The Government Digital Service (GDS) technology policy team has produced some guidance on public sector organisations on dealing with lock-in to cloud services.
James O’Neill, senior technology adviser at GDS, said it is part of a wider piece of work in helping them choose appropriate cloud services, and that it has been identified as one of the most immediate user needs in dealing with cloud providers.
“Lots of organisations we spoke to had different providers or used different services, but most of the time they had struggled to balance lock-in or fully understand the consequences of their provider decisions,” he said in a blogpost.
“A lot of organisations are used to the risks and benefits of lock-in through commercial contracts, but we think cloud is different because a lot of the lock-in comes from the technical decisions you make.”
The guidance includes a focus on the different types of lock-in, monitoring a cloud portfolio, understanding an managing a technical lock-in, and balancing risk and opportunity in the cloud.
The latter can involve the use of a graph that compares value and portability, making it easier to see how much of a lock-in risk is acceptable. The guide says an organisation should aim to maximise both where possible, but that good value for money could justify a lower degree of portability.
It also says that at a strategic level, an organisation should set expectations for how delivery teams evaluate different hosting options and where they should prioritise value over portability.
O’Neill said: “It’s critical for government organisations to consider lock-in whenever they build or architect anything in the cloud. There’s nothing necessarily wrong with being locked-in, but it might change the decisions they have to make in future.
For example, if you use a cloud service that is only available from one provider, you might have to rebuild your entire application if you later decide to switch provider. Or, you might find that locking-in to a specific technology like serverless can take away some of the worries you might have about configuring lots of security settings.”
The guidance also advocates building teams to manage cloud providers, as a common cause of technical lock-in is the limited availability of skills and knowledge.
O’Neill added that the team is planning to add more to the current guidance on how to choose a cloud hosting strategy, and that it is looking for feedback on its advice.