The Cloud is the Ultimate Vendor Lock-in


Let’s think this one through: you committed to the Microsoft stack. Everybody in the office uses Office 365 for their email, word processing, presentations, document storage and collaboration. The sales and operations departments use Dynamics 365 and your custom applications are developed with VisualStudio, using SQL as a database. Everything is hosted in Azure of course.

Even if Microsoft would increase their license prices with 50%, what choice do you have but to stay and pay up?

Unmanaged, cloud-based ecosystems draw companies into the ultimate vendor lock-in.


Inviting open door: the ecosystem 

A business ecosystem is a network of seamlessly interconnected functionalities, connecting customers, suppliers (e.g. content creators, app developers), distributors and even competitors. Key enablers of ecosystems include powerful end mobile devices, cheap broadband connections, and cheap storage and processing power. These and other technologies allow companies including Apple, Google, Salesforce, Facebook, Microsoft and Box to provide an ever growing portfolio of closely integrated value propositions.

Apple and Google are the most dominant players in the B2C space. Their ecosystems provide a frictionless environment to communicate, consume media (e.g. music, movies, books), play games and, via apps, do productive work. Other consumer oriented  ecosystems focus on information access (e.g. comparing product prices) or exchanging goods, money and labor (‘crowd sourcing’). Hence, ecosystems are a source of convenience and choice. You get what you want, when you want it. No fuzz.

Ecosystems targeting B2B markets offer different, but equally enticing benefits, including:

  • Create value propositions that are beyond an individual company. The wings of the Boeing 787 are made in Japan, its center fuselage in Italy, the cargo doors in Sweden, the landing gear in France and the wing tips in South Korea. All parts travel to one of Boeing’s factories in Washington or South Carolina, where they are assembled into planes.
  • Higher return on investment. Sustainable success requires companies to focus on those capabilities and competencies it excels in. According to C. K. Prahalad and Gary Hamel, a core competency is “a harmonized combination of multiple resources and skills that distinguish a firm in the marketplace”. Large, vertically integrated conglomerates are unable to achieve the effectiveness and efficiency required to compete effectively in today’s dynamic and highly complex markets. When part of an ecosystem, individual companies can focus on those skills and knowledge that deliver the most value to the customer or downstream business partner.
  • Reduced transaction costs. When the leading company within the ecosystem shares the necessary processes, standards and tools, both information and financial transactions flow through the network without any friction.
  • For ‘junior’ network partners: an ecosystem provides access to the customer base of the leading company and ability to leverage on its technology capabilities (e.g. cloud platform, API’s, tools, standards).

However, there is no upside without a downside. After years of investing in the closed garden of Apple, just imagine the hassle to move your digital life to the Android ecosystem (or vice versa). There is no iMessage app in the Google Play Store and the games, music and apps you paid for on your iPhone cannot be transferred to Android (unless you already used 3rd party apps on iOS). You have to buy the content again. If it is available that is.

When you want to leave, you find out that the owner of the ecosystem has total control and that convenience has a price: a barrier to enter a competing ecosystem.

The same applies to participants of a B2B ecosystem. Depending on the ecosystem and the companies’ dependence, the financial impact can vary from inconvenient to bankruptcy. But before covering that topic, first some words on the Trojan Horse of modern ecosystems: the cloud-based platform.

In short,

  • Ecosystems can be a source of considerable additional company value
  • Ecosystems can be a source of strategic risk


The door lock: the cloud

The engine underpinning all modern eco-systems is the cloud: “a model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources (e.g., computer networks, servers, storage, applications and services”. On paper, the key benefits of the cloud include flexibility (e.g. Google’s load balancers can scale to 1 million+ users instantly), pay-per-use, service-orientation (e.g. no worrying about underlying infrastructure or updates) and data security (e.g. multiple networked backups).

These benefits are reflected by the market size. According to Gartner, the public cloud services market will grow 18% in 2017 to $246.8 billion. By 2020, the number is expected to reach 383.3 billion.

A key characteristic of the cloud is the use of centralized servers to do the ‘heavy lifting’. Siri (Apple), Cortana (Microsoft) and Google Now (Google) sends our question or command to one of its data centers for processing. It minimizes the workload of our mobile device and allows for more complex interactions. Sony uses a similar mechanism to stream PS3 games to the owners of PS4 game consoles. Google’s Marketplace and’s AppExchange provide app developers all the resources they need to build, test, deploy, integrate, promote and service their apps. All the developer needs is a broadband internet connection and a moderately spec’d laptop or desktop. In 2016 alone, IBM received 2,700+ patents to cognitive and cloud computing, reflecting the clouds strategic importance to International Business Machines.

As a result, our data and an increasingly large amount of the business logic reside in an anonymous data center located somewhere on this world. On paper, you own the data and company-specific business logic, but the reality is more complex and expensive. For starters, the cloud enjoys both strong economies-of-scale and positive network effects. Similar to Facebook’s domination in social media and Google in search, eventually the majority of the public cloud market will serviced by two or three behemoths.

And at that time it is time to cash in.

Remember Facebook’s promise “no ads, no games and no gimmicks” when acquiring WhatsApp for $19bn in 2014? Fast forward to August 2016 and the BBC published an article with the title “WhatsApp users to receive adverts.” Facebooks knows that the hassle associated with rebuilding your social network with another messaging app supersedes the updated privacy policy that paved the way for businesses to send messages to WhatsApp users.

Amazon has trucks that can transport up to one hundred petabytes of data in a single trip from your data center to its AWS, where the data is uploaded to Amazon Glacier or Amazon S3. There is no mentioning of trucks driving from AWS to another location nor the practical impossibility to move one hundredth petabytes of data via conventional 10Gbit landlines from AWS to a competing cloud vendor. That would take a full two years. The moment your hundredth petabytes arrive at AWS, you will for the foreseeable future be a customer of Amazon.

In short,

  • The cloud is a performance multiplier of end user devices
  • The cloud is like an addiction. It looks o so convenient and cheap, but it will be very difficult to kick the habit when the dealer decides to change the rules of the game.


From the cloud as an inconvenience

The cloud is not a single value proposition, but a layered portfolio. The first layer consists of provisioning basic infrastructure services (Infrastructure as a Service), followed by additional software and service layers to provide increasingly complex value propositions (e.g. Platform as a Service (PaaS), Software as a Service (SaaS) and Business Process as a Service (BPaaS)). Regardless of the layer, all cloud-based value propositions have the following attention points.

  • Single point of failure. For Azure availability levels max out at 99,9% for single virtual machines while Amazon S3 uses a service credit mechanism to compensate for availability below 100%. These number are impressive enough for all but the most demanding applications. Consequently, many companies moved their entire infrastructure to the cloud. However, while the internet itself is designed to reroute around damage, the cloud is not. Due to a scripting error by an Amazon engineer, SoundCloud and Imgur were offline for more than three hours in February 2017 while Pinterest, Airbnb, Netflix, Slack and Spotify experienced slowdowns. According to Dave Bartoletti, a cloud analyst with Forrester, the outage took 148,213 sites down, including three to four trillion pieces of data. When a large Amazon S3, Google, IBM or Azure site goes down, the impact is immense.
  • Power imbalance. The business model of the cloud is firmly based on standardization. It is the only way Amazon, Microsoft, Google and others can achieve the required economies of scale and number of customers required to become profitable. In 2015, more than five million organizations were represented in Azure Active Directory and in 2016 Microsoft reported more than 120k new Azure customer subscriptions per month (note: the latter likely includes Office 365 subscriptions). The only way to manage these volumes is through strictly enforced standardized agreements, release frequencies, feature roadmap, API’s et cetera. They are non-negotiable and as a customer, you either take it or leave it. It is this level of control and the accompanying power shift that drives the frenzied investments in cloud solutions (e.g. $30 billion by Google). Other signs include the lackluster support of on-premise versions of software and unfavorable changes in license policies. Take Microsoft SharePoint for example. When introducing SharePoint 2013, SharePoint Server licensing cost increased by 40% while all new shiny features are first added to the cloud version, treating on-premise users as second class citizens.
  • Hidden costs. This article covers the story of a web startup that ran hundredths of instances on AWS, depending solely on its cloud-based webservers, micro-services, BI tools, git, monitoring and wiki. The author points out that a dependable base instance could only be achieved by adding service options including provisioned IOPS for databases, local SSD, Premium Support and dedicated instances. Even more interesting considering the topic of this blog is the following quote: “Unfortunately, our infrastructure on AWS is working and migrating is a serious undertaking.” They had no choice but to throw more money at Amazon. More in general, there are several sources of direct hidden cost including: over-provisioning; under-provisioning (e.g. the web startup); spin it up, then forget it; storage choices; free (with strings attached); appliance charges, and last but not least: free to enter, pay to leave. In addition to these direct hidden costs, companies should also take into account indirect cost including integration issues (e.g. data management with multiple SaaS vendors), rogue cloud implementations (e.g. business engaging Amazon for IaaS while IT signed contract with Google), ensuring regulatory compliance, and updating custom applications due to forced updates of the underpinning IaaS of PaaS platform by the vendor. At Microsoft, the Azure team is used to release minor updates every two to three days and major releases every two to three weeks (I). Some (e.g. changes in APIs) require the business application to be patches despite the fact that it does not add any business value.
  • Data security. Adobe’s security breach in 2016 exposed 38 million user accounts, allowing the attackers to access Adobe IDs, encrypted customer credit card records and login data access. Besides the sinister work of black hat hackers, there is also the government to consider. Microsoft, Google, Apple and Yahoo all said they did not cooperate with the NSA to share sensitive data. However, secret files leaked by Edward Snowden and others paint a very different picture. Microsoft shared with the NSA, which in turn shared with CIA and FBI. Yahoo scanned all incoming emails for American Intelligence Services while Google and the NSA got close after Chinese hackers breached its network. Combine this with the following quote from former CIA Director Stansfield Turner in 1991, “as we increase emphasis on securing economic intelligence, . . . we will have to spy on the more developed countries—our allies and friends with whom we compete economically.”, and it becomes clear why companies with sensitive IP should be weary of the cloud.  The American government will take a peek if European aircraft manufacturer Airbus would store any data in the cloud of an American company. Or get its hands on Airbus’s blueprints via a different route.
  • Customer support. Unless you are a Fortune 500 companyyou are a number. Getting a person on the line often requires signing up for a premium support contract, adding to the cost. Out-of-the-box, all interaction goes through a website and email. As mentioned, the cloud is based on economies of scale, not customer intimacy. Whether this is an issue depends on the business context the application operates in. You don’t want to be treated as a number when your core banking system is down.

For many use cases, the cloud offers a great value proposition and will continue to do so until the next disruptive wave roles on shore. However, it is not a silver bullet. Despite the tantalizing pitch of all those sales people and marketing flyers, there are several caveats, especially when you want to aggressively scale up or exit. At that point, you find out that the actual costs can be considerably higher than initially thought. For some companies this is merely inconvenient, but for others more is at stake.

In short,

  • The cloud shifts the power balance from the customer to the vendor.
  • Both the short term and long term Total cost of Ownership of cloud computing are elusive.

To bankrupted by the cloud

Knight Capital lost 440 million in forty five minutes after its cloud-based automatic stock-trading software bought several billions of unwanted stock. The error wiped 75 percent of Knight Capital’s equity value and they had to sell their business to GETCO at a fraction of the original market value. Code Space is a former SaaS provider that failed within six months after it got hacked via its AWS control panel. According to SC Magazine, “the hackers erased data, backups, offsite backups, and machine configurations before attempting to extort the business by claiming a “large fee” would resolve their issues.” Imagine your companies’ business model depended on Code Space… Code Space, 37signals, Zendesk, LucidEra, BlinkLogic and Freshbooks are a few names on a long list of cloud vendors that did not make it.

Especially for smaller companies, this single point of failure is a strategic risk as they don’t have the means to adopt a multi-cloud-vendor strategy.

But even for large corporations there is reason for concern. In 2016, Canalys founder Steve Brazier warned the audience of the companies’ Channel Forums in Barcelona that the largest cloud providers may become too big to fail. What if Azure, AWS or Google would not make it due to the fierce competition and fail? Quoting Brazier: “If one of these companies goes down, hundreds of thousands of other companies go down too.” At that point, the client companies are stuck between a rock and a hard place as neither retained the skills to setup and run an on-premise infrastructure nor perform a migration to another cloud vendor. Assuming the data of the client company remains accessible of the cloud provider failed that is. When Cloud storage firm Nirvanix failed, customers were given two weeks to move their data out of its data centers. With companies soon sitting on Petabytes of data, two weeks allows you to safe maybe five percent. Can your company survive without the other 95 percent?

In short,

  • Companies moving their infrastructure, applications and data into the cloud enter an one-way street.

The cloud enabled a whole new generation of business models, transforming both established business and IT operating models. However, like with everything in life, there is no such thing as a free lunch.


Notes and references

(I) Guthrie, s., Simms, M., Dykstra, T., Anderson, R., Wasson, M., Building Cloud Apps with Microsoft Azure: Best Practices for DevOps, Data Storage, High Availability, and More (Developer Reference), 2014. Page 20.

Additional reading

You can read more on the benefits of online platforms here (Oxera paper for Google titled Benefits of Online Platforms), here (HBR article Three Elements of a Successful Platform) and here (HBR article Pipelines, Platforms and the New Rules of Strategy). A more academic paper from Cambridge on platforms can be found here.

An interesting article from The Wall Street Journal on the ways the cloud changed our lives can be reached via this link.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.