Getty Images/iStockphoto

Feature

Bulletproof IT: How CIOs safeguard the tech supply chain

As geopolitical tensions threaten IT supply chains, CIOs can diversify hardware, prioritize AI workloads and build redundancy.

Tim Murphy
By
Published: 30 Sep 2025

China's anti-monopoly investigation into Nvidia has added fresh uncertainty to an already fragile global technology landscape.

Regulators have tied the probe to Nvidia's acquisition of Mellanox Technologies, a multinational supplier of computer networking products. However, its timing -- coinciding with U.S. export restrictions on advanced chips -- has led analysts to view it as part of a broader rivalry between the U.S. and China.

For CIOs, the episode highlights the importance of safeguarding IT operations against external shocks. The core building blocks of modern technology -- chips, cloud platforms and enterprise applications -- are increasingly exposed to geopolitical risk. CIOs must weigh the benefits of resilience against the potential for increased complexity and higher costs.

"There's a tradeoff between consolidation, bundling and optimization, which gives you economies of scale … versus diversifying and having multiple components so you're trading off cost with risk," said Joe Locandro, global CIO at Rimini Street, an enterprise software support company.

CIOs should understand how to diversify their IT supply chains to reduce vendor lock-in and limit supply chain risk.

How can CIOs build resilience into the IT supply chain?

Strategies to diversify the tech supply chain differ across the stack -- hardware, AI, cloud and applications.

Hardware

If tariffs or import duties raise costs, CIOs with extensive on-premises hardware -- such as servers, PCs and data center racks -- can face higher expenses. However, hardware is the easiest part of the tech stack to diversify, said Fabian Bodoky, vice president at Efficio, a supply chain consultancy.

Bodoky suggests CIOs take the following steps:

  • Work with multiple suppliers to eliminate dependence on just one.
  • Reserve capacity early to ensure supply during a disruption.
  • Share clear, consistent forecasts with suppliers.
  • Build a close relationship with suppliers to get early warnings of disruptions.

In addition to these strategies, organizations with extensive on-premises hardware can also move to the cloud or delay hardware upgrades, Locandro said.

Cloud environments help CIOs reduce their reliance on physical hardware altogether. This shift can also increase flexibility and scalability, making it an option for organizations looking to mitigate the effects of hardware price increases.

On the other hand, organizations that prefer to maintain on-premises infrastructure can delay upgrades from every three or four years to every five or six years, Locandro said. While this approach carries some hardware failure risk, it can offset the financial burden of higher hardware costs.

AI

AI supply constraints differ from the rest of the stack. GPUs, foundation models and skilled talent are scarce and concentrated among a few players, so CIOs can't just add another supplier like they would with servers.

Instead, CIOs can take the following steps:

  • Prioritize what projects truly need advanced compute.
  • Secure capacity where possible.
  • Use model-efficiency techniques to get more out of limited resources.

These steps help reduce disruption risk while keeping costs under control. "It's really around understanding your own needs, then forecasting those so you can then prioritize," Bodoky said.

Cloud

Some organizations take a multi-cloud approach to avoid vendor lock-in, but this approach has trade-offs. Organizations that run two or more clouds must duplicate skills, tools and governance processes, which adds cost and complexity.

"Diversifying cloud providers has so much impact on your design and your solutions that it's probably not the way," Bodoky said.

But others view multi-cloud as both common and manageable.

"In my career, I've always had a combination with Azure and Google. Some people have a combination of AWS and one of the other two," Locandro said.

The best path often depends on organizational size and maturity. Large enterprises with deeper technical resources can absorb the complexity of multi-cloud, and the added flexibility helps them prepare for mergers or acquisitions that involve different providers. Smaller firms, by contrast, gain more by splitting workloads across regions within a single cloud, which strengthens resilience without overextending their teams.

Applications

Applications form one of the toughest layers to diversify. Enterprise software -- such as ERP and electronic healthcare records systems -- require complex integrations, heavy customization and long implementation timelines. Therefore, redundancy brings high cost and operational risk.

"They don't swap out easily. So, when you're looking at supply chain up the technology stack, it gets harder as you get closer to the user -- except for the laptops and phones," Locandro said.

Some applications remain more flexible. For instance, organizations can swap accounting tools and point-of-sale (POS) platforms, but migrations still disrupt operations.

Former Sonic Drive-In CIO Craig Miller lived this tension. The company once ran five different POS systems simultaneously, then consolidated to a single platform for simplicity.

When that platform had problems early in the deployment, confidence in the tool fell. Miller later decided to adopt two POS systems in case one system failed.

"I convinced our CEO and our board -- [I said] let's go to two. It's not ideal, but given the environment … it'll give us some redundancy," Miller said.

Tim Murphy is site editor for Informa TechTarget's IT Strategy group.

Dig Deeper on Risk management and governance