OpenVPN Security Advisory: Dec 14, 2018
Action needed: Important update for OpenVPN Access Server

Switching Vendors and Preventing Lock-In

Recap from the June 25th, 2019 CISO/Security Vendor Relationship Podcast

by Lydia Pert

Cloud computing is more than just a temporary fad — according to Forrester Research, the public cloud services market will grow to $236 billion by the year 2020. Why? Because cloud computing provides numerous benefits to businesses of all sizes.

Cloud computing:

But at some point, you might find it necessary to switch from your current cloud provider. Perhaps the cost is no longer sustainable, they aren’t meeting your needs, they make a change that doesn’t work for your business, or the provider even goes out of business. There are a lot of different reasons — but are you actually prepared to make the switch? It’s probably not going to be as simple as you think.

In the CISO Podcast Cloud Security Tip, Steve Prentice discussed “splitting-up” with your provider: “It’s a difficult thing for most people to talk about in their personal lives, but it’s something that should always be considered when setting up a relationship with a cloud service provider. Not all business relationships last, and if your organization needs to move its data to another provider, it’s not like packing up your furniture and saying goodbye to your half of the dog.”

Changing Cloud Vendors

When it comes to changing cloud vendors, you need to understand what is involved in both obtaining and safely moving your data to a new location — and also ensuring that your data is completely and securely removed from the former company’s system. Steve Prentice explained that “this is not mere housekeeping. There are strict compliance and procedural issues, privacy issues, and of course the perpetual concerns regarding hacking and data breaches, all of which might continue to reverberate around the vestiges of improperly removed data.”

If you are dealing with large quantities of data, changing cloud service providers can be very challenging. Providers do what they can to entice you to do business with them — but they aren’t going to make it easy to leave. It’s up to you to make sure you are entering into an agreement that will work for you long term. Otherwise, it could lead to lock-in: when you are dependent (locked-in) on a single cloud provider with no easy way to switch. But fortunately, there are precautions you can take to prevent lock-in, and make the transition easier.

Avoiding Cloud Vendor Lock-In

The best way to avoid cloud lock-in is to do your due diligence, and know who you are working with before signing on the dotted line. Make sure that any cloud vendor you do business with can provide you with everything you need to continue operating smoothly and reliably. Also, be sure to limit your dependence on the provider’s infrastructure. Make sure you only consider vendors that support a wide variety of platforms (such as databases, development tools, and network management protocols) as well as an open-source standard.

For the sake of your business, you need to think ahead to the future: how does this provider plan to grow as a business? What type of scalability do they offer? What are their policies regarding other client co-locating in the space? These are all things to think about when entering into an agreement with a cloud service provider.

Wrapping it Up

Changing cloud vendors is no small feat, and you need to be aware of how complex it can be to switch. Consider all of the different factors as soon as you start hunting for a new vendor. Make sure you know what you are agreeing to before you sign anything — and make sure you have an escape plan (a “pre-nup”) in case things start to go south.

changing cloud providers security tip

Share