data security concept, mobile application access, login and password
Uncategorized Multi-Cloud

Multi-Cloud: It’s Not About Avoiding Lock-In — It’s About Avoiding Being Locked Out

Politics aside, the much-publicized recent cancellation of the JEDI contract in favor of a new multi-cloud strategy serves as a useful way to draw a line under debate about whether multi-cloud is really a de facto for a modern business. It is.

Multi-cloud debate often gets lost in the weeds of platform either/or comparisons, when actually it is all about having access to the apps and services you need across all of them. In fact, 80% of organizations are already deploying apps to diverse environments (including private cloud/data center, public clouds, and edge). (Source: VMware FY22 H1 Benchmark: Cloud and Applications, March 2021;  N=1184 Global Technology Decision Makers)

At VMware, this is the future we envisaged and built for with our Any-Any-Any philosophy. Unfortunately, confusion over multi-cloud persists.

A current, popular misconception seems to be that those with a stated multi-cloud strategy also have a primary driver of avoiding any element of lock-in. This then switches a conversation that should be focused on the best practices for multi-cloud into an often-polarized debate about lock-in. It is true that the topics are related but they are far from being the same thing.

VMware Cloud is built on the belief that a good multi-cloud strategy is about removing constraints, not adding them. Yet a total lock-in avoidance approach implies a deliberate choice to deny yourself access to many available technologies, platforms, and services – of locking yourself out. This is a multi-cloud anti-pattern.

So, if multi-cloud is not the same as avoiding lock-in, what is the relationship between these things? To answer that, we need to take a quick look at the concept of lock-in.

Understanding lock-in

The risks associated with being beholden to a single supplier of services, or lock-in, has always been a consideration for IT and many businesses have found themselves tied to a supplier in ways that they wish they were not.

When it comes to IT there are four primary sources of lock-in: technical, commercial, skills and operations, and compliance.

1. Technical

The first source of lock-in is about having code (application or operational) exclusively viable only in a particular service type. The database running in Oracle or the application based on AWS Lambda functions cannot just be moved, without effort, to an alternative technology stack. It can be done but the cost of exit is very high.

2. Commercial

Second, businesses will typically run with many term-based commitments to services in their third-party contracts. These range from enterprise agreements with technology vendors through to multi-year outsource contracts. In most cases these commitments carry significant write-off or early termination costs.

3. Skills and operations

Lastly, chances are that any business using a service also carries a major internal investment in the skills, operational processes and networks that make it viable for them to consume. These scale with use and often become integral to business processes and culture.

4. Compliance

While not strictly a risk of lock-in, compliance requirements may have a major influence on lock-in considerations, such as financial services regulations requiring proof that a service can be exited, or privacy considerations such as GDPR. Compliance concerns can create challenges with both using and exiting a service.

Managing lock in risk

All these areas ultimately serve to create an economic dependency. Avoiding this dependency completely can only be achieved by not using the services at all. However, the reason we use these services is because they offer value and oftentimes there is a direct correlation between the level of lock-in to a service and the potential value that can be extracted from it.

To help address this and enable service adoption, there are options available to mitigate lock-in risk including:

  • Use of open standards/open source to support interoperability
  • Leveraging ecosystems such as that around Kubernetes to provide reduced-cost portability
  • Negotiating critical KPIs and exit clauses into service contracts, or seeking credits which allow you to change your license distribution as your needs change (such as VMware Cloud Universal).

The resultant reality of this is that case-by-case decisions need to be made that establish a trade-off between the potential value received vs. the risks involved.

Our current VP of the Advanced Technology Group, Chris Wolf, was discussing how to approach making these decisions back in 2017 and it still remains true today.

Multi-cloud considerations

While lock-in will always be a consideration, it is rarely one full of absolutes. So how does a multi-cloud strategy affect it?

The multi-cloud strategy advantage

A good multi-cloud strategy increases your ability to extract value from cloud services and applications, while providing the flexibility of options to decrease the risk of doing so.

The multi-cloud goal is to accelerate your ability to use any technology that meets your business requirements. This matches the priorities we see in customers around the globe where 88% of technology executives (VP-level and higher) cite that their organization prefers a “best of breed” cloud approach. (Source: VMware Q2 Executive Pulse, June 2021;  N=461 Global Enterprise Senior Technology Decision Makers.) This approach is an important competitive advantage for cloud-mature customers.


“We saw multi-cloud as an opportunity right from the beginning. Multi-cloud gives us choice and portability, allowing us to use the best of all worlds. While management can be complex, it is absolutely worth the effort.”

Christoph Böhm, CIO and COO of Deutsche Börse Group


This complexity is because adopting these new technologies is not straightforward—in fact, the same areas of lock-in risk (technical, commercial, skills and operations, and compliance) also act as barriers of adoption.

In other words, if you want to use that innovative cloud or application service, then you need to:

  1. Develop for it effectively to extract value
  2. Have appropriate tools and insight to help manage commercial optimization
  3. Evolve the skills and processes that let you use it securely and efficiently
  4. Adapt to meet changing compliance standards

VMware Cloud customers benefit from the fastest path to production precisely because the multi-cloud capabilities help overcome these challenges. For example:

  • Developers have build-packs or PaaS environments containing all the multi-cloud technologies they need, delivered seamlessly to their desktop.
  • API layers and integrations that are sympathetic to a world of multiple clouds, multiple app stacks, and brownfield scenarios
  • Hybrid cloud capabilities avoid unnecessary pre-work not directly related to the outcome desired
  • Native ability to run, secure and operate traditional and cloud-native workloads side by side without compromise
  • Visibility, optimization, automation and security across clouds to provide consistent operations where it matters
  • The ability to leverage and extend existing skills and processes as a fast, secure pathway to implementing DevSecOps

At the lock-in risk management end of the spectrum, the VMware multi-cloud strategy also offers a large range of mitigations. For example:

  • Full workload portability, including for repatriation where needed.
  • A global network of cloud providers and partners providing every type of service in thousands of global locations
  • Cloud-agnostic application development and management
  • Commercial flexibility
  • Strategic partnerships and integrations with every major public cloud provider
  • Visibility, governance and control through consistent operational tools and insights

So the answer is that a good multi-cloud strategy, such as VMware Cloud, helps at both ends of the spectrum.

Practical benefits of a multi-cloud strategy

As we’ve learned, avoiding multi-cloud is a strategy that locks you out of options, just the same as seeking to avoid lock-in does. Let’s consider some examples of situations where our customers could have found themselves locked out and how VMware Cloud instead helped them take advantage.

Acquisition of a company using a different cloud

For mergers and acquisitions, the time and cost of integrating the new entity is critical to the value proposition and can be a market differentiator. If you are locked out from multi-cloud, the integration is not complete until all existing workloads have been refactored, and the skills, processes and commercial contracts restructured to your preferences. VMware Cloud customers can connect new employees and implement cloud governance on day 1. They can move applications and workloads out of non-strategic locations in a matter of weeks and without business disruption. IHS Markit, for example, was able to move 1,000 workloads to VMware Cloud on AWS in only six weeks.

Build a new front end to an existing application, that has not yet been refactored, in days

This is a common requirement we see for customers. Without multi-cloud integrations, large parts of the existing application will also need to be refactored, adding time and cost to the work to do. With multi-cloud integrations, the new app can be developed and integrated without refactoring the existing one first. A good example is Fiserv who, during the pandemic, helped small businesses access the funding they needed to continue operating through the Paycheck Protection Program. They used just 15 developers to deliver 436 releases to production in just 28 calendar days—which was a matter of survival for many of their customers.


Applications are at the heart of the ability to compete in the more digitally oriented markets of today. Any decisions that constrain your options need to be considered very carefully indeed. Ignoring the risk of lock-in and seeking to avoid lock-in entirely are both extreme positions that will not benefit most organizations.

Flexibility with platforms, tools, and services built with the multi-cloud world in mind, enable you to make those case-by-case decisions, providing the flexibility you to need to focus on the real purpose of a technical strategy: to support the business transformation goals.

We call that flexibility Any App, on Any Cloud, delivered to Any Workspace. We also call it VMware Cloud.