How CIOs manage cloud lock-in

CIOs and cloud experts reveal that cloud lock-in is a risk, but with a data led architectural approach, they can secure their organisational ability to shift clouds.

Marie Kondo has become a global phenomenon with her books and TV shows on having a tidy life that will then provide you with freedom and inspiration. In the pandemic lockdown many turned to Kondo's lessons to change and tidy their homes, wardrobes and the now regularly used home office, but in doing so these Kondo converts discovered a challenge - complexity. Little in the average home is standardised in shape and size so doesn't stack and organise and although we may not have used the ironing board since mid-March, it's still a tool that will be needed and has to be stored. From global banks, manufacturing, retail and health, CIOs in all sectors are constantly seeking to modernise and tidy up the technology estate. In the last 12 years enterprise IT has become increasingly cloudy and therefore complex. So can a CIO or CTO ‘Marie Kondo' the technology estate? Or have cloud vendors created such tight lock-in that organisations look heavenward and sigh?

Cloud computing got its first foothold into the enterprise as a cost saving and the banking crisis and its following recession in 2007 onwards helped the enterprise cloud take-off. In 2020 a new recession is on the lips of boardroom discussions and once again CIOs and CTOs will be expected to deliver significant operational savings to the business. "Enterprises seem to be discovering that while there are many good reasons for using cloud services, saving money alone may not be the most important or even guaranteed," the 2019 Enterprise Cloud Index report, produced by Vanson Bourne found.

For some businesses, should they survive, more meaningful steps into cloud computing will take place. For those businesses with a strong usage of cloud, simplifying and increasing the utilisation of their cloud estate will be the opportunity they explore. 

A recent study by CIONet in the UK found that its members had four reasons for considering the cost optimisation of their cloud estate: cost efficiencies, utilisation of cloud facilities; cloud contracts and multi-cloud service integration. All opportunities for a CIO to discover that cloud lock-in can prevent the business from realising any of these four opportunities. 

Being locked-in to any technology, contract or location is a business risk. "The question is: how do I make sure that the risk level of lock-in is minimised so that it is acceptable in terms of service and flexibility," says Rob Tribe, Regional SE Director with Nutanix.  Business is built on taking calculated risks and lock-in, of any type, is about taking a bet based on the probabilities available to the business technology leader. The flexibility to scale up or down the compute power that cloud computing offers outweighs the risks of lock-in. 

"Cloud technology abstracts out performance issues that plagued the business from scaling out change in the past," Dominic Maidment, Technology Architect for Total Gas & Power told the Cloud Counsel recently. 

Dave Poulton, CTO with infrastructure and business change consultancy Intergence says lock-in risks can be decreased by having a multi-cloud approach and considering different providers to the giants Amazon AWS, Google and Microsoft Azure. "Alternative providers often have more flexible terms and shorter subscription time frames," he says. 


Needing to be flexible

"Portability is always something we bake into decisions," says Tom Brown, Head of Infrastructure Engineering at IG, a financial services trading platform provider. Cloud computing has enabled both IG and Total to reduce complexity and provide business flexibility. "Cloud is about abstracting application workloads from the infrastructure. If you are simplifying the technology and business processes, then when it comes to moving services or applications you have made it easier. You have to understand the infrastructure and then simplify it," Maidment says.

"We should not be in the datacentre business," says Dr Zafar Chaudry, CIO for the Seattle Children's hospital. "The reality is you need compute power on demand and in health our people demand that ability to flex the technology." Chaudry is expanding the use of cloud across the major US health organisation. Paul Cash, Director of IT Operations at gift retail business Smartbox in Ireland agrees with his healthcare peer: "We will always need a cloud estate as too much dependence on the datacentre is too risky." 


Leading architecture

"To avoid the risks of lock-in you have to create an architecture that allows the organisation to change cloud providers," Nino Messoud, CDO of engineering firm Barry-Wehmiller told CIONet recently. CIONet's recent study The Cloud Governance Playbook 2020 agrees with German CDO Messoud, the extensive report found that organisations need to: design and service integration layer into their cloud strategies that ensures an "effective means of managing commercial and technical performance of cloud service vendors," and says this should be backed up with a "group-wide enterprise architecture that is cloud-ready". Together CIONet says these should place data at the centre of that enterprise architecture and be supported by a procurement framework for cloud partners that encourages cloud providers to work together.

Poulton at Intergence offers similar advice to CIONet. "Make sure that you have great monitoring around your cloud provider compliance levels and always look at how easy it is to extract your data because I have seen organisations suffer costly penalties when looking to exit a cloud provider." Tribe at Nutanix adds: "In the past lock-in was in stacks and a CIO could make a choice on moving to a new stack. To reverse out of a stack, possibly because the skills are no longer available, meant rebuilding the stack in a new way. In the cloud reversing out can be much harder."

"Organisations often find that a cloud solution doesn't quite work, but to change means extracting the data and then they discover compatibility issues and that adds to the costs, time and complexity, which leads to lock-in as organisations just stick with an unsuitable provider," Poulton adds. Tribe calls it data gravity, as making a change weighs down on the business.  

"There will always be some form of lock-in, the key is having the ability to move things back and forth seamlessly," Cash at Smartbox adds. Creating partnerships between the cloud technology providers, the IT team and the lines of business is the role of a modern transformative CIO. As IDG Connect reported last June, CIOs are increasingly acting as business brokers and working as advisors across the organisation to ensure business lines select technology or use facilities from existing providers that will prevent technology sprawl, increases in costs and data silos. "CIOs see the whole enterprise as their remit and…they view their value through the lens of the overall product or service…and see projects merely as a stepping stone to strong value creation," IDG Connect reported of the strategic broker position the CIO now operates at.

Data though is crucial to the business and its value continues to rise. Therefore CIOs and CTOs need to be data led to ensure they avoid lock-in occurring and damaging the opportunities for the business to use the data effectively. CIOs from health, manufacturing and retail all said distributed data prevents lock-in risk.