Yannick H.,
Too Long; Didn't Read
Three to five active vendor relationships are the productive sweet spot for Swiss SMEs with 200 to 500 employees. Fewer create dependency; more eat up savings through coordination. What matters is not the number, but that each vendor has a clear role and that you know what happens if one drops out.
For Swiss companies with 200 to 500 employees, the productive zone is three to five active vendor relationships. This is not a gut feeling. It is the pattern we repeatedly see in sourcing projects: fewer than three creates dangerous dependency, more than five eats up savings again through coordination effort.
The question is not whether this number is right for you. The question is why you are probably deviating from it—and what that costs.
One vendor: the comfort trap
Many companies of this size have one dominant IT partner. A managed service provider that gradually took over the infrastructure, then support, then security, and eventually the cloud contract as well. One invoice, one point of contact, no coordination.
That works—until it no longer works.
The MSP knows that switching takes six to twelve months. They know your data is in their infrastructure. They know your internal team has lost oversight. This is not an accusation; it is a dynamic that emerges structurally when one partner becomes too dominant.
There is also a second problem: you lose market intelligence. After three years without comparison, you no longer know whether the price is market-appropriate. You are not negotiating—you are just signing off. (We documented the patterns behind this in You want to switch, but you can’t.)
Risk profile: single-vendor model
Price risk: high. No benchmark, rising costs without resistance. Operational risk: high. If the partner fails or is acquired, there is no Plan B. Knowledge risk: high. Internal know-how erodes because the partner “handles everything anyway.”
Seven contracts: the other extreme
A network provider. A cloud provider. A security service provider. A backup vendor. An M365 partner. A local IT support provider. And someone the former IT manager “quickly” added under contract.
When things go wrong, people run back and forth between parties. Everyone points at someone else. Support tickets end up with the wrong vendor and come back after 48 hours: “Not our area.”
Coordination costs are real. Contract management, onboarding, reviews, escalations. Everything requires internal time. But the bigger damage is loss of clarity. If nobody has the overall view, security gaps arise at the interfaces. Who patches when infrastructure and operations sit with two different partners?
And every third party with access to your systems is a potential entry point. We described this in detail in Your supplier was hacked.
Risk profile: fragmented model
Coordination costs: high. Every additional vendor creates internal administrative effort. Security risk: medium to high. More access permissions, more attack surface, more interfaces. Quality risk: medium. Without central governance, service quality declines at handover points.
The decision framework: four factors
The right number of vendors is not a fixed number. It results from four factors that you must evaluate for your company.
Factor 1: Internal IT competence. The less IT knowledge exists internally, the more important a lead partner with an overall view becomes. If you have two to three experienced IT people internally, you can manage a more fragmented model. If you have no one, you need a strong anchor point with clear boundaries.
Factor 2: Criticality by area. Not all IT areas are equally strategic. Network and security deserve specialized partners. Printer management and basic storage do not. The more critical the area, the more sense a dedicated provider makes.
Factor 3: Market structure. In some areas, there is real competition with three to four capable providers. In others, a de facto monopoly exists (Microsoft 365, AWS, SAP). There, diversification on the service-provider side often delivers more than the illusion of being able to switch hyperscalers.
Factor 4: Speed of change. Companies that grow quickly, acquire, or transform need more flexible structures. A heavily consolidated vendor landscape slows change because everything runs through one bottleneck.
The four-layer model
In well-functioning IT sourcing setups, we see four layers.
Layer 1: Core infrastructure. One lead partner for infrastructure and operations. MSP, cloud provider with a managed component, or local IT service provider. Important: this partner has a defined scope. They handle the foundation, not everything.
Layer 2: Specialized services. Areas with high specialization or high risk are awarded separately. Security is the most common example. A SOC-as-a-Service or CISO-as-a-Service, independent of the lead partner, creates control and avoids conflicts of interest. An MSP that is also responsible for security is auditing itself.
Layer 3: Direct platform relationships. M365, Google Workspace, AWS, Salesforce. These platforms often do not require a middleman. Directly with the provider, managed internally, or via a small implementation partner without long-term dependency.
Layer 4: Project-based partners. Migration, security audit, IT strategy project. No permanent relationship, no lock-in. This layer remains flexible.
The guardrail: no vendor should account for more than 40 to 50 percent of the IT budget. If one drops out, you must know how long a transition would take. Every contract needs a defined term with an exit clause.
Why “consolidate” alone is not enough
“We want to consolidate” is something we hear often. Most of the time it comes from real pain: too much coordination, too many invoices, too little visibility. But consolidation without strategic thinking solves nothing.
Concrete example: one client was proud of its consolidated model. One MSP for everything, one annual contract, one point of contact. The MSP was acquired by a private equity firm, and prices rose by 40 percent within six months. No Plan B, no knowledge of its own infrastructure, no negotiated exit. (Exactly the scenario from You chose the wrong MSP.)
Consolidation makes sense when it reduces complexity. It is dangerous when it reduces strategic control.
The three insights
1. The number is less important than the structure. Three to five vendor relationships work for most Swiss SMEs with 200 to 500 employees. But what matters is that every vendor has a clear role, no overlap exists, and you know what to do if one drops out.
2. Dependency is measured by the exit scenario. If, for any vendor, you cannot say how long a transition would take, the dependency is too high. If you have no reference point for price, you are negotiating in the dark.
3. Governance beats vendor count. One person or function must know: who has access to what? Which contracts expire when? Are the agreed service levels being met? If no one can answer these questions, this is not a vendor problem. It is a governance problem.
If you want to know where your vendor landscape stands and where the biggest risks lie, this is exactly the kind of work we do in a Sourcing consulting engagement.
