Because it becomes a more and more important topic those days. A lot of tweets are being written to complain about various SaaS provider behaviors. Let's explore platform risk.
Platform risk is a risk introduced by relying on someone else's platform or infrastructure for parts of your activity.
The main issue associated with platform risk is that by using an external provider, you're giving up some level of control. You enjoy what the provider offers you but are also dependent on their behavior.
Any decision they make can impact you, both related to their product or their business in general.
Some example of issues that can arise, with different level of possible impacts, are:
By loosing control on some part of your stack, you introduce a risk that can kill your activity if you're not careful and think about what would happen when something goes wrong.
Some recent examples of things gone wrong:
My @heroku account has been deleted, bringing down all my applications.
No message, no email. Has anyone ever had this happen to them??
— Danny Postma (@dannypostmaa) February 12, 2023
The gumroad price increase highlights the risk of using someone else’s platform
— Nat Miletic (@natmiletic) December 18, 2022
You will never be able to remove all risks, it is something inherent to your activity. The choice of your tech stack and its component in itself amounts to a platform risk.
It won't be the case, and if it is today, there is no guarantee it will be tomorrow.
You have to be important enough for them to consider you. And even if you are, ultimately, they have their own interests first. They will try to do what's best for them. It is very likely that they will try to make things right for you too, but... it won't be their number 1 priority.
Reducing your exposure to platform risk is not always easy. Sometimes, there may not be any good alternative or option. You just need to be aware of it, and progressively take steps to mitigate it and reduce your exposure where you can based on how risky things are.
That's one key aspect is to choose your provider carefully.
Usually, the more stable a supplier is, the less surprise you will get.
It can mean that they don't exactly fit with your needs. But, that may be better. In most cases, you can build the missing pieces yourself and bridge the gap in a better way for you. A way that both matches your processes and that you can rely on.
It doesn't mean that there won't be any surprise, and the surprises can have a bigger impact on you if you don't anticipate them. By using something more established, you will tend to have a greater trust in it. Therefore being less prone to consider what can happen if things go wrong.
Few criteria to consider are:
You mainly want to understand how easy moving away from your provider can be if you need to.
One thing to try and avoid is vendor lock-in, not being able to move away at all, as well as any loss resulting from the provider's business disappearing suddenly.
One critical aspect of that is to make sure you 'own' your data. That you're able to access it whatever happens. So make sure that you can possibly back everything up and have your own copy.
Ideally, this data should also be in a format that you can reuse and easily make sense of.
You should be looking at anything that can limit the transition period.
That mainly apply if your building a tool that target a specific platform or provider. For example a plug-in, a mobile app, an app, ...
One way to mitigate that is to expand your product to one or more other similar platform. For example, if you have a Shopify app, you could explore adding support for Woocommerce, BigCommerce, Magento, ... That way, if something happens (they recently dumped a whole new set of feature making a bunch of 3rd party apps obsolete), you wouldn't loose your whole business at once.
Another great option to limit the impact providers can have is to take ownership of the product/software when you can. By taking ownership, I mean controlling the environment it runs in. That way, you're not as exposed to their change of policy or risk of the product disappearing.
But, in that case, you need to be ready to maintain the environment / tools / ... yourself. To keep them safe, up to date and performing to their best.
Sometimes, you can't have multiple suppliers, or it is not convenient to. Accounting software, HR software, payment providers, ... for example.
In the case of payment providers you would likely choose one such as Stripe, Paddle, Braintree, ... and be done with it.
That's fine.
However, it exposes you to any change of policy, direction, price, ... that they may decide.
In that context, it can be a good idea to increase the 'swapability' level (how easy it is to replace A with B). That means reducing the contact surface between your stack and the provider so that you could adapt it without having to change everything you have.
In some cases, finding a replacement or limiting dependencies may not be possible. In that case, it is best to be aware of it. Just accept and be realistic about it.
Finally work to diversify other aspects of your business to not have all your eggs in the same basket.
When building and delivering your business or software, it can be a great idea to rely on 3rd party providers to do tasks for you. It has a lof of pros. I even recommend doing it as it reduces what you need to do yourself, you benefit from other people expertise and reduce your workload. But, it also introduces new potential issues that you need to be aware of and evaluate when making your decision.
Build things to make them work first, then expand to make them last