Former divisional CTO at Worldpay and IT veteran David Walker fears enterprise CIOs are not getting business value from their IT providers—and that cloud lock-in risk means we're getting a re-run of the inflexible enterprise IT market we thought we’d left behind. Does he have a point? Read on -- and let us know your thoughts.
"A change, it had to come
We knew it all along
We were liberated from the fold, that's all
And the world looks just the same"
Younger readers may not know the track, but in 1971 Pete Townshend poured his disillusionment on the betrayal of the ideals of the 1960s (as he saw it) into a terrific howl of protest, ‘Won’t Get Fooled Again.’
What ‘The Who’ tells us is that too often a revolution ends up reproducing the inequities it wanted to remove. ‘The parting on the left/is now parting on the right,’ and sadly, the new boss is just as bad as the old one.
That song plays in my mind more and more as I look at where the cloud market has ended up.
I see tech vendors using customer naiveté and a lack of deep architecture knowledge in the internal IT team’s office to, very worryingly, reproduce 1980s and 90s style enterprise software contract lock-in and price gouging.
The subtle IaaS to PaaS reframe
The main culprits are the big ‘CSPs’—the Cloud Service Providers. Amazon with AWS, Microsoft with Azure, Google with GCP, and now contenders like Oracle and Huawei.
Their primary mission is to keep cross-selling you functionality and services well beyond the bare metal of basic cloud delivery and virtual machine cloud IaaS (Infrastructure-as-a-Service).
The main viral vector for this is ‘PaaS’—the idea that what users want is more than the bare metal/lowest common denominator version of cloud, but the full package of everything a CIO’s heart could desire. You can get more than 200 services from AWS alone, from storage to analytics, and IoT to security; it’s a similar story from Microsoft, Oracle Cloud, etc.
For some organisations—this is fine. There’s business sense in having, as we used to say, ‘one throat to choke.’ If you trust your CSP partner, then why not source everything you need from them and keep it neat and tidy in one place?
We used to say something similar back in the day—when we winked at each other and said, “no-one ever got sacked for buying IBM” (or Microsoft or Oracle, to be fair). I even remember a tortuous gag about it being a good thing London Buses weren’t blue, as some IT Managers might have bought a couple for luck.
But, having just one takeaway in town means you don’t have much choice on a Friday night. Eventually, the market rebelled against the dominance of Big Blue and the others, via solutions like Unix and then open source, and yes—cloud.
Customers need choice; and a market benefits from balance. In IT, too many people resented ‘lock-in.’ The things organised around you by your vendor meant it was just too hard to unstitch yourself from all this IT complexity, so you were stuck forever paying endlessly-rising licence and ‘support’ fees.
An analogy that you might find useful here is that there are two types of enterprise IT software team orientations: do we hunt for our revenue, or do we farm for it? After all, if you are a farmer, you make fences, because you don't want your livestock wandering off; so once you’re in the IT supplier’s farm, they’re not going to let you out again easily.
Cloud lock-in risk: Open standards claims don't mitigate it...
Cloud was supposed to end all this. And in many ways, it has --but PaaS just started to trap us all over again. As Gartner also (very sensibly) tells us, relying on one CSP for all your needs doesn't make sense (“Most organisations adopt a multicloud strategy out of a desire to avoid vendor lock-in or to take advantage of best-of-breed solutions'').
You might say, “fair enough: but if I use open source and standards-based solutions, I can mitigate a lot of those lock-in risks.”
The problem is that not all ‘standard claims’ are equal. In my area, cloud databases, I can tell you for certain that if your CSP tells you its preferred and proprietary cloud database is ‘of course’ 100% compatible with Postgres (the emerging standard for distributed SQL), it’s telling you porkies.
Or shall we say, more diplomatically: it is rather exaggerating what it means by ‘Postgres’ and ‘compatible’. Basically - “it’s pointless looking into other databases, Mr Customer; and by the way, do you know you can get 32 other amazing things off me as standard if you just sign on the dotted line?”
See also: Major EC2 permissions configuration change draws cheers, confusion, slight concern
I’ve seen the wisdom of using cloud-neutral platform components for ease of switching via the story of Jane -- a CIO I recently met at a conference.
Jane started a great new role with an organisation that had a contract with one of the big CSPs. They had a much worse deal than the similar arrangement she’d had at her previous employer. She pointed this out to her PaaS salesperson, who told her the contract had two years left to run, so there was nothing he could do. No matter how far up the vendor hierarchy she tried to climb to change things, nothing could be done as it was all somehow fixed in stone. So, in the end, she used distributed, standard SQL (in the form of a technology close to my heart) to start porting to this company’s major rival.
Later, she heard the salesperson had been fired and their replacement was far more willing to negotiate—but she wasn’t. For me, the point of the story is that if Jane hadn’t seen a much less restrictive scenario in her previous role, she wouldn’t have known what was possible and how bad her deal was. In fact, she’d probably have just shrugged and accepted this inferior way of working.
In the light of such experiences, I am going to suggest that as a CIO, you take a long, hard look at your situation. Have you sleep-walked into a 1980s IBM-style dependent position?
If so, maybe you can live with it. But, if this isn't the right way for you to progress, maybe now is the time to re-evaluate your standards and examine whether there's a way for you to re-align to your original cloud vision.
To do that, look at the APIs you're depending on: are they stable? Are they open? Are they supported by multiple vendors? When your supplier says it complies, does it really? That's the question people should ask themselves. In other words: be more Jane today.
As we start 2023, cloud is not a prison. But is it different enough from what you had before to be worth the time and effort? It’s in your hands to make cloud work.
Or do you need to get on your knees - and pray you don't get fooled again?