When Broadcom’s acquisition of VMware triggered significant licensing and pricing changes across the market, many organizations found themselves scrambling to respond. According to CM Law Co-Founder and Managing Partner Heather Clauson Haughian, the organizations that weather vendor disruptions most successfully aren’t necessarily the fastest to react — they’re the ones that planned ahead.
In the recent InformationWeek article, “Before the Next VMware: How CIOs Prepare for Vendor Shocks,” Heather discussed how technology leaders can proactively assess and manage vendor risk before a crisis occurs.
Emphasizing that vendor risk management should be an ongoing business practice rather than a reactionary exercise, she explains that as organizations become increasingly dependent on third-party technology providers, understanding exposure and building resilience have become critical leadership responsibilities.
Heather recommends evaluating vendors through three key lenses:
- Criticality — What happens if a vendor suddenly disappears or dramatically changes pricing?
- Concentration — Where has dependence quietly accumulated across platforms, systems, or regions?
- Likelihood of Change — Is the vendor’s business strategy, ownership, or product roadmap signaling future disruption?
She also advises organizations to create detailed dependency maps that identify every system, contract, data flow, and integration connected to high-risk vendors.
“For every high-risk vendor, I document what they touch: systems, contracts, data flows, integrations,” she says. “If I can’t draw a clear picture of the dependency, I don’t actually understand my exposure.”
The article further explores practical strategies for building resilience, including maintaining viable alternatives, negotiating stronger contractual protections, and establishing early warning indicators that help organizations anticipate vendor-related challenges before they become crises.
Heather’s key message is straightforward: organizations should regularly challenge themselves with one important question: What if this vendor disappeared tomorrow? The answers, she notes, often reveal vulnerabilities that can be addressed long before they become business-critical issues.
As technology ecosystems continue to evolve, CIOs and business leaders should develop a roadmap to strengthen operational resilience, preserve negotiating leverage, and reduce the risks associated with vendor lock-in.
If you have questions about building a proactive vendor risk management strategy for your organization, you can connect with Heather here, or click here to read the full article.
CM Law (cm.law) – formerly Culhane Meadows – is the largest national, full-service, women-owned & managed (WBE) law firm in the United States. Designed to provide experienced attorneys with an optimal way to practice sophisticated law while maintaining a superior work/life balance, the firm offers fully remote work options, a transparent, merit and math-based compensation structure, and a collaborative culture. Serving a diverse clientele—from individuals and small businesses to over 40 Fortune-ranked companies—CM Law is committed to delivering exceptional legal services across a broad spectrum of industries.
The foregoing content is for informational purposes only and should not be relied upon as legal advice. Federal, state, and local laws can change rapidly and, therefore, this content may become obsolete or outdated. Please consult with an attorney of your choice to ensure you obtain the most current and accurate counsel about your particular situation.
