Skip to main content

The Cloud-Native Foundation Layer: A Portable, Vendor-Neutral Base for Modern Systems

ยท 4 min read
Irfan Shah
Irfan Shah
Founder at base14
Cloud-Native Foundation Layer

Cloud-native began with containers and Kubernetes. Since then, it has become a set of open standards and protocols that let systems run anywhere with minimal friction.

Today's engineering landscape spans public clouds, private clouds, on-prem clusters, and edge environments - far beyond the old single-cloud model. Teams work this way because it's the only practical response to cost, regulation, latency, hardware availability, and outages.

If you expect change, you need an architecture that can handle it.

Deploying on One Cloud Isn't Lock-In. Designing for One Cloud Isโ€‹

Two recent outages show how risky this is:

Cloudflare โ€” 18 Nov 2025โ€‹

A routing bug took down large parts of the internet for hours. Many companies broke even if they weren't Cloudflare customers. Their DNS, CDN, or WAF traffic still flowed through Cloudflare somewhere.

AWS us-east-1 โ€” 20 Oct 2025โ€‹

Cascading control-plane failures halted services across the industry. Anyone tied to us-east-1 had no alternatives.

These failures weren't unusual. They were predictable outcomes of stacking critical workloads in one place.

If your whole system sits on one provider, their failures become your failures.

Cloud Costs Make Lock-In Expensiveโ€‹

DHH's "We Have Left the Cloud" is a clear example. Basecamp/HEY left AWS after realizing the cost no longer made sense. Doing so saved them millions.

Their situation was unusual, but the point is general:

You cannot control cost if you cannot move.

If all your workloads sit on one cloud, you lose the ability to:

  • Shift workloads to cheaper regions
  • Compare GPU pricing across clouds
  • Escape sudden egress spikes
  • Negotiate pricing at all

The problem isn't being on one cloud. It's losing the option to leave. With portable designs, you can sidestep outages like Cloudflare's or AWS's by running elsewhere, and you regain leverage on price. Freedom comes from reversibility.

Most Lock-In Doesn't Come From Vendors. It Comes From Your Codeโ€‹

The trap usually starts small:

  • An SDK call deep in your business logic
  • A dependency on a proprietary database
  • A CI pipeline that only works in one cloud
  • An IAM model you can't reproduce anywhere else
  • A networking or eventing pattern that has no equivalent outside your vendor

None of these feel like lock-in at the time. They become lock-in when you try to change something and can't.

What the Foundation Layer Really Isโ€‹

A Cloud-Native Foundation Layer isn't extra architecture. It's the minimum structure you need to stay free:

1. Composable Infrastructureโ€‹

Use components that behave the same everywhere: containers, GitOps, Terraform.

2. Open Interfaces and Protocolsโ€‹

Choose interfaces that don't care where they run: HTTP/JSON, gRPC, SQL, OTel, S3-compatible storage.

3. Unified Observabilityโ€‹

Instrument with OpenTelemetry so your telemetry can go to any backend without changes.

If you do these three things, you get:

  • Portability
  • Better uptime
  • Lower cost volatility
  • Easier compliance
  • Freedom to adopt new technology

None of this is abstraction for its own sake. It's the cheapest way to avoid expensive mistakes later.

A Foundation Layer: The Ability to Change Your Mindโ€‹

Outages will happen. Pricing will change. AI hardware will appear in one cloud before another. Data residency rules will tighten.

A foundation layer gives you space to respond. Without it, every change is painful.

What's Nextโ€‹

In Post 2, we'll cover how to structure your code so your domain logic doesn't depend on any one cloud โ€” the core of true portability.

Meanwhile you can read about what we wrote about the learnings from the recent cloudflare outage.

Referencesโ€‹