The spectre of vendor lock-in by cloud service providers is clear as the driven snow: modified programming languages, proprietary application program interfaces (APIs) and non-portable cloud services.
According to Vinton Cerf, an American computer scientist who is the "person most often called 'the father of the Internet‘”:
“…Each cloud is a system unto itself. There is no way to express the idea of exchanging information between distinct computing clouds because there is no way to express the idea of ‘another cloud.’ Nor is there any way to describe the information that is to be exchanged. Moreover, if the information contained in one computing cloud is protected from access by any but authorized users, there is no way to express how that protection is provided and how information about it should be propagated to another cloud when the data is transferred.”
Reclaiming control of a company’s information and content from a cloud service provider can be challenging. User lock-in is more of a compelling force as application functionality, code idioms, APIs and operational aspects of the information system start to increasingly depend on cloud provider-specific services, such as transaction management , non-standard messaging and proprietary storage data formats.
Exit strategies will depend on the type of cloud service provider and the underlying technologies used to provide those services. For infrastructure clouds, application code and configurations are self-provided; these applications are the property of the consumer. In some infrastructure as a service (IaaS) implementations, virtual machine portability provides migration of running application loads from a public cloud to internal resources or to another cloud provider.
The question of application portability becomes murkier as platform as a service (PaaS) or software as a service (SaaS) offerings are used. In these cases, the cloud service provides the application’s basic architectural framework, which is usually tightly coupled to the underlying technical and operations infrastructure. De-coupling those applications is a difficult proposition, and may not be possible.
It’s tough to imagine vendors exposing all their black-box magic with standard and commodity interfaces. Google AppEngine promotes Java and Python as they attract businesses to their purpose-built BigTable database and messaging models. It will be important to consider data and process portability when utilizing PaaS and SaaS providers and to allow for re-platforming or re-hosting if a transition is needed.
The steps to reclaim a system that has been designed, coded, tested and deployed using one or more cloud services will depend on where businesses plant their system components.
Here are some things businesses should keep in mind as they seek a flexible relationship:
- Typically, cloud providers do not own intellectual property for artifacts developed or hosted within their IaaS platform; however, clear delineation of ownership is required to avoid potential future litigation
- Cloud services, by definition, should be loosely coupled
- To reduce vendor dependency, explore a hybrid approach whereby internal and external resources are implemented to fulfil a business requirement for mission critical or even secondary applications
- Encapsulate provider specific integration points into core management and provisioning systems to isolate changes introduced by altering the sourcing model
- Deploy run-time applications in a manner abstracted from underlying infrastructure and machine image
- Build custom, standards-based machine images capable of running on variety of standard platforms
- Backups should also be machine independent
- Carefully design application architecture and development techniques to minimise risk
- Compliance (and certification) to government mandates and security requirements is not portable
- Promote open standards
These are some of the issues that businesses should definitely consider when analysing relationships with cloud providers. It is imperative that a business understand how much trust to place with their cloud providers to ensure that appropriate contractual and technical safeguards are in place. Although businesses are increasingly storing data and running applications in the cloud, they must also maintain tight control over key company information.