Cloud Vendor Lock-In: What It Really Costs and How to Mitigate It
Understanding Lock-In Categories
Not all cloud lock-in is equal. Understanding the different types of lock-in helps you make informed trade-offs between cloud-native capability and portability.
Types of Cloud Lock-In
1. Data Lock-In (Most Dangerous)
Once data is in a cloud, moving it out costs money (egress) and time. For large datasets: 100TB at $0.09/GB egress = $9,000 to leave AWS. This is the primary lock-in mechanism — not technical but economic.
2. Service Lock-In (High Risk)
Using proprietary managed services with no equivalent elsewhere: AWS DynamoDB, Azure Cosmos DB, GCP BigTable. Migrating off these requires application rewrites, not just infrastructure changes.
3. Skill Lock-In (Medium Risk)
Organisations whose teams are deeply expert in one cloud's tools may face productivity costs switching. AWS CloudFormation → Terraform is straightforward; CloudFormation → Azure Bicep requires relearning.
4. Contractual Lock-In (Medium Risk)
Committed spend agreements (AWS EDP, Azure MCA) require minimum spend over 1-3 years. Early exit penalties can be significant.
Which Services Create Maximum Lock-In
| Service Category | Lock-In Level | Portable Alternative |
|---|---|---|
| Proprietary NoSQL (DynamoDB, Cosmos) | 🔴 Very High | MongoDB, Cassandra |
| Managed Kubernetes (EKS, AKS, GKE) | 🟡 Medium | Standard Kubernetes |
| Serverless functions | 🟡 Medium | Knative, OpenFaaS |
| Object storage (S3, Blob, GCS) | 🟢 Low | S3-compatible APIs universal |
| Virtual machines | 🟢 Low | Same AMI/image with cloud-init |
| Managed PostgreSQL/MySQL | 🟢 Low | All clouds offer managed OSS DB |
Portability Strategies
Infrastructure as Code
Use Terraform (not CloudFormation or Azure Bicep) for all infrastructure. Terraform providers exist for all clouds — switching becomes a configuration change, not a rewrite. Modules can be shared across clouds.
Containers and Kubernetes
Containerise applications. Standard Kubernetes runs on all clouds (EKS, AKS, GKE, OKE) and on-premises. Applications packaged as containers are the most portable workload type.
Open Source Database Selection
Choose PostgreSQL or MySQL over proprietary databases. All major clouds offer managed PostgreSQL. Moving between them requires only a database dump/restore and connection string change.
S3-Compatible Object Storage
All clouds support S3-compatible APIs. Use the S3 API (not AWS-specific SDKs) for object storage. Migration tools like rclone can copy between any two S3-compatible stores.
The Lock-In Trade-Off
Pure portability has a cost: proprietary managed services genuinely offer convenience and often lower operational overhead. The optimal strategy isn't zero lock-in — it's deliberate lock-in where the benefits outweigh the risks.
Accept lock-in for services that provide unique value (DynamoDB's scale and serverless model, Azure Active Directory integration). Avoid lock-in for commodity services (object storage, VMs, managed PostgreSQL) where alternatives are equivalent.
Ready to Calculate Your Cloud Costs?
Use TCOIQ's free comparison tool or build a full inventory across all 5 clouds.