Even though he had "never had a support issue" with Firespotter, when Red Robin launched the NoshList pilot, Laping initially made it available to only 50 restaurants, with the proviso that the restaurant staff itself had to be prepared to provide support. Laping insisted that the employees use the chain's internal social network to share support questions and answers among themselves, rather than banging on his IT staff. Another method: Let the startup train IT staff to provide tier 1 support, while still relying on the startup for tier 2 support.
It's also a good idea to protect yourself through various methods of acquiring the code for an application in the event a startup fails. These include setting up escrow accounts for the code, or — if the startup decides to take the company in a different direction — setting up a plan to acquire early versions of the code so, if needed, the enterprise can integrate it itself into its own ecosystem.
CIOs may have to even go so far as to determine how working with untested companies may affect their reputation. "Think about whether it fits with your brand," advises consultant Galbraith. A conservative bank that's found to have used a security startup but still suffers a breach is not a story a CIO wants to see in the press.
"But if you're the Canadian space agency and you're using a grid-computing startup, that's okay," Galbraith says, "because you're supposed to be leading edge."
Sign up for CIO Asia eNewsletters.