One of the most common types of cloud offerings is software as a service (SaaS), which can cover CRM offerings like Salesforce.com or e-mail providers like Gmail and Yahoo.com. We recently interviewed enterprise application mashup expert Michael Ogrinz about how applications mashups can help with data migration issues, especially in regard to SaaS and the cloud. According to Ogrinz, your organization can employ cloud offerings without getting bogged down by vendor lock-in, but it takes a little careful planning (and some help from an enterprise mashup or two).
Most SaaS providers offer some form of import strategy to get your data into the cloud, but not every one provides an easy way to export the data back into your own system. Not to say there is anything sinister afoot with SaaS providers, but they are naturally enthusiastic about bringing new customers on board. They are sometimes less gung-ho to help customers integrate SaaS products with home grown solutions that may replace some of the functionality that the provider might otherwise be able to sell to the customer. When it comes to cloud computing, it pays to do your homework and not rush into anything blindly.
Two types of vendor lock-in you want to watch for are data lock-in and API lock-in. Data lock-in occurs when the SaaS provider will show you the data in a presentation format, but won't return the raw data for further analysis, aggregation, or even storage. It basically means you are tied to that particular vendor for that particular data until you find a way to break the lock. API lock-in can be even worse. API lock-in means that the SaaS provider's API has become an important part of your application architecture. Once this happens, your ability to make changes independent of the provider can be severely hampered.
Luckily, both forms of SaaS provider lock-in can be avoided with some careful planning and consideration. First off, as a general rule, do not put anything too valuable on the cloud. Keep in mind this expression from the IT security world: "Keep the crown jewels behind the firewall." This means that your most valuable algorithms—any functionalities that are absolutely key to your business—need to stay on your internal systems, for safe keeping.
Still, you may want to integrate these important business capabilities with other more mundane data functionality from the cloud. The way to do it, according to Ogrinz, is as follows: First, gather up the APIs from your external cloud resources. Then set up a mitigation layer to keep the rest of your architecture safe from API lock-in. Then expose the data from your key internal resources with a private API. Finally, mash your private API up with the external APIs via the mitigation layer.