Should we really be worried about vendor lock-in in 2020?

While enterprise technology has changed dramatically over the last few decades, one thing has remained a constant: the fear of vendor lock-in. But in 2020, while lock-in remains a very real issue, there may be less need to worry about it than in the past.

For many businesses that are already leveraging public clouds and SaaS, the dream is to achieve flexibility in tech infrastructure and operations while still minimizing the inherent risks that come from being overly dependent on one provider. And a proliferation of open-source tools and multicloud approaches that have bubbled up in recent years make that look increasingly possible.

But the truth is that tech buyers have been burned before. In the past, companies' concerns about vendor lock-in were indeed warranted. After having invested heavily in a particular tech vendor's products or services, companies often found it prohibitively expensive or disruptive to switch to a competing vendor, leaving them stuck with a potentially substandard service.

In previous decades, it was Oracle, IBM and Cisco that were often considered the most flagrant offenders, effectively hooking clients in with burdensome, multiyear enterprise licensing agreements for proprietary hardware or software. If there was an increase in prices, or a lapse in the continuity or quality of service, their clients were essentially out of luck. It didn't help either when larger tech companies began buying out smaller competitors, leaving customers with even fewer options. Such predatory corporate tactics continue to be a problem today, often resulting in higher prices for services and products, or controversy when there are conflicting interests, such as when Microsoft bought out open-source code repository GitHub back in 2018.

Understandably, tech buyers began to view proprietary lock-in as something to be avoided if at all possible.

The new flavors of lock-in

Fast forward to today, and despite big technological shifts, the anxiety around vendor lock-in hasn't really gone away. The dominance of big cloud providers such as AWS, Microsoft Azure and Google Cloud has meant that lock-in averse enterprise tech buyers are still casting around for alternatives, such as opting for hybrid public-and-private cloud or using multiple cloud providers.

One recent Bain & Company survey found that two-thirds of CIOs say they would prefer to use cloud services from several different vendors to avoid lock-in. Yet 71% of those companies still rely on only one cloud provider. The remaining 29% that do manage to pull off a multivendor strategy still spend an average of 95% of their cloud budget with one provider, effectively creating de facto lock-in. Potentially part of that problem: Engineering talent tends to specialize on one cloud or another, creating extra barriers to working with multiple providers.

Nevertheless, there's been a noticeable trend toward a multicloud approach, even among cloud providers. Despite its previous reluctance to offer such concessions as the frontrunner in cloud computing, AWS' recent multicloud-friendly upgrades to its cloud management tools signal a shift in its stance. Microsoft's introduction of Azure Arc as well as Google's recently announced Anthos also indicate the tech giants' grudging acknowledgement of the transition toward multicloud deployments and the tools needed to manage them.

"Public cloud providers are becoming more accepting of the fact that most of their customers are going to move to multicloud, or leveraging more than one public cloud," explained David Linthicum, chief cloud strategy officer at Deloitte Consulting. "This means that cross-cloud tools and technology will arise, allowing public cloud customers to mix and match cloud services to leverage best-of-breed cloud services."

In addition, a growing number of IT professionals are realizing that lock-in can occur not only at the technical and infrastructural levels, but also through the data lock-in that results when businesses find it too time-consuming and cost-prohibitive to migrate massive amounts of data between cloud providers.

"When it comes to vendor lock-in, the discussion in 2020 is centralized around vendors' disproportionate control over their clients' data," Samantha Bonanno, senior analyst at online business-to-business marketplace vendor Capterra, told Protocol. "Whether we're talking about data compiled and housed in an SaaS vendor's platform, or key points of integration that are fully managed by cloud vendors, the high stakes of maintaining a business's data and information nexus mean clients feel pressured to renew contracts with vendors that have profound leverage over core business functionality."

Perhaps one of the biggest attempts to offset potential lock-in is the increased use of highly portable, open-source container-based solutions that theoretically work across different cloud vendors. But while containers are useful, they aren't a silver bullet: As recent analysis by research firm Gartner points out, containers can add cost by complicating development and operations management, since they still need orchestration and an additional infrastructural layer of management. And changes in access to the ecosystem — such as the recent move to impose new limits on the free use of Docker Hub's repository of container images — can also have a potentially detrimental impact on smaller businesses that are dependent on that platform.

Some experts point out that seemingly cloud-neutral, open-source container orchestration tools like Kubernetes can become an alternative point of lock-in, especially when companies use Kubernetes services via their cloud provider, meaning that they are then tied to a particular version of Kubernetes and any proprietary extensions.

So while the desire to avoid vendor lock-in is genuine, the reality is that the problem is heightened by a hodgepodge of standards and APIs in the public cloud. Even an ostensibly multicloud approach may unintentionally translate into greater cost, complexity and even multivendor lock-in in the long run due to the lack of standardization across cloud providers, and how the intricacies of each cloud provider can vary.

Learning to unlock

As some industry observers have begun to point out, lock-in isn't an all-or-nothing affair: There are shades of nuance to it, and various tools and strategies to help mitigate it.

A number of startups are rising to the occasion by offering some innovative solutions. Some, like Snowflake, address the issue of cross-cloud data portability by providing data warehousing services. Other options like Flexera, Scalr, Embotics and Morpheus Data are cloud management platforms that consolidate control of optimization, orchestration, security and monitoring to make it easier to adopt a multicloud approach. Tools like Rancher, Giant Swarm, Google Anthos and Platform9 provide an easier way to provision and manage multiple Kubernetes clusters across different providers.

Besides technological tools, good old-fashioned research via review sites like Capterra, G2 and TrustRadius, can also go a long way.

"As you're shopping for vendors, take the time to run some side-by-side comparisons of your top contenders," said Bonanno. "Comprehensive software review sites provide data-driven insights and comparison tools, illuminating a product's functionality and ease of use more robustly than what may be provided by a vendor's sales team."

It's also important to hash out the fine print when it comes to contracts, so that there's a way out when providers ambush clients with exorbitant 1,000% price increases or some other nasty surprise out of the blue.

"The COVID-19 global pandemic is a wake-up call for many tech buyers as they realize they are locked in to deals from which they can gain little, if any, financial relief from vendors," said Melanie Alexander, a research director at Gartner. "Flexibility is key to avoid or address vendor lock-in. Draft flexible, shorter-term contracts that provide a way out, beyond the vendors' inability to provide the services. Buyers should also think about the end at the start. Develop an exit strategy with internal stakeholders before signing a new deal and negotiate an exit plan in the contract — including business downturn language."

Given the complexities of the cloud, it seems that accepting some degree of vendor lock-in may be more or less necessary. But tech buyers should know that, with care, its impact can be minimized.

And at the end of the day, staying resilient and agile might also mean just knowing when to cut loose and choose another provider, regardless of expense and inconvenience.

"Enterprise businesses also know the speed at which technologies like cloud computing and enterprise software can change," Bonanno said. "There is an undeniable cost to passing on emerging capabilities that a different vendor might offer that could give your business a competitive edge."