THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Choosing the right partner services When it comes to IT Security and finding the right vendor to help keep your organization the task could be daunting to say the least. As we come to the end of the year, there are a lot of us who are looking to find vendor “partners” to help us. With the increased focus on security, organizations are finally seeing that they need to spend a little money to get the services that they need to protect the business, but most of all, their customers. Support Outline One of the worst things that you can do is go shopping for a vendor without a clearly defined need or service that you are looking to find a vendor for. This can lead into looking in all the wrong places and then spending your precious budget on services that don’t quite get the job done. This is a huge mistake that many IT Security Managers fall into. In order to get the biggest bang for your buck, you should outline what you are looking for. Here are a few questions you should ask when looking at a potential vendor:
Vendor Risk Assessment It is not only important to identify what sort of problem the vendor or Managed Service Provider (MSP) will provide your organization, but also what sort of risk they may pose to your business as well. Risks can come in many forms and this is especially true when you start giving access to your network to companies you won't have control over. (Any sort of access should be spelled out in the contractual agreement). Here are some questions that can help with evaluating the risk of the vendor:
These are some basic questions that can help you determine if there is a risk to your enterprise network posed by a potential vendor. If there is more risks posed by the vendor than the organization can handle, then looking at another company will be in order. The goal with picking a vendor is to reduce the overall risk exposure to your company, not to increase it. (Thanks to my fellow colleague for suggesting the addition of this section). Selling, Selling, Selling
As we get to the end of the year, the sales staff for the various vendors will be pushing to make the sale and may offer discounts if you sign early. While this may be something that may push you to sign early, due diligence as to how the product or service may fit your needs should be tested prior to any contract being signed. Conducting a Proof of Concept (POC) test prior to the implementation of a solution should happen. If you are not able to do so because of the need of the solution, make sure, you go with one that checks all of your boxes for the needs that you have. While the sales teams will want to make the sale to help their numbers at the end of the year, the one thing to remember is that you will have to live with the solution for however long you sign the contract for. It can either be a positive experience for you, or a living hell. It is up to you, but remember they will be working with you to accomplish your requirements. There is no reason to settle for a sub-standard vendor that won’t be a great partner for your business. Making the Sale After you have looked at several different vendors for the services, you are looking to fill. It comes the time to actually sign the contract. If you have a board or a group of executives that you have to go through to get funding for your projects, there might be a timing issue. The best thing that you can do is be honest with your sales team and let them know that ahead of time. Honesty will go a long way with creating a partnership with your partner vendor teams. If they know that they can trust that you are not just stringing them on, then they will do their best for you as well. Summary Choosing a vendor or a MSP can be one of the most difficult things that we do as IT Security Professionals. Whether we are looking to make recommendations to senior management or if we are the decision makers, the task can be one that can take up a majority of our time for at least a few weeks or even months. It is important to keep in mind that the work we put into this process will be rewarded with a relationship and partnership with a company that we can rely upon to do what we need them to. Whether you are looking for a particular type of service or a variety of solutions, the time you take in choosing the right vendor will go a long way in helping to secure your organization.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|