Locked into the cloud?

· by Steve · Read in about 6 min · (1175 Words)

There was an interesting article last week on the Guardian site where Richard Stallman took a pop at the rising use of ‘cloud computing’ - where computing resources and applications are delivered on demand to your devices via the magic of the interweb.

Now, I don’t find myself particularly aligned with Mr Stallman a lot of the time, but he definitely has a very good point in this instance; although I do think the argument was too highly generalised (which probably came from the journalist rather than Stallman).

The key point is that relying on web-based services to perform your critical business or personal tasks is potentially just another source of vendor lock-in; right now as an emerging market these services are very attractively priced, highly competitive and making all the right noises when it comes to interoperability, but markets have a tendency to mature, change and consolidate over time, and if you set yourself up to be entirely reliant on a vendor, it doesn’t matter whether they’re an incumbent 20+ year old operating system vendor, or a more sexy, popularist online service provider, the dynamics are the same when the market consolidates and large, dominant players emerge. If you’re so dependent on a vendor that to switch is painful, they have you by the short and curlies and have a significant amount of scope to overcharge you, put upselling pressure on you, change the rules under your feet, and all the old tricks proprietary vendors have been using for decades.

There is definitely a valid argument here. Over the years I’ve consistently seen that the most important thing when it comes to IT strategy is control. Short-term costs, simplicity, immediacy, training costs etc are all important factors, but over the medium to long term they all pale in comparison to the importance of retaining as much control over your IT investments as possible. You’re going to have to retrain staff regularly anyway, the only constant is change so deluding yourself that you’re buying a ‘stable’ platform from a vendor is usually nonsense, opportunity costs related to restricted products are a factor - all these things mean ceding as little control over your own usage of software to your vendors as possible, because if they’re the ones in the driving seat, you’re in trouble. This is central to my attraction to open source; the fact that a lot of it is free (as in beer) is in the round the least important factor (although in the short term, it certainly sweetens the deal) - the most important thing is that you’re in control of the end result; you can innovate & invest on top of it and not be so concerned about a vendor yanking the rug out from under you, because you always have the capability to switch support vendors or go your own way if absolutely necessary. It’s also why even with my commercial products, I provide source code and the ability to create derived versions, because I recognise that giving a customer control over their own destiny is important.

However, saying that cloud computing is universally a new source of lock-in evil is an overgeneralisation. Yes, when you use applications in the cloud (the SaaS model), if those applications are not available from anyone else then you’re setting yourself up for another lock-in scenario, just on the web. Something like GMail isn’t necessarily so bad, because mail is standard enough that it can be pulled out and transferred to something else if you want (assuming Google don’t start making that difficult, which is always an option); but complex applications provisioned via the web can certainly be a problem if that capability cannot be easily replicated elsewhere.

As a counter example though, take Amazon EC2 (Elastic Compute Cloud). This differs in that it simply provides computing capability, not applications. So I can create a server image, running Linux and all my favourite open source server applications (which themselves allow me as much control as I wish), and turn it into a virtual instance which I can then run on Amazon’s cloud, which is convenient and scalable for me. Everything I’m running is still under my control, it’s just standard computing capability that I’m renting from Amazon because I don’t want to maintain a datacentre of my own. This aspect of the cloud is therefore entirely different; I’m not locked in at all - if I wanted I could transfer my server configurations somewhere else and they’d operate in exactly the same way. This is a kind of ‘good’ cloud computing, contrasted to the ‘potentially evil’ cloud computing of relying on cloud hosted but firmly shuttered applications. Sure, it requires more up-front investment by me too, but that’s paid back in spades due over the medium to long term, and as we’ve seen from the credit crunch, short term thinking has a tendency to eventually implode on itself.

Tim O’Reilly talked about this a little last year too, and I think this quote sums it up:

Outsized profits come from lock-in of one kind or another. Yes, there are companies that have no lock-in that gain outsized profits merely by means of scale, but they are few and far between. So the question I’ve been asking from the beginning of my thinking and advocacy about open source is this one: Where are the new sources of lock-in, once we’ve taken away the old ones based on proprietary APIs, binary software, and control over distribution channels? As those who’ve read my What is Web 2.0? piece or have heard my talks on the subject know, I believe that one of the new sources of lock-in is through large databases created via network effects, such that it’s hard for a new entrant to match the services of the incumbent, since the value of those services is proportional to the size of the existing network. This is not an unbreakable source of lock-in, but it is not the second coming of the Summer of Love either.

The moral is to always be wary of vendor lock-in, in any form. It may look harmless now, but as we have seen in recent weeks all industries and markets have ebbs and flows, and by being complacent in the good times you leave yourself entirely open to exploitation when things are less rosy. Vigilance and a long-term strategy of retaining as much control as possible will pay off in the end; don’t believe the glossy vendor fliers that say giving up that control is easy, fun, and free from any possible consequences. In most cases, retaining control of your own destiny is not that difficult, it just requires a slightly greater awareness of the business at large, a little extra effort which is easily justified in the medium term, and crucially, not getting sucked into the belief that any vendor is your friend. Keep that in mind and strategic decisions of this nature are much easier to make consistently, regardless of the trends that blow through from time to time.