Caveat Emptor with Software Vendors

Using independent software vendors (ISVs) to satisfy parts of your digital transformation project can accelerate timelines and enables you to realize value faster, yet it comes with tradeoffs.

ISVs have the benefit of domain expertise and exposure to a lot of customers, enabling you to benefit from collective knowledge around a particular problem.

While you could build your own contract lifecycle management or sales cadencing solutions, most organizations prefer to use ISVs that have deep knowledge on those topics and continue to offer innovation as the market evolves.

However, reliance on ISVs as part of your technology stack also come with tradeoffs:

  • Lack of control: You may be able to influence the roadmap, but in many ways you’re at the mercy of the ISV to build things that you identify as gaps

  • Single point of failure: A bug or service disruption can halt your business processes entirely

  • Increased threat surface: In some cases, you expose your data and IP to the ISV’s tech stack and staff, which requires initial and recurring reviews to maintain whatever your desired security posture is

  • Integration points: You may be able to integrate nicely or need to find workarounds for how to get data in and out of your ISV’s service

  • Uncertain renewal rates: Your licensing costs may increase more than expected at time of renewal, often with little time to pivot to another ISV or build your own solution

Zooming into the Salesforce ecosystem, here are examples of risks that I’ve seen with my clients:

  • Trust, but verify: A provider of apps for multiple industries within financial services attempted to gloss over the fact that their application had not gone through security review, a process that Salesforce’s AppExchange uses to identify “trustworthy” apps

  • Zombies: A nonprofit consulting firm published multiple apps as an ISV and then went out of business, leaving their clients and customers with apps that no longer had any support or future roadmap

  • Leaky boat: A financial services firm has an app that integrates data bidirectionally with their core service, yet that core service has multiple security vulnerabilities around data access and entitlements

  • Black box: A provider of accounting and ERP apps requires its customers to give them access to production systems to perform upgrades due to the complexity of their app and limitations on how its customers can configure settings within its packages

Stay tuned for a future post with a checklist of questions to ask and things to look for as part of your vetting process with ISVs.

TLDR: Using prebuilt solutions from vendors can accelerate your initiatives, but comes with its own set of tradeoffs.

Only Done Right Daily

A free, daily email newsletter with practical insights into digital strategy and transformation, designed for both practitioners and executives looking to make processes and technology work better.

Each email is a two minute read packed with content on how to continually drive digital transformation in your organization.

    I will not send you spam nor share your email address with anyone else.

    If you're still not sure, you can browse the archive.

    Previous
    Previous

    Three Steps to Improve Your Stance for Exceptions

    Next
    Next

    Drop Distractions in Demos & Presentations