“If you are running your IT systems in a traditional private data center, you are already locked-in, and not in a good way.”
I was recently in a job interview before a panel of IT industry analysts, defending my positions in a hastily-written research note about the cloud service provider business. During an interaction with one of the tormentors… I mean, interviewers… the topic of cloud vendor lock-in surfaced in the context of customer retention and competitive opportunities.
It is no secret that detractors of public cloud keep “lock-in” as a go-to arrow in their quiver, right alongside “insecurity.” But that doesn’t mean it is manufactured FUD (Fear, Uncertainty and Doubt). Cloud lock-in is very real, and organizations adopting cloud technologies, especially public cloud, must be have a relevant strategy addressing it.
But is cloud lock-in necessarily “bad?”
CSPs are continuing to build out their stack of services into higher layers of abstraction; databases, data analytics, even gaming platforms are being built and maintained by the service, freeing customers to focus on application-specific logic and presentation details to meet their business needs. This results in a high-velocity, nimble IT execution environment that allows them to respond quickly and effectively. In short: they derive considerable value from being “locked-in.” Clearly, if they later have reason to abandon their current CSP for another and haven’t planned for that possibility, it could be too intractable to attempt disentanglement.
Yes, there are ways to plan for and enable easier extraction. Technologies like containers provide better isolation from the cloud infrastructure, as well as make it possible to “bring your own” services with you, rather than depend on the platform’s. The challenge is knowing where to draw the line in just how much to “abstract away” the service: you could end up spending so much time insulating your application from the implementation details of a service that you lose the aforementioned benefits. That could be worse than being directly “locked-in” if your competitors do it and get to market faster.
But a new thought was introduced during my interview, and I wish I could credit the person who gave it to me through the form of a question: Aren’t organizations who choose to remain in their private data centers even more “locked-in?”
This is a profound question, and it underscores the fundamental shift in thinking that must occur if organizations are to successfully survive the shift to cloud-based IT. If you are running your IT systems in a traditional private data center, you are already locked-in, and not in a good way. You’re much more isolated from the riches of the Internet, unable to take advantage of economies of scale, forced to re-implement otherwise common services for yourself, burdened with highly customized infrastructure and attendant support systems that will get more expensive to maintain over time as others abandon the model.
Privacy and control underpin the rationale continuing to feed this model, and although privacy is a good reason, control – specifically, the ability to customize infrastructure to the nth degree – is not. CSPs build and maintain infrastructure faster, cheaper, and with higher rates of successful outcomes. IT departments that see cloud as an extension of their data center, that must conform to their data center’s operational paradigms, and disrupt as little as possible the routines and processes they have developed over the years will be at a major competitive disadvantage in the future as their more prescient and capable competitors adopt DevOps and cloud models to drive their businesses at higher velocity. Private cloud, when done properly, is a good intermediary solution that provides the control and privacy while bringing many (but certainly not all) of the benefits of public cloud. A hybrid cloud solution that marries public and private seems to offer the best compromise.
Oh, the interview? Apparently they liked my answers enough to offer me a position. So for now, this is the last of any real cloud-related technical blog you’ll see from me outside of the company’s official channels. After all, one must not give away the store: All product must be secured!
That is… locked-up. 🙂