smartspend™ bulletin

Avoiding Vendor Lock-In in the Cloud

Contrary to what some believe, vendor lock-in doesn’t go away as companies migrate to a cloud-first IT ecosystem. In fact, this threat may worsen as enterprises face a new set of vendor lock-in characteristics and indicators – and vendors seek ways to harden cloud revenues.

After decades of buying and deploying on-premise IT, most enterprises have grown adept at sniffing out vendors’ lock-in tactics. Proprietary interfaces at key integration points, customizations, license-right interdependencies and costly implementations are just a few ways that vendors have kept customers paying year after year – both willingly and unwillingly. The cost of change, in many cases, is simply not worth the headache that ensues.

In the early days of cloud computing, many believed it would minimize the risk of vendor lock-in. Easier buying, streamlined pricing and contracting, and the absence of traditional hardware/software implementations would weaken the hold that many vendors had on their customers.

But, as cloud computing has evolved (and the competitive pool has deepened), this couldn’t be further from the truth. Vendor lock-in hasn’t gone away. In some cases, it has different hallmarks in the cloud than in on-premise computing environments (e.g. different types of penalties and fees). In other instances, it looks very much the same.

Two good examples are implementation and training costs, which can still be significant in the cloud especially for core IT systems like ERP, finance/accounting and HR solutions. Others include cross-system integration, configuration complexity bordering on customization, and plain old process dependency – it’s tough to unseat a deeply ingrained application or infrastructure element, no matter where it’s running.

Some of the concerns and outcomes surrounding vendor lock-in in the cloud are particularly grave. Common “side effects” of this lock-in include greater risk exposure to data breach and cyber attacks, failure to meet SLA requirements, and having data locked-in to a single provider. Another concern is that vendors’ terms, conditions, product use rights and negotiation behaviors have become more unpredictable – as has vendor behavior as they continue to adapt revenue models to the relative variability of the cloud.

Vendor lock-in hasn’t gone away. Its hallmarks may be different in the cloud, but it’s every bit as present as it is in the on-premise environment.


Companies need to develop a culture around eliminating opportunity for vendor lock-in in the cloud (as well as on-premise). It must encompass all aspects of the buying process – from vendor evaluation and selection to contracting and negotiation to migration and ongoing utilization.

NPI suggests these best practices:

Maintain an open cloud architecture. Lack of standardization is one of the biggest concerns in the cloud. Proprietary interfaces, poor interoperability and even poorer portability make it difficult for companies to integrate their on-premise and cloud IT environments, and cross-cloud integration is the next chapter of that story. It also represents a tremendous opportunity for vendors to lock customers into their offerings. To sidestep this issue, companies should make cloud solution selections that plug into an “open” cloud architecture. Avoid proprietary interfaces and customizations/extensions in proprietary languages – as well as any other technical limitations that will prevent the customer from easily introducing competition into the cloud IT ecosystem.

Establish clear data ownership and migration policies. In an on-premise software environment, it’s pretty clear who owns the data (the customer). But things get murky in the cloud. Who owns data in transit and data at rest? It’s important for companies to immediately establish data ownership with their vendor. Companies should also determine (and set) clear data cleansing and migration policies, procedures and costs. These responsibilities and costs can be substantial and an unwelcome surprise if not addressed up front in the sourcing process. Many companies are taking the added step of archiving data in another vendor’s cloud storage offerings (e.g., SFDC data archived with Amazon S3).

Stay on top of changing service level agreements and terms. In the cloud, product use rights have been replaced by SLAs (terminology differs by vendor). These terms are subject to change at any time with little or no customer notification. Customers should proactively monitor service level agreements and terms to stay on top of changes, and get a clear understanding of how those changes will impact their business – including how changes will contribute to vendor lock-in.

Customers should also be cautious of the generic nature of most SLAs for cloud services (driven mainly by multi-tenancy) and the high cost to “add on” features that meet their unique requirements, like dedicated servers and increased security. Cloud vendors may be selling standardization, but they rely heavily on customers with non-standard requirements to drive additional revenue.

Keep competitive solutions close at hand – even if you’re not looking to switch. If your vendor of choice went away, which vendor would replace them? This is a critical question to ask for multiple reasons. Companies need to have a back-up vendor with similar capabilities at the ready in case their incumbent cannot adhere to agreed-upon service terms. In these situations, there’s rarely time for a lengthy vendor evaluation and selection process. Furthermore, this allows companies to stay abreast of competitive solutions and how their incumbent compares as it relates to price, features and performance.

Consider best-of-breed versus single vendor. When practical, consider a best-of-breed approach instead of buying a broad suite of offerings from a single provider. For example, if you choose Workday for human capital management, go with another vendor for learning management. More vendors in the cloud IT ecosystem means more competitive pricing and terms. Furthermore, it diffuses the risk associated with service outages, security threats, etc. A best-of-breed approach also helps to entrench other best practices such as open standards for interoperability and avoiding customization – to get the full benefit of cloud flexibility, don’t box yourself in.

Specify a transition assistance clause. Switching vendors is inevitable. To avoid a painful and costly experience, include a transition assistance clause in your cloud vendor agreement. At a minimum, require vendors to provide support to export data and provide interface documentation to facilitate data transfer.

Companies need to develop a culture around eliminating opportunity for vendor lock-in – whether in the cloud or on premise. Vendor tactics are evolving and diligence is required.


As companies move elements of their IT environment to the cloud, they have an opportunity to create a new landscape that’s optimized for cost, control, agility and flexibility. But this journey is still a relatively new one – not just for enterprise customers, but also for the vendors with whom they partner.

Revenue models for Microsoft, Oracle, SAP, IBM and many other vendors are still evolving, and that’s made it harder than ever for companies to navigate cloud migrations. And, while the newer generation of pure-play cloud solutions providers have been cloud from the get-go and don’t have the same challenges as the old guard, they are also figuring out their own enterprise-class business and subscription models – and changing them on the fly.

One fact remains constant – vendors want to grow revenues. Their sales teams are still compensated based on this metric. As such, vendors are highly motivated to make their offerings a necessary and seamless part of customers’ operations. That means making it difficult for customers to abandon their technologies in favor of the competition, maximizing stickiness and limiting their future flexibility. Some of the tactics may be new, but the mission remains the same.