Software Supply Chain Diversity

Many consumer based brands have worked hard in recent years to diversify their supply chain. Increased geopolitical tensions have pushed many major American companies to diversify where they manufacture their products. The COVID-19 global pandemic accelerated this trend, as health protocols took priority over economic growth and production. 

Much of the focus of supply chain diversification is focused on physical products, as they are naturally most susceptible to major geopolitical, trade related, or global health related disruptions. Less focus, however, gets placed on software supply chain diversity. The world of cloud computing services, APIs, data feeds and large language models power a great deal of the global tech ecosystem. The ease of access to amazing tools has never been better, but it comes with a degree of risk for all companies, much in the same way Apple would have risk, should they choose to produce iPhones in a singular factory.

Over the course of the past year OpenAI has almost single handedly created an industry around large language models as a service. Last week, OpenAI announced the launch of their newest GPT-4 Turbo model and the ability to customize agents for a specific use. With an influx of activity and perhaps some bad actors the following day, OpenAI experienced a temporary outage that impacted all of its customers. While this is certainly inevitable with any product, it serves as a valuable reminder in the need for software supply chain diversity. 

For many companies, service providers such as OpenAI are critical components to their technical stack. An outage with a provider will almost certainly create an outage downstream to many customers. The discontinuation of a specific service or a longer than usual outage from any technology provider serves as a massive risk for companies using their services.

As Azure, GCP, and others entered the cloud computing industry to compete with AWS, OpenAI will, and already has, create its own competitors. In addition to the free market benefits consumers gain from competition, it also provides an opportunity for businesses to de risk by diversifying their software supply chain.

Seed stage startups going from 0 to 1 likely do not need to worry much about managing software supply chain risk, as their customer base is smaller, their technical footprint is smaller, and the need for speed outweighs the benefit of increasing supply chain diversity. Software supply chain diversity is a luxury item for a startup, but it is a necessity for a mature business. More mature companies both tend to have the resources to de risk technically, and their risk is much higher with a more sizable customer base. I look at this much like a homeowner’s insurance policy. Early stage startups need to put a roof over their heads before buying homeowner’s insurance. Once you own a home, as a mature company, you then get homeowner’s insurance to protect your valuable belongings; in this case, that is your strong customer base.

In short, the need for supply chain diversity in software might be less apparent than it is for Nike or Apple, but it remains a risk for all software companies.

What does supply chain technical diversity look like, in practice? This could mean maintaining API keys with both OpenAI and its competitors. It could also mean having a product that can leverage multiple different offerings from OpenAI or even the ability to use multiple different models. It could mean having resources in multiple regions within AWS or even leveraging multiple cloud computing services. With these examples in mind, both intra-provider and inter-provider technical diversity play roles. Together, they manage both provider centric risk and product centric risk. Even having knowledge and awareness of alternatives can help a company with regards to price negotiation with a technology supplier while also enabling swift action in the event of a major outage.

By having software supply chain diversity, should a provider have an outage, a specific product of theirs has an outage, or even the discontinuation of one of their offerings, customers are covered with contingency plans. Their technical problem does not immediately become your technical problem. At a bare minimum, maintaining more diversity will let founders sleep a little easier at night, and in it’s most extreme case, it can completely save a business from a severe outage causing significant customer attrition.