The Vendor Who Knew Too Much

I watched it happen in slow motion.

The vendor relationship had started five years earlier. A small integration. Nothing critical. The kind of thing you sign off on in fifteen minutes because the monthly cost is lower than the CEO's coffee budget.

Five years later, that vendor was running forty percent of the company's operational infrastructure.

How It Happens

Nobody plans for vendor dependency. It creeps.

Year one: they handle a small integration. Year two: someone asks them to build a custom module because "they already know our system." Year three: they're managing a critical workflow. Year four: they have access to production databases. Year five: they are, for all practical purposes, your operations team.

The company I was observing had reached year five. And then the vendor raised their prices by 300%.

The Discovery

The real shock wasn't the price increase. It was what the audit revealed afterward.

When the company finally mapped out what the vendor actually controlled, the list filled four pages. Payment processing logic. Customer data pipelines. Reporting infrastructure. Compliance workflows.

The vendor's lead developer — a single person — was the only human being who understood how several critical systems worked. The documentation was sparse. The code was proprietary. The institutional knowledge lived entirely in one person's head, and that person worked for someone else.

"Vendor dependency isn't a technology problem. It's an organizational blind spot. It happens when convenience compounds faster than oversight."

The Math

The company ran the numbers on switching vendors. The migration would take eight months, cost $1.2 million, and require freezing feature development during the transition.

Staying with the vendor at the new rates would cost $800,000 per year.

The real cost — the one nobody calculated until I asked — was the five years of paying below-market rates while accumulating operational debt that now made switching nearly impossible.

The cheap vendor was the most expensive decision the company had ever made.

What I Witnessed

I've seen this pattern in organizations of every size. The details change but the shape is always the same:

A small convenience becomes a large dependency. The dependency becomes invisible because it works. Then something changes — a price increase, a key person leaving, a compliance requirement — and suddenly the invisible dependency is the only thing anyone can see.

The companies that avoid this aren't the ones with better vendor management policies. They're the ones where someone, somewhere, is tracking the things that are too convenient to question.

That's the job. Not the dashboards. Not the strategy decks. Watching the things that are too convenient to question.