Today we talk about dreaded cloud lock-ins. While the fears of cloud lock-in have largely subsided, there are still vendors peddling it as a major concern for businesses.

To understand what lock-in even means, lets check dictionary first:

lock-in: an arrangement according to which a person or company is obliged to deal only with a specific company.

Ok, so this is an arrangement. And arrangements last; people avoid changes. So do companies which prefer to stick with what works. No reason exists for changes when a supplier or counterparty satisfies all requirements.

Over the years, a ridiculous list of anti-lock-in requirements formed for public cloud vendors. And by vendors, it is a specific dominant vendor because moving to the cloud currently means one-way street to AWS. The list goes like this:

• It should be easy to switch from AWS
• Migrations to/from AWS should be cheap
• AWS should not use proprietary platforms
• AWS should license services for third-party resellers

Nobody believes any of this, of course. If they did - they would send money to build the anti-locked-in cloud and services.

Remember how Google announced a universal cloud library years back? It promised to have abstracted classes - Storage, Computer, etc for every major cloud vendor. And the idea was that the developers create resources and then swap quickly underlying cloud because cloud-specific API would be abstracted.

Whoever adopted that library probably ended up in tears, completely rewriting everything using native cloud SDKs.

Google ended up supporting the basic API of S3 on their cloud storage service; that’s about it for the compatibility.

Back to the arrangement of lock-ins. Even though it is a noun, the dictionary defines it as “the action, the process, or result of arranging or being arranged”. See, the lock-in is not a state - it’s a process. And companies are pretty good at changing or adapting processes.

Ok, I hear you asking: show me an actual case where the company considers lock-in a good option?

Glad you asked, there are growing number of examples out there (promise not to talk about Netflix lock-in because nobody cares anymore what Netflix is doing in the cloud, and nobody can repeat it anyways - although people keep trying hard. It’s called Netflix Toolbox Real Lock-in. We’ll talk someday about it).

Here is an actual case. A university wants to use AWS exclusively, bypass all resellers, and go all-in public cloud, locking themselves entirely in. Because they are not a private company, purchasing department had to publish the “Sole Source Justification Form” and conduct a public hearing. Here's what they have to say about lock-in and using public cloud.

First, they clearly explain why they need a public cloud (and not many companies can do it easily without resorting to the digital transformation white noise). 

“Current faculty and students frequenting the Universities expect to be able to readily utilize modern Internet and cloud technologies as a part of their education and research endeavors.” - re-read it; this is a great mission statement for anybody looking to build a business case for cloud adoption.

Then they gave the list of reasons for lock-in into AWS:

• We need the best cloud services to achieve our objectives, and AWS is the leader
• Long-term contracts offer substantial discounts (in double digits)
• Purchasing directly from AWS gives the best selection, don’t want resellers involved
• Many grants are awarded the assumption AWS will be available

They also gave more detailed explanations why using AWS, and some of the responses are truly amazing! A few years ago, it would have been the standard boilerplate text about the hybrid cloud - at best. And here we are, when the purchasing department of Univercity explains why AWS Organization solves its problems at scale. And why direct access to API is better than any vendor’s cloud-management tooling.

I also ponder how they use Mechanical Turk (university wide agreement regarding Amazon Mechanical Turk)

Anyways, here it is - the form question and the answer.

Provide detail explaining the justification ... to explain why the requested supplies or services are the only ones available that can satisfy the agency or university requirements?
⁠
⁠The AWS Educate program, Mechanical Turk and the research credit programs as provided by AWS are unique offerings not provided by resellers. In addition, having a direct relationship with AWS ensures that IPHEC will be able to use all AWS tools now and into the future. This direct relationship with AWS will also provide IPHEC access to the financial Application Programming Interface (API) AWS provides, without having to go through subsidiary tools that built and maintained by resellers which may provide delays and due to the nature of the data, warrants itself to additional errors that requires more overhead costs and time loss.

What are the unique features of the supplies or services that are not available in any other product or by any other vendor? Provide specific quantifiable factors/qualifications:
⁠
⁠AWS uniquely bundles their offering and services in a way that no other vendor can provide. Although the bundle is unique and provides a unique direct relationship, as the owner or "manufacturer" of the offering and services they are the only provider that can provide their products and services in it's pure form.

Additionally, there are two key functions that are not available through other vendors, regardless of their application or form. These services are the Application Programming Interface (API) and AWS Organizations.

API is the billing application programming interface (API). AWS makes available a programmatic interface that provides access to their billing data. This is the preferred way to access billing data; it is easily accessible to scripts and applications, and it provides powerful built-in capabilities to query and filter billing data. If members had access to this API, members could easily inform customers and business officers:
⁠
⁠• Which resources are driving cost, the projects/services they support, and who created them.
⁠• Unexpected changes in daily spending.
⁠• Account compromise and unauthorized activity.
⁠
⁠Members cannot do fine grained queries directly without access to the billing API. Agreements between AWS and resellers prohibit exposing that API to downstream customers like the Universities. This creates a barrier that prevents members from effectively establishing tools that can provide real time financial alerting and controls to the degree that the campus business officers have requested.
⁠
⁠Second, is the AWS Organizations tool, Amazon’s solution for large-scale account management. IPHEC members operate well over 200 AWS accounts, and we have repeatedly run into scaling problems solved by the AWS Organizations tool. Among the most valuable features:
⁠
⁠• Organizations would allow us to create and enforce security policies that cannot be disabled within an account, enhancing our security capabilities and regulatory compliance.
⁠• Organizations would allow us to automate the creation of new accounts, which is currently a time-consuming manual operation.
⁠• Organizations enhances and consolidates AWS billing APIs. We could give administrators and business managers a single view of all spending across their department’s AWS accounts.

This is an ultimate testament to the benefits of the arrangements!

I hear you’re asking, “what about the managing riks?” Shouldn’t the university apply some risk management here? Well, they did. And not how the adepts of anti-lock-in think. The form asks what happens if the sole source is not approved.

You’d better know the possible answers if you’re a seasonal cloud practitioner. The answer was:
⁠

the university will lose invaluable unique features available to them and the costs will be significantly increased

In other words,  the lock-in ultimately provides unique features and low cost.

And that window of opportunity is small.

Right at the left upper corner of the “Cost of Useful Unit” graph. Overspend on arrangements - and it will be a useful yet very costly cloud. Preparing to escape lock-in will inevitably bring extra costs with nothing to show for it.