Episode two of our series on the most common objections to switching from hyperscalers to a sovereign cloud: What is the reality behind the concern of becoming dependent on a small provider?
In addition to the prejudice that hyperscalers are cheaper, another objection to potentially switching cloud providers is circulating: “We don’t want to become dependent on a smaller provider.” Behind this statement are usually not technical facts, but a feeling: Bigger seems safer. But how strongly does actual dependency in the cloud world depend on the size of the provider?
The fear of dependency touches on several levels:
These points are understandable. However, they obscure the decisive argument: Dependency arises from architectural decisions, proprietary solutions, and legal circumstances.
Vendor lock-in in the cloud typically occurs where workloads are heavily tied to proprietary services, APIs, and data formats. The more intensively a provider’s proprietary services are used, the more difficult a later migration becomes.
This is where open standards come into play:
Those who consistently build infrastructures and applications on such standards automatically reduce technical dependency on a single provider. While a switch remains an effort, it becomes plannable and feasible.
In practice, portability is demonstrated where environments can be reproducibly described and automatically built:
Such an architecture actually makes exiting from a smaller provider technically easier than is the case with a hyperscaler, in whose ecosystem many specialized PaaS and other services are used. The decisive factor: Portability is considered during design, not only when planning an exit.
The question of dependency also touches on the stability of the provider itself. Here, it is worth looking at hard factors:
Own data centers: A provider that operates its own data center infrastructure in Europe invests long-term in locations, power supply, cooling, and network connectivity. This indicates continuity and plannable framework conditions.
History: Multi-year market presence and established customer relationships are an indication that operations are not designed for short-term experiments.
Certifications such as ISO 27001, ISO 9001, PCI-DSS, or TÜV-certified data center tiers show that processes, security, and quality are regularly externally audited.
These points do not replace a risk analysis, but they provide a significantly more reliable basis than the mere assumption “big is safe, small is risky.”
The statement “Being dependent on a small cloud provider is risky” falls short. Dependency arises when workloads are deeply embedded in proprietary services and exit scenarios have not been considered. Those who rely on open standards, describe infrastructure as code, and consider possible exits during design significantly reduce their risk.
The decisive question should therefore not be “How big is the provider?” but rather: “How quickly and with what effort could we switch in an emergency?”
In the third episode of “Cloud Reservations Under Review,” we address the concern that the necessary know-how for modern cloud solutions is lacking in-house.
