It is worth mentioning that third-party security tools are more mature, having been well-
tested through the years. Many providers have an established research capability and
long experience in the field. They partner with CSPs to ease the integration of their tools
into the CSP platforms.
Managed Services
Throughout this article, multiple CSP managed service offerings were discussed. These
range from microservice applications and databases to automation and security capa-
bilities. Most of these are specific to the CSP’s platform and infrastructure.
We also outlined the added business value of each specific service. In general, managed
services add value to the business through controlling IT costs, reducing operational
costs (including labor), increasing efficiency and performance, staying up to date with
technology and reducing risk, to mention just a few of the benefits. Obviously, all these
also result in enabling the client to focus on core business functions.
One important part of this article is the CSP’s added value with regard to compliance.
CSPs offer managed services along with the compliance requirements as one package.
Security, a focus following all the data breaches, is integrated with managed services.
However, there may be some exceptions, such as managing your own employee access,
which are possible in almost all managed services!
Conclusion
Maybe it is time to rethink vendor lock-in with regard to public cloud adoption. There is
great added business value to be gained from adopting public cloud offerings. In most
cases, the added value at the tactical and operational levels outweigh the possible ven-
dor lock-in risks.
Even so, it might not be wise to build core business revenue generation that is contin-
gent on the continuity of one vendor. This is not necessarily because a major CSP will
go out of business, although this highly unlikely possibility cannot be completely ignored
from a risk management perspective. However, a CSP may discontinue a service your
core business uses. Or, another provider may offer a better or a more advanced service
than the one that you are currently using.
Strategically, you need a well-architected backup plan that embraces a hybrid cloud
deployment model (see the "Cloud Exit strategy" referenced earlier), in order to mitigate
CSP vendor lock-in risk. Even if this risk is residual, a backup plan is necessary to ensure
business continuity and competency.
FALL 2019 | THE DOPPLER | 79