Managed database services have simplified the operating model. They eliminate most
of the administrative tasks, including the tedious patching and compliance jobs. They
offer highly available and scalable architecture provided by the CSP. They have advanced
and well-integrated data archiving and long-term storage capabilities. Clients do not
need to maintain another entity and infrastructure to ensure their data format will be up
to date for retrieval. Other considerations include the need for decision support sys-
tems, as managed database services are easily integrated with CSP analytics and BI
tools.
Important factors that reduce the lock-in risk, include being able to get the data back
from the CSP, as well as being able to exit gracefully from one CSP platform to another
public CSP, or private implementation. However, there are other issues that need to be
looked at, such as how the applications using that database were architected and
deployed.
But we must point out that if instead of using an open source database, such as Post-
greSQL, the enterprise is using some proprietary database, it is already in the midst of a
swarm of vendor lock-in issues.
Security
Massive security capabilities are natively available in public cloud offerings. Some of
these are mandatory with the CSP’s architecture and deployment models. Examples are
the security groups and access controls, which are required to architect AWS VPCs and
Azure VNets. Some security features are offered at no cost, others have to be used as
part of the architecture.
Also, CSPs natively provide lots of logging and monitoring capabilities at no cost, such
as operating system and infrastructure logs. These need to be ingested into some cen-
tral event logging tools. Recently, even CSPs started offering security tooling, such as
SIEM and Security Advisor, which are natively and easily integrated with the CSP’s
platform.
Infrastructure security implementation is very clearly a vendor lock-in issue, especially
with regard to native capabilities. Also, some security tools might work for one platform
but not for another. However, the latter is not a direct lock-in risk, as different tools
would be required for each CSP platform. This has financial, skill set and operational dif-
ficulties, which can be explored further in another setting.
Some of the added business value provided by CSP security capabilities: regulatory
compliance, security automation, flexibility, high availability and disaster recovery, mas-
sive DDoS protection and mature physical security. Most important is the integration
that has already been done in both compliance and security.
78 | THE DOPPLER |
FALL 2019