CIO choices: 2. Can open source reduce lock-in?

Open source software and open APIs have increased the range of options available to IT leaders, but has the problem moved elsewhere?

In an ideal world, IT leaders would be free to move data and systems to wherever performance is highest, service levels are best or prices are most reasonable. But the world is not ideal and the complexity and interconnectedness of enterprise technology mean that CIOs can't simply pick up and start anew. Instead, it's a matter of trade-offs, working with what's already there while keeping future options as open as possible.

Vendor lock-in is a perennial issue. From the times when mainframes ran proprietary operating systems to database licensing to cloud egress charges, there's always something blocking the free movement of applications and data. As new technologies or regulations emerge that squeeze vendors' ability to prevent access to the exit door, balloon-like, new restrictions appear elsewhere.

But issues of lock-in are rarely top of the IT agenda. Only eight per cent of respondents to a recent Computing survey said they take active measures to avoid it, although 43 per cent said: "it's something we're very aware of".

Instead, most IT leaders are focused on more immediate concerns of speed, quality and security, with issues of lock-in only really arising when large-scale changes are required.

"While I do believe CIO sentiments are largely against lock-in, I see active efforts against vendor lock-in as scattered at best, ultimately meaning that the threat remains unchanged," said Blair Lyon, VP cloud experience at open source cloud service provider Linode.

Looking ahead, however, changes are likely. There is an increasing interest in multi-cloud and other strategies that promise more choice and flexibility to IT decision-makers.

"The issue here is that companies might commit to approaches that reduce agility over time," said Bryan Kirschner, VP of strategy at data management company DataStax "Multi-cloud is a good example - for some, using a single cloud provider is OK as they are happy to trade speed today against less agility and possible lock-in in the future. But if history is any guide, it's unlikely one point-of-view or approach will last as best-of-breed. Baking the assumption of competition and new innovation into strategy is likely to pay off."

So can open source software - and eventually hardware - help to move this process forwards? Amanda Brock, CEO of open technology not-for-profit OpenUK.

"IT teams have long memories - they can remember the impact of previous lock-ins, and they want to avoid that situation happening again if they can help it."

Brock sees cloud vendors as increasing the general understanding of open source software.

"The big cloud vendors are prompting that discussion with their services. If they can take away pain points in running open source, they can support bigger projects around data that will keep customers on their platforms for years to come."

But there's an issue here. Like Google's Android mobile operating system which is basically Linux with a proprietary layer on top, many cloud services also feature proprietary features, so lock-in has effectively moved up the scale. As more and more infrastructure moves to the cloud it's clear that this is where the squeezed balloon of lock-in is showing up now.

"Much of the cloud infrastructure is open but the service layer can easily be restricted by the controlling cloud vendor, locking out open source and disruptors and creating effective client lock-in," explained Brock.

Open source software and open APIs have certainly helped reduce locking in other areas such as operating systems and expensively licensed and unsympathetically audited enterprise software, but the panacea is not necessarily to be found in the cloud. The latest iteration of lock-in is bondage to a particular cloud service, which is where smaller platforms like Linode can differentiate themselves.

Open source lets us do things other providers can't - like making it easy to move workloads between Linode and other cloud providers. We openly talk about this, which is unique among providers," said Lyon.

In the meantime, Google Cloud Platform has sought to brand itself the multi-cloud choice with the release of Anthos last year; however, canny observers have noted the company is building proprietary layers around that too.

Many IT leaders don't see this as a particular problem, certainly less of a burden than being locked into multi-year contracts with enterprise software vendors. The hyper-scalers are adding new services constantly, they figure, so it's not a matter of missing out.

Lyon agrees that currently, it's a minor concern with CIOs, but believes it will grow with time. There are three types of IT leaders when it comes to open source he says.

"There are those who accept this risk for the short-term benefits; those who aren't aware of the risks and are currently finding themselves or will soon find themselves in a precarious position; and a lesser group of those who have done and are doing everything they can to avoid it."

The fact that the fastest-growing data management and advanced analytics software is open source is likely to start tipping the balance towards action, said Matt Yonkovit, chief experience officer at open source database specialist Percona.

"For CIOs, running effective digital programmes with more distributed employees and with more emphasis on data means that they will use more open source. This helps them keep control over lock-in and prevent too much reliance on any one provider. Open source has a role to play in keeping options open."

It's noticeable how many application and platform vendors are starting to at least pay lip-service to the idea of multi-cloud, hybrid cloud and data portability in their promotional materials, which suggests that even if cloud lock-in is not an urgent issue for the majority of CIOs, it's certainly rising up the agenda.

CIOs should certainly weigh up the costs and risks of being locked into one platform, but it's not always a simple choice for IT leaders, admits Lyon. Sometimes, being locked in can mean being secure.

"Lock-in is not binary, and there are trade-offs either way: too proprietary, and while you can hold someone else responsible for problems, you lose control. Too much open, and while you're free as a bird, you're on the hook to make sure everything works, including management of legacy environments and retiring technical debt."

Indeed, more than a few IT leaders we've spoken to have been happy to put the issue on the back burner for now, given the relative simplicity and lower skills requirements of having one main provider, not to mention the issue of ‘data gravity' - the cost and time required to move large volumes of data from one platform to another.