Vendor lock-in comes in many flavors, but in this blog post we’re referring to a situation where an organization becomes tied to a particular platform because they can’t reasonably switch to another platform without substantial cost and/or data loss. In these cases, it’s not a contractual issue, but rather limitations (by design or otherwise) that are put in place by the vendor that keeps your data in the platform and makes it difficult for customers to migrate to another platform. Unfortunately, we’ve seen this happen all too often.
Getting Stuck in a Vendor Lock-In Situation
The story typically starts in the same way — one person in one department starts to use a shiny new platform, one that hasn’t been on the market for all that long but offers lots of “latest and greatest” new features designed to transform the modern workspace. One person becomes two people, which becomes an entire department or team.
Another scenario that we’ve seen many times is with cloud platforms with free or low-cost tiers that are designed to get customers started. But these tiers intentionally don’t include all of the features, and at a certain point, a key decision maker realizes that the organization needs a feature that’s only available at a much higher price point.
In any case, without ever going through a proper requirements, review, and vetting process, suddenly your organization has a sizable number of users who have adopted the platform, and the quantity of critical knowledge stored in the platform reaches critical mass.
How vendor lock-in occurs
The “what have we done?” moment is usually prompted by a situation along these lines:
- A staff member accidentally deletes something and realizes that version history or backups provided by the vendor are incomplete (or, even worse, nonexistent).
- The head of IT begins researching cloud-to-cloud backup options for this platform and realizes that they’re limited or nonexistent.
- A platform admin tries to export a complete backup of all organizational data only to discover that export options are complicated, limited, or nonexistent.
- An audit or information security assessment shines a light on inconsistencies between the organization’s Business Continuity & Disaster Recovery Plan or Backup Policy, which requires that critical organizational data be kept for a certain period of time – which is outside of the scope of what the vendor is responsible for maintaining.
- The platform itself starts showing its limitations, and a member of the C-Suite starts asking questions about alternatives.
- The platform gets purchased by a competitor, which can lead to all sorts of issues that might make you want to jump ship.
- Prices have escalated, and it’s no longer a viable option for your company.
- An incident has occurred, and the organization simply no longer has faith in the vendor or its product.
- Your organization has too many platforms that perform similar functions and/or have overlapping capabilities, leading to frustration about which platform to use for what purpose, making collaboration a challenge, and wasting staff members’ time trying to search for knowledge that might be in one of several platforms.
All of these situations usually lead to questions about how to extract data from the platform, and that’s when it becomes clear that the vendor has made it exceedingly difficult, frustrating, costly, and/or impossible to get all of your organization’s data out of the platform.
Red Flags for Vendor Lock-In
Vendor lock-in is usually by design on the part of the vendor or it might just be the result of dealing with an immature platform and development team. A few red flags:
Limited backup options
Limited options for cloud-to-cloud backups is prevalent among new platforms, but it’s a major red flag. Ideally, you’re looking for a platform that allows you to manually create a full backup of your data yourself, which you can then download and store in an external, third-party platform and offers reasonably priced automated options through multiple, trusted third-party providers.
Example: Filevine, a niche platform for legal teams – Searches for “backup” lead to information about how to migrate data into Filevine. But as of May 2023, there’s absolutely no documentation in their publicly accessible website on how to create a backup of your own data, what’s included in the backup, if there are any limitations on how often you can create a backup or whether you can automate this process, or how to restore from a backup.
Read more about the importance of cloud-to-cloud backups
Limited and/or incomplete backups
If you’re not able to easily create a full backup of your organization’s data on your own, it’s a major red flag.
Example: ClickUp, a “do everything” platform. ClickUp allows users to backup their data themselves, or, as of May 2023, there’s one (and only one – another red flag!) officially-integrated third-party platform for backups, ProBackup. However, it’s important to note that the backup options provided by ClickUp and ProBackup are not complete. It’s hard to tell from the documentation on either site, but neither ClickUp nor ProBackup include Clickup Docs – Cickup’s native word processing format — as part of their backup. ClickUp has a long list of what’s included in their Workspace Task Data Export functionality, but Docs are missing. The same is true for ProBackup’s ClickUp backup service.
No API or issues with the API
There’s a myth among C-suite members that if a platform has an API, that means that someone could get your data out. Unfortunately, that’s not necessarily the case. For many platforms – particularly new platforms without a large user base – APIs can either be incomplete, poorly designed, or not well documented. In any of these cases, a seasoned programmer might be able to get some of your data out, but not necessarily all of it. The more difficult it is to get data out of a platform, the more it will cost to make that happen.
Use of proprietary formats and/or technology
Some platforms pride themselves on developing their own bespoke data formats, but this can be another red flag, particularly when the proprietary format is not accessible via the API. In short, a vendor’s use of proprietary technologies can make it difficult to move data and applications to another vendor or platform, even if the alternative is better.
Example: Box.com has a feature, “Box Notes,” that allows users to create and edit documents in Box’s native, proprietary format. As of May 2023, Box Notes are not accessible via the API – which means that everything a customer has created as a “Box Note” is a challenge in terms of data portability. This detail is buried at the bottom of the Box Notes FAQ.
Conclusion – So now what?
With the increasing availability of cloud platforms, and many sales teams that gloss over the details of how to access and backup your data from these platforms, it’s remarkably easy for organizations to get stuck in a vendor lock-in situation.
Even if it’s going to be complicated, messy, time consuming, and/or costly, we strongly recommend coming up with an exit strategy as soon as possible. These situations only get worse as your organization gets further entrenched in the platform. Ignoring the situation won’t make it better – in fact, the technical work involved in implementing an exit strategy, and the accompanying change management necessary to prepare your staff, all become exponentially more complicated as the number of users grows, the amount of data increases, and the structure of the data stored in the platform becomes more complex.
The good news is that we’ve yet to see a platform that we weren’t able to extract the data from as a one-time process to move to another platform. But in many cases, it’s been a challenge for our clients to untangle themselves from long-term vendor lock-in situations that can’t be ignored any longer.
While it may seem like an insurmountable task to get all of your organization’s data out, it’s better to address the issue head on rather than ignoring it and hope that the problem will solve itself.
Need help getting out of a vendor lock-in situation? Contact FireOak – we can help!
