Spend enough time in conversation with analysts and technology executives, and you’ll find that a critical blind spot keeps emerging as a theme: enterprise leaders are deeply dependent on a narrow set of communications vendors, and most haven't asked enough questions about what that dependency actually costs them.
When Familiarity Becomes a Liability
Tech analyst Jim Lundy puts it succinctly: leaders are often "too dependent on a select set of providers that may not be meeting their needs, and sometimes they don't know what their needs are."
To be fair, this is not unusual in mature vendor relationships. Requirements get set at contract time, the platform becomes part of the organizational furniture, and nobody revisits the original assumptions.
This conundrum is exacerbated by human nature. When you're already locked in, asking complex questions about governance and security feels like a threat to the relationship, so most organizations just don't. But if you are not actively defining and revisiting what you need, you really have no basis for evaluating whether you're getting it.
The result is that organizations keep renewing contracts with providers that are not properly evaluated against what actually matters.
What Due Care Actually Looks Like
Mitel Chief Technology Officer Luiz Domingos says that most vendors are simply not talking about data, security, and AI governance.
This is important because enterprise communications generate a substantial volume of sensitive data, from call recordings and transcriptions to workflow logs and more. That data has value, carries regulatory weight, and creates liability if mishandled. Yet many vendors treat data stewardship as a secondary concern, if they address it at all.
"Many companies are noticing that that's an important contribution," Domingos notes, "but the vendors are not exercising due care for the privacy, for the security behind the data."
For IT leaders, this is worth digging into. If your vendor hasn't proactively shown you their data governance model, you should be asking why.
Walled Gardens and the Interoperability Problem
The structural issue runs deeper than any single vendor's privacy practices. Industry analyst Zeus Kerravala describes what many IT teams are experiencing: vendors have built walled gardens around their platforms, and they're not in a hurry to open the gates.
"The one thing IT and business users are looking for today that they're not getting from the vendor community is the ability to break these walled gardens," he explains. The downstream effect is predictable: limited application-to-application interoperability, growing data silos, and increasing friction every time the business needs systems to talk to each other.
When data can't move cleanly between platforms, decisions get made on incomplete information. That's a strategic liability that is magnified by the regulatory stakes of enterprise operations today.
The Hidden Complexity Under "Just Make a Call"
There's a perception problem that actively complicates matters, which is that enterprise communications looks deceptively simple from the user side, says technology strategist Evan Kirstel: "It seems so simple, on your phone, making a phone call, receiving a phone call … but to do that in a secure and compliant and enterprise way, there's a lot to that."
Communications infrastructure is not a commodity. When compliance requirements, security architecture, and AI-generated workflows are layered in, the complexity multiplies rapidly. Leaders who treat their communications stack as a utility rather than as core infrastructure tend to underinvest in vendor scrutiny, and overestimate how easily they could switch providers if something goes wrong.
The Case for Vendor Diversity
The most direct strategic response comes from Mitel Chief Marketing Officer Eric Hanson, who has worked with organizations across industries on communications resilience:
"There are a lot of companies out there that are sort of single-threaded through one or maybe two vendors. And sometimes vendor diversity can be a really healthy thing to really help address the security concerns, but also create resilience and enable you to better manage and control business continuity across your organization."
Vendor diversity isn't about complicating your stack for its own sake. It's about maintaining negotiating leverage, reducing single points of failure, and ensuring that no one provider has unchecked control over a) how your organization communicates, and b) what happens to the data those communications generate.
What to Ask Before Your Next Renewal
If your communications vendor hasn't brought up data governance, AI accountability, or interoperability in recent conversations, it’s worth addressing. A few practical questions serve you well as a starting point:
- Data ownership: Where does your communications data live, who can access it, and what are the vendor's obligations if you leave?
- Security architecture: How is data encrypted in transit and at rest, and how are AI-generated outputs (transcriptions, summaries) handled?
- Interoperability: What APIs are available, and does the vendor actively support integration with the rest of your stack?
- Vendor concentration: If this provider were acquired, sunset a product, or changed their pricing model, how exposed would you be?
These questions are the baseline of due diligence for infrastructure that touches every corner of your business. The vendors worth working with will welcome them.
If you're not sure where your current vendor stands, or you've never had this conversation, that's worth knowing too. Connect with a Mitel specialist about your communications security and data governance strategy.