Lock-in: Let Me Count the Ways
1. Single-Source lock-inThis is the most traditional sense of lock-in where the installation, configuration, and development with proprietary software require significant up-front investments. Some vendors won't allow the integration of certain third-party software, and to move away from the vendor's software would have a high cost. Open source helps to fight this kind of lock in. You should ask these questions when looking at a vendor's solution:
- Do the license terms avoid restrictions and allow multiple vendors?
- Are the same license terms available on associated dependent products or enterprise versions?
- Do the license terms allow you to resell your solution at some point?
2. Single-Service provider lock-inWith the advent of SaaS, PaaS, and IaaS, much of the software installed on your organization's infrastructure is being outsourced to service providers. However, companies can soon become locked-in to one way of using that service. For example, they might limit your infrastructure providers and your ability to migrate. Here are some things to ask about your service provider:
- Is the cloud service interchangeably available from multiple providers?
- Is the cloud service deployable on a public cloud infrastructure?
- Is the cloud service deployable on an internal private cloud infrastructure?
- Can the service be deployed across multiple cloud types (i.e. hybrid clouds)?
- Has the service provider offered firm commitments about openness and support for migration?
3. Data lock-inThis lock-in is especially bad for enterprises that base much of their value on the data they've accumulated and leveraged. All of that data could be lost if a repository service won't let you migrate certain data formats into or out of their store. Enterprises also need to be able to use data processing and analytics software on their data while it's in the repository, and there can be limitations as far as which tools the provider will let them use. You should ask:
- Is enterprise data, and metadata, completely exposed?
- Are the APIs for accessing enterprise data complete and usable?
- Do the APIs for accessing enterprise data conform to open standards?
- Does the API support bulk data export?
- Does the API support bulk data import?
- Does the API support incremental export for mirroring a backup to a location of your choice?
- Is exported data available in open standard data formats?
- Are there automated tools for backup or migration of key enterprise data?
4. Programming model lock-inOne of the best ways for a platform to lock you in is to dictate their own development models and tooling so that the investment to use it is high enough that you won't want to migrate away. Any versatility provided by the wide world of open software is erased in this case. These question's are important to ask:
- Are the programming models based on open standards?
- Are there a variety of tools—IDEs, analytics, management, etc.—available for the platform?
- Do multiple vendors provide tools that encompass the platform?
- Is there a sufficient global talent pool familiar with or capable on the platform?
5. Infrastructure dependencySometimes a vendor's solution will become tightly embedded between the layers of your software stack, producing a strong dependency on their solutions. The preferable solution will have loose coupling between its layers in the software stack so that you can easily add or remove solutions. Here are the questions you should think about:
- Is the platform independent of the operating system?
- Can the platform run on virtual machine infrastructures provided by multiple vendors?
- For platform-as-a-service (PaaS), is the platform free from dependencies upon a particular cloud infrastructure?
- Are any infrastructure services provided by the platform (e.g. storage, identity, user management) also free from lock-in? Use this checklist recursively on those services.
New open source projects like OpenStack and WSO2's Stratos platform are fighting cloud vendor lock-in by providing platforms that let you move across multiple vendors or create your own cloud stack without impeding your custom enhancements. Learn more about Cloud Implementation and avoiding lock-in at WSO2.