errand in terms of thinking that you have any leverage over that," said Drew Firment, senior vice president of cloud transformation at A Cloud Guru, which runs online training courses in AWS, Azure and GCP. "It's like having three power companies coming into my house and somehow I'm going to have leverage over the pricing; it just doesn't make any sense."

Choice quells lock-in fears

People feel locked in when something isn't improving fast enough and costs keep rising, said Dave Bartoletti, vice president and principal analyst at Forrester Research.

Dave Bartoletti, vice president and principal analyst, Forrester ResearchDave Bartoletti

In the past, some software vendors made it extremely difficult to leave, so enterprises are wary of repeating those experiences. However, much of the talk these days about cloud vendor lock-in comes from providers on the outside trying to capitalize on those fears, not from actual users, he added.

Instead, the major cloud providers have taken steps to neutralize the anxiety that underpins lock-in fears. Services are available on-demand and pricing continues to drop or remain flat. Vendors also embraced the open source projects that have become the hubs for modern software innovation. Meanwhile, app lifecycles continue to shorten, which lessens the fear of being stuck with a platform indefinitely.

And while grandiose visions of multi-cloud egalitarianism haven't come to fruition, the emergence of multiple viable vendors has had a major impact. There's enough overlap between platforms -- in terms of service parity and underlying open source software -- that migrations are feasible, though still not particularly easy.

"In the cloud, I can leave whenever I want; I can turn it off," Bartoletti said.

Nasuni, a cloud-native file services vendor, has clients with workloads on multiple public clouds, but discussion about platform selection aren't driven by lock-in fears, said Russ Kennedy, the company's chief product officer.

Instead, Nasuni will discuss the pros and cons of the various platforms in relation to their apps: Where are cloud regions in proximity to users? What are the services available in that region? What's the durability and availability of those services? What are the costs? As a result, the lock-in discussion happens less and less, Kennedy said. Instead, the focus is on flexibility and choice.

"They're not coming in blind and seeing the cloud as this big amorphous thing that's the same everywhere – it's more sophisticated," Kennedy said.

Kennedy has seen companies move workloads to other clouds, but often as a last resort. Either they feel they're getting gouged on price or the relationship has soured for some other reason. On rare occasions, a provider will give a sought-after company incentive to migrate workloads to its cloud.

Weigh lock-in concerns in the context of business value

So much of the debate about lock-in comes down to tradeoffs and how tightly you tie your workloads to a platform. It's not as simple as saying lock-in is bad, full stop.

For starters, there's a distinction between the services integrated with an application and the platforms used to host those applications, according to Jared Dickson, solutions architect at business and technology consulting firm OST. Those higher-level services have greater potential for lock-in, but it might be worth the risk. It all depends on the specific IT team's stage of maturity in its cloud adoption and its understanding of how services function.

Dickson used the example of opting for a cloud provider's proprietary secrets management service rather than an open source alternative. The cloud provider's services could save the organization considerable time and money since it doesn't have to maintain or operate it -- or ensure that it's properly patched -- like it would with an open source tool.

"If their expertise is ecommerce or those products backed by it, maybe secrets management isn't something you do in-house because it's not your specialty," Dickson said.

Eventually, teams might reach a point where they want to build something internally, but should only do so if they believe those efforts will help drive value to the overall business.

Some services are more difficult to decouple than others, Dickson said. For example, event and messaging tools that facilitate service-to-service communication don't have universal parameters, so you might run into issues around things like message-size limits if you decide to move to a different platform or service. In those scenarios, it can be easier to go with an open source tool like RabbitMQ.

The goal should be to first pick a platform that will help you innovate and scale faster, then go from there as far as platform abstraction, Firment said. On a rare occasion, you might find your application is so successful that you're able to customize it in a way that commoditizes the underlying cloud platform so you can distribute workloads to guard against outages or other concerns.

"But that shouldn't be the mindset going in because at that point, it's not a problem yet," Firment said. "Make it a problem, then that's a good problem to have."

Also, there are benefits to working closely with a provider, including access to better discount programs, early releases and case studies. Unlike some of the past relationships with on-premises vendors, cloud providers seem more willing to partner with their customers, Firment said.

Enterprises should go in with their eyes open when they take a dependency on a proprietary service without an open source alternative, Bartoletti said. It's something to consider, but it shouldn't be a definitive reason not to use it.

"That's always the tension: Do I want to slow down and make sure I'm not taking dependencies that may reduce my flexibility later on?" Bartoletti said. "Generally, the calculus in the enterprise market is shifting more toward speed, and we'll worry about platform later."

Dig Deeper on Cloud deployment and architecture