Serverless vendor lock-in: Should you be worried?

Don't let concerns about vendor lock-in stop you from committing to a serverless platform. As with any technology move, however, it's a good idea to assess the potential risk and impact of that happening when choosing a vendor.

That appears to be the general consensus among some industry experts amid concerns over vendor lock-in, prompted mainly by Amazon's early—and dominating—lead in the serverless computing space.

According to the Cloud Native Technologies Foundation (CNTF), 70% of organizations currently using serverless technologies are on Amazon's Lambda platform, compared to 13% on Google's Cloud Function and 12% each on Apache's OpenWhisk and Microsoft's Azure Functions.

In a serverless computing model, the cloud vendor hosts, provisions, and manages all of the computing resources for running an application or service, including the operating system and hardware. The model frees developers from having to write for a particular OS platform or hardware infrastructure.

It is typically cheaper than infrastructure-as-a-service and platform-as-a-service models, because most vendors use pay-as-you-go pricing with serverless computing. However, one major concern that has cropped up in recent months with serverless computing is vendor lock-in: It can be hard to port to another vendor's platform without considerable effort and cost.

Here's what your team needs to know about serverless lock-in.

The State of Analytics in IT Operations

Lock-in at the API level

One place where vendor lock-in can occur in the serverless context is at the API level, said Dean Hallman, founder and CTO of WireSoft and creator of Cloudbox, an open-source project for building cloud and serverless applications. The API is the interface between the customer's code and the serverless vendor's infrastructure.

The way that AWS Lambda or OpenWhisk calls into your serverless code can vary. Coupling your code too tightly to a serverless vendor's APIs can make it hard to move the code to another platform. So, to avoid problems, "you need to make sure there's some distance between you and the APIs you are using," he said.

The services lock-in issue

Another, bigger potential for lock-in exists in the way your code interacts with or is triggered by all of the other services that a serverless vendor provides. "The challenge with lock-in is derived from the tight coupling between the serverless functions and the cloud provider services," said Yaron Haviv, founder and CTO of Iguazio, an analytics provider.

One example is Lambda's use of Kinesis as a trigger source for data streaming. An organization that wants to use another streaming technology, such as Apache Kafka, would not be able to use it on Lambda. "So the lock-in is not just about the Lambda service but all the resources attached to it," Haviv explained.

The point is, it's not just about the connection to a vendor's serverless API. Organizations should also keep in mind all the services around the serverless system when evaluating the potential for getting locked into a vendor, Haviv said.

For example, if an organization uses serverless as a platform-specific glue layer—to connect an AWS notification service to another AWS data service, for instance—that customer is already locked into the vendor. In such cases, the customer should try to ensure that the serverless platform properly supports the desired use case, Haviv said.

How much should you care?

The real issue, though, is how much you should allow such concerns to influence decisions about whether or not to commit to a particular serverless platform vendor. The reality is that there is always a degree of lock-in with any technology choice, and serverless is no different.

Owen Rogers, an analyst with 451 Research, said vendor lock-in is a reality, whether you are choosing a database, a programming language, or an operating system, and serverless is no different.

"Yes, there is likely to be some lock-in when choosing a serverless platform. Enterprises are forced to make a choice at some point, and this choice is bound to lead to some lock-in."
Owen Rogers

Rather than avoiding serverless because of fears about lock-in risk, assess the threat and impact instead, Rogers said. Consider, for instance, the likelihood of your needing to migrate off Lambda. What might drive such a change, and what are the chances of these drivers becoming reality?

The chance of AWS raising prices, for example, is balanced by enterprise strategy.

"Lambda pricing I would argue is very low, but the chance of the enterprise periodically changing its strategic suppliers is higher."
—Owen Rogers

Similarly, figure out how much it would cost to migrate to a different provider, and how that might affect the business, he said.

There are also new frameworks to provide compatibility across serverless platforms from groups such as serverless.com. Others, including the Cloud Native Computing Foundation (CNCF), are making progress on a serverless standard. These can be good options for organizations concerned about serverless vendor lock-in.

But there are trade-offs to be considered as well, 451 Research's Rogers said. One challenge is a loss of fidelity. If Google, for example, launches a cool new feature on Cloud Functions, he said, how long will it take to be available on these new frameworks, and how will this translate to the other cloud providers that don’t offer an equivalent feature? 

There's also the issue of just how much functionality a truly open serverless framework would be able to offer compared to specific vendors' wares. "I expect there will soon be a number of open-source options that loosen vendor bonds," said WireSoft's Hallman.

The challenge is going to be in making sure the resulting technologies don't end up adopting the lowest common denominator across technologies in their bid to be open, he said.

Is lock-in a reason to worry?

The entire serverless space itself is relatively new, still fragmented, and largely dominated by a single player, said IT consultant Rafal Gancarz.

"Personally, I believe vendor lock-in is not really a relevant problem in the context of serverless computing right now."
Rafal Gancarz

Gancarz said he believes that rivals of Amazon, either within the serverless computing space or in the platform-as-a-service community, are likely fueling the concerns in an attempt to undermine Lambda's dominance. "It's just inventing a problem," he said.

Serverless computing is highly dependent on the platform provider, he said. But given the current immaturity within the industry, organizations don't have a whole lot of options for reducing the degree of dependency, Gancarz noted.

So rather than worrying about vendor lock-in, Gancarz suggested that organizations focus on finding and committing to a platform that offers them the most benefits and integrations across provider services.