In-Depth

Small Vendors and Risk Management

A reader challenges my "success story" column (on buying from a small vendor) with the need to manage risk.

• By Jon William Toigo
• 02/13/2003

Now, mind you, I receive a few flames each week—usually from vendors who feel their products were given short shrift or were omitted entirely from the text. I don't lose sleep over these.

But it is different when an end user complains. After all, my purpose for writing this column is to serve end users with perspectives and information that often get buried in all of the marketing noise from the vendor community. We often criticize vendor product shortcomings and warn against proprietary technology, but we also seek to balance this with the occasional success story offered to us by an end user directly. So it came to be that the column about Forbes.com was written.

To the end user who wrote (I’ll call him JB), the piece about Forbes was “utterly useless.” I could have taken my lumps and left it there, but instead I asked for clarification and for guidance about what he would like to see covered in the column. I asked him what would make our column “utterly useful.” He obliged us with the following thoughts.

“[You need to] talk about the risk of dealing with smaller vendors in this economy. I design and manage a very large financial services storage environment. I'd like to work with the smaller vendors you like to write about. We, however, are in the business of risk management. If I take you up on your advocacy how am I going to control the fate of that vendor? I can't.

“Look at SAM/SRM. Creekpath has excellent workflow—but the same development isbeing done by Veritas, EMC, and BMC. What is the fate of Creekpath?

“Acquisition? Doubtful, if the big players are on this path, and if they are acquired it's going to be in a fire sale of IP that will morph the product into something that may not be useful to me.

“Wild success? Doubtful, since the big players will carve up the market. When I bring them in, it's to leverage their technology against the big boys I want to procure from.

“Failure? Highly likely, in the buying climate we all operate in today and the aversion to a large acquisition. Witness the ongoing collapse of the SSP model and buying sprees by EMC, Veritas, et al.

“There is a reason for the rationale of buying from the big boys for mission critical platforms—risk management. Too many of your articles try to poke them in the eye (rant) at the expense of pointing out the harsh realities of vendor survival in this market. I need information and opinion that's less entertaining and more reality bites. But then maybe I should just get up off my office sofa and change the channel?

“CYA is now back in vogue, along with ROI. It's pretty dull. But admin boredom and regular hours are a sure sign of a successful data center.”

The reader did a great job of laying out his perspective on buying products from smaller vendors. In a follow-up e-mail, he went further to discuss his needs from this column.

“I don't mean to [disparage] innovation—I just don't think we'll see start-ups thrive in storage over the next few years; most will reach a critical juncture (and ugly decision point) of developed IP, dwindling cash flow, and buyer risk aversion. Those with the best IP will end up in the arms of EMC, Veritas, IBM, or BMC (please help them if they end up at CA). Or innovation and experimentation will continue in university labs, much like the distributed file system advances today.

“Another article I'd like to see you look at and I'm clueless about: all the giants love to talk about their R&D budgets. What are they doing with all that money? What projects are going on inside of the big boy labs? Why can't we have a Bell Labs for storage beyond what IBM is doing on the hardware side? Where are the best and brightest in storage?”

JB is to be commended for sharing his opinion with us so provocatively. His analysis of the marketing hurdles facing small and innovative vendors is spot on. There is risk associated with using a product that comes from a vendor that is not a member of the “big boy” crowd. For some IT managers, the risk is simply too great. CYA is indeed in vogue in more conservative IT departments as they confront closer scrutiny from the business side of the house.

Still, I have another perspective, JB. I, too, have managed IT departments and have weathered full cycles of economic boom and bust in my career. I can’t help but remember that there were occasions in the 1980s and 1990s where managers did get fired for buying IBM and little players like EMC did become behemoths in the industry at a time when most analysts were dooming the small fry of the industry to that big cannery in the sky. Not everyone played it safe in their technology acquisitions. And some, including me, reaped rewards from embracing the innovative small guy from time to time.

So, I must disagree, JB, that we should only cover (or buy from) the big boys: especially when the question you ask about what the big boy labs are up to in their labs remains unanswered. They are most certainly not spending it on open-standards-based products that will enable their customers to select best of breed products from a variety of vendors with the assurance that they will all plug and play together.

In any case, we appreciate your feedback, JB, and hope that you will continue to check our “excesses and defects.” Moreover, we will, in a future piece, try to dig up more information on what is under development within labs of IBM, HP, and other large players. Thanks for your perspective and please don’t change the channel.