The Doppler Quarterly Fall 2019 | Page 81

It is worth mentioning that third-party security tools are more mature, having been well- tested through the years. Many providers have an established research capability and long experience in the field. They partner with CSPs to ease the integration of their tools into the CSP platforms. Managed Services Throughout this article, multiple CSP managed service offerings were discussed. These range from microservice applications and databases to automation and security capa- bilities. Most of these are specific to the CSP’s platform and infrastructure. We also outlined the added business value of each specific service. In general, managed services add value to the business through controlling IT costs, reducing operational costs (including labor), increasing efficiency and performance, staying up to date with technology and reducing risk, to mention just a few of the benefits. Obviously, all these also result in enabling the client to focus on core business functions. One important part of this article is the CSP’s added value with regard to compliance. CSPs offer managed services along with the compliance requirements as one package. Security, a focus following all the data breaches, is integrated with managed services. However, there may be some exceptions, such as managing your own employee access, which are possible in almost all managed services! Conclusion Maybe it is time to rethink vendor lock-in with regard to public cloud adoption. There is great added business value to be gained from adopting public cloud offerings. In most cases, the added value at the tactical and operational levels outweigh the possible ven- dor lock-in risks. Even so, it might not be wise to build core business revenue generation that is contin- gent on the continuity of one vendor. This is not necessarily because a major CSP will go out of business, although this highly unlikely possibility cannot be completely ignored from a risk management perspective. However, a CSP may discontinue a service your core business uses. Or, another provider may offer a better or a more advanced service than the one that you are currently using. Strategically, you need a well-architected backup plan that embraces a hybrid cloud deployment model (see the "Cloud Exit strategy" referenced earlier), in order to mitigate CSP vendor lock-in risk. Even if this risk is residual, a backup plan is necessary to ensure business continuity and competency. FALL 2019 | THE DOPPLER | 79