A11. Develop a platform Exit Strategy
When making the decision to run a workload on a cloud platform, and in particular, the cloud platform currently preferred by DoIT, service owners must always keep in mind that circumstances could change, and individual workloads, components thereof, or indeed, the entire set of workloads run on that platform might need to be moved somewhere else. Vendor lock-in is a risk inherent to all service models - SaaS, PaaS, and IaaS - and this recommendation is an acknowledgment that this risk exists and needs to be mitigated.
However, the risk of vendor lock-in must be balanced against the benefits of leveraging managed platform services to simplify architectures, reduce costs, and reduce the amount of maintenance effort over the application’s lifecycle in dealing with supporting services lower down in the stack that do not directly add value for us to run ourselves. We are not recommending that service owners preserve the ability to trivially move off of a provider at a moment’s notice; this would require keeping the value-adding services of that provider, which may have no counterpart on other platforms, at arm’s length. Enterprise data stored, manipulated and created by public cloud hosted workloads, as well as the declarative definitions of infrastructure, are of far greater value than the cloud resources instantiated on the platform itself. While lock-in risks are different in character and degree across SaaS, PaaS and IaaS, at a high level, we recommend that service owners:
- Ensure that they retain control of and access to all application data
- Can always export data back out of any public cloud provider
- Maintain a full enumeration and ideally, IAC definition of infrastructure resources (to include configuration for fully managed services) in a given cloud provider
- As described elsewhere in this document, attempt to limit the extent to which explicit platform-specific coupling is distributed throughout an application (use configuration files to consolidate such references where feasible)
- Develop a strategy identifying specific actions to be taken should the need arise to migrate a workload elsewhere