You’re convinced you need a new car, even though you already own several vehicles, a bike, and live next to the train station. But, you won’t be swayed; you must buy a new car because nothing else will solve your transportation challenges.
Could you imagine walking into a car dealership without:
- Figuring out what kind of car you need
- Setting a budget
- Researching available models
- Test driving more than one possible choice
Could you imagine buying on the spot because you’re getting a “great one-time-only deal”?
No way, right? Who would buy so recklessly?
But this approach – little or no planning, poor testing, bogus discounting from vendors – is how many organizations go about selecting new information security solutions.
There has to be a better way. And there is.
Technical Buyer Blues
Information security teams often do a poor job:
- Utilizing the solutions they have to satisfy new requirements
- Assessing real business needs (not just technical requirements)
- Analyzing existing infrastructure and integration points
- Researching and testing solutions
- Preparing for ongoing operation, support, and maintenance burdens
Technical buyers often base decisions on documents provided to them by vendors, or on market analyses from large analyst firms – not from first-hand experience.
Procurement Bad Habits
The first question procurement teams should ask is: “do we need another solution?”
The next question should be: “can’t we use something we already have to satisfy this requirement?”
It’s Procurement’s job to act like the conscience of the organization, pressing technical teams to prove that yet another tool is truly required.
Unfortunately, Procurement teams often prove their value only by demanding significant discounts on product price. When they get these “discounts” they claim it’s evidence they’ve saved the organization hundreds of thousands, perhaps millions, of dollars. Or, they exact some other concession:
- Free training
- Reduced cost professional services
- Free “premium” technical support
None of these items are, or will ever be, free to the buyer. The costs are simply buried elsewhere.
And, Procurement isn’t getting a great deal if they get the price down from $1M to $200k – if the solution isn’t needed – and if the final price was what the vendor knew they were going to end up at, all along.
It’s just an inefficient, predictable dance.
Vendors to the Rescue!
Vendors know how technical buyers buy, and how procurement teams procure – and they play the system by:
- Supplying “neutral” requirements scorecards and “independent” analyst reports (which are neither neutral nor independent)
- Allowing months-long testing periods (when a few weeks suffice)
- Approving massive discounts from MSRP
MSRP is often artificially inflated by vendors to allow for discounts of 50%, 60%, even 90% from “list price”. It’s a sham – but the Procurement team can claim they’re getting an amazing deal, right?
Are we so numb to this tired old sales process that we can’t imagine a better, smarter, or more efficient way to buy?
Let’s commit to buying better through transparency, simplicity, speed, and trust.
Here’s our 8-step playbook:
- Upfront disclosure of existing vendor relationships
- Written technical needs, functional requirements, infrastructure constraints, initial and ongoing budget amounts
- Review of peers’ first-hand implementation experience, independent 3rd party research, and anonymized vendor responses to a uniform technical assessment questionnaire
- Procurement conflict-of-interest check, followed by vendor shortlist of three vendor solutions – ensuring all necessary purchasing paperwork is in place first
- Brief, time-limited technical “bake-off” test period in an as-close-to-Production-as-possible environment, utilizing a standard suite of test cases
- Technical scoring of the top two vendor solutions
- Demanding a “clear, complete, best, and final” proposal from both vendors that includes all fees upfront (activation, training, professional services, support, etc.)
- Final procurement award to the highest scoring vendor solution (and reseller)
And, no shenanigans with 11th-hour counteroffers. Make the right choice and stick with it!
On the Road to Recovery
It’s clear we could all improve our buying habits. We can start by buying fewer solutions and using the ones we already have. Buying better creates more work for technical buyers, decision makers, and procurement professionals, as well as vendors and resellers.
But the inconvenience of buying “right” is worth it many, many times over:
- Understanding what you need and how you’re going to use it
- Choosing the right solution
- Paying a lower cost now and later
- Saving time and effort throughout the sales process
Now, ladies and gentlemen… start your engines!
Sean Steele is Co-Founder, Managing Partner, Technology & Professional Services at Infolock.
- CISO, We Have a Problem
- Managed DLP Services
- Drowning in Data?
- Buying Bad
- Learning from the Equi-Fail
- Data is the New Black
- Data Loss in a Galaxy Far, Far Away
- Peak Vendor: Reclaiming InfoSec Priorities and Budgets in the Age of Big Marketing
- The Four Do’s of DLP
- Building a New MSSP, Overcoming the DLP Blame Game