When it comes to IT nightmare scenarios, few can match the possibility of having a key vendor partner suddenly close its doors. With little or no advance warning, IT leadership must scramble to find a suitable replacement and continue vital operations.
It’s critical to go on the offensive quickly, advises Troy Gibson, fractional CIO with business and technology consulting firm Centric Consulting’s CIO services unit. “Waiting to see what will happen is a recipe for disaster,” he says in an email interview. Remember that there will be many other customers in the same boat, so a rapid response is essential. “There are advantages to being at the table first to set the stage for what happens next.”
Warning Signs
Poor communication often signals a business in trouble, says Simon Fletcher, engineering manager at cybersecurity firm Twingate. “This is the most visible warning sign,” he notes via email. “If a vendor becomes unresponsive, or delays in communication start arising, this can be an early red flag.”
Another warning sign is a vendor experiencing frequent leadership changes. “A high turnover in staff, particularly in executive and leadership positions, can indicate internal instability,” Fletcher says. Product or service quality decline, or a sudden lack of regular updates, is yet another red flag. Additionally, staff layoffs and/or facility closures can be a sign of internal trouble.
Taking Action
The first step to take once a vendor’s failure becomes apparent is to assess how important the vendor’s services are to your organization, Fletcher says. “This is critical to understand how dependent your organization is on the vendor and how the shutdown will immediately affect operations.”
Fletcher believes that a thorough assessment can be highly effective, since it allows the leaders at the affected organization to quickly understand the potential risks and operational disruptions caused by the vendor’s shutdown. “By prioritizing the most critical services, the IT leader can allocate resources effectively, focus on minimizing downtime, and maintain business continuity,” he explains. “It also provides a clear direction for further steps, such as engaging alternative vendors or activating any existing contingency plans.”
Identify and secure all critical data associated with the vendor, particularly if it resides in specialized SaaS applications, recommends Todd Thorsen, CISO at data backup service provider CrashPlan. “IT leaders should prioritize exporting and backing up all data from these applications to ensure no intellectual property or essential work is lost,” he says via email. “This includes identifying all endpoints, such as laptops or any other devices on which data might be stored and securing the content in a centralized backup environment.”
By focusing on data backup, organizations can protect their intellectual property and critical work, even when a vendor suddenly shuts down, Thorsen says. “This mitigates the risk of data loss and ensures that teams can continue with minimal disruption.”
Gibson suggests engaging the vendor to understand their actions and how they might be able to help you mitigate the situation. “They may have already established a transition plan,” he notes. “If this is a software solution, cloud-based or on-prem, negotiate to gain access to the code and build scripts.” If that’s not possible, seek support to set up the solution on your own cloud platform. Finally, review the current contract to understand what products and/or services were agreed upon. “If there’s an escrow account for the code, understand the steps needed to access it.”
Preemptive Protection
The best protection against sudden vendor failure is regularly backing up all critical stored data to independent, secure environments. “This means setting up backup systems that aren’t reliant on the vendor’s infrastructure and ensuring that all work and intellectual property are duplicated in a secure location,” Thorsen says. Maintaining a comprehensive inventory of all applications in use, and understanding what data is stored in which location is also crucial, he adds.
As a key part of the IT risk management process, Gibson recommends that each vendor should be assessed on an annual basis to establish what would be the impact if the provider were to suddenly go under. Vendor size is inconsequential. Gibson reports that he’s seen several Fortune 500 companies coping with business-critical software solutions owned by a small IT provider that suddenly shut its doors.
Parting Thought
IT leaders should regularly review and audit the data they’ve stored across applications and endpoints, Thorsen says. To protect against unexpected vendor shutdowns, he suggests that data should be backed up regularly, made easily accessible, and stored in a secure environment. “Proactively managing data backups, rather than reacting to a crisis, can significantly reduce the impact on business continuity and protect against potential data loss,” Thorsen concludes.