Vendor lock-in. What is it? Vendor lock-in occurs when you adopt a product or service for your business, and then find yourself locked in, unable to easily transition to a competitor's product or service. Vendor lock-in is becoming more prevalent as we migrate from legacy IT models to the plethora of sophisticated cloud services offering rapid scalability and elasticity, while fueling creativity and minimizing costs.
However, as we rush to take advantage of what the cloud has to offer, we should plan strategically for vendor lock-in. What happens if you find another cloud provider that you prefer? How will you migrate your services? What are the costs, how disruptive will it be, and will you have the professional talent to transition successfully?
As a vendor, locking in customers by ensuring that they cannot easily transition elsewhere is smart business. However, as a buyer looking for innovative solutions and a better value for services, you require flexibility if your business needs change, or if a vendor is no longer available due to bankruptcy or restructuring.
As you adopt a growing array of cloud-based anything-as-a-service (XaaS) to outsource your business support functions—from Salesforce to AWS services, Google docs to Microsoft Office 365—consider your exit strategy if your business needs change, or your vendor is no longer available.
Take a step back and consider vendor lock-in as part of your overall risk management strategy. A single cloud provider can offer great options for redundancy, risk management and design innovation. But what happens when you consider redundancy across multiple providers? How easy is it to have a primary service on AWS and a secondary/backup on Google? Not so easy.
Best practices suggest that you shouldn’t put all your eggs in one basket. However, developing a SaaS solution designed to work on two disparate cloud services is a complex undertaking. If you are simply using the cloud for storage/raw data backup, you may be able to transfer data between providers. Even then, you need to pay attention to data structures and standards across platforms. When developing complex solutions that rely on outsourced technologies such as AWS continuous development/continuous integration (CD/CI), Splunk Cloud for auditing, or Qualys Cloud for vulnerability scanning, how much redundancy and portability are you baking into your risk management strategy?
Also, what happens if AWS is no longer available? This seems highly unlikely today, with their stocks hovering at around US $2K a share. But what if your new CIO decides Azure offers better widgets? Or your CISO wants a primary platform on AWS and a backup on Oracle? There are vast differences in these platforms, and one development effort will not be easily portable to the other.
For example, TalaTek is developing its own next-generation cloud-based solution for its current platform. We must consider the additional time, multiple developers and increased complexity required to operate on two different cloud platforms to manage this risk. The question we ask is can we afford not to plan for an exit strategy if our strategic business goals were to change?
Acknowledging the risk, and in some cases accepting it, is a key aspect of risk management. TalaTek has accepted the risk in adopting a single cloud platform, since it makes business sense to do so.
What should you consider when adopting cloud-based services? Here are our top five considerations:
- Have a resilient risk management strategy that requires you to continuously re-evaluate your risk assumptions and diligently monitor market changes.
- Negotiate strong service-level agreements, vetted by legal experts, in the design of your cloud strategy.
- Align your business and IT/cloud strategies to protect your investments and ensure continuity of operations.
- Where possible, use open source stacks and standard API structure to provide portability and interoperability.
- Consider whether your risk tolerance allows you to accept some risk. If you are offering a SaaS solution to manage your client’s CRM, your risk tolerance risk is different from that of a hospital using the cloud to manage all of its client health data.
The cloud is here to stay. Assess your options, be smart about your strategy, and consider your exit options as you embark on the exciting journey into the cloud.