What questions should a new security leader ask before starting the journey of vendor consolidation?

Vendor ManagementSecurity Strategy & RoadmapSecurity & GRC
333 views3 Comments
Sort By:
Oldest
CISO in Finance (non-banking)7 months ago
The "why" is broad but important. Are you addressing gaps in security? Are you adding value to the overall security? Are you going to be addressing everything that you have, or are you going to be leaving any holes because of this? All of these factors must go into the decision-making process. Even if saving money is the primary goal, you still have to consider the extra things that go into it, such as the teams that have to work on implementation and the potential need for integration with other tools. The value of saving money alone is not enough to push something. Other questions must be answered as well.
Director of IT in Healthcare and Biotech7 months ago
The first question that should be asked is "why?" Why would they want to consider doing this in the first place? This question will be revealing and there's something substantial behind that answer. If their response is along the lines of "it sounds like a cool idea", that's probably the wrong answer.

If the consolidation is purely from a cost perspective, it may not be the best step forward to keep your costs down. You can approach vendors and make them compete against each other to reduce your costs. So, the first question should be, "Why do you even want to consider doing this?" Once you have that answer in detail, then you can start to peel that apart and figure out if this is something you should do or not.
1 Reply
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Director of Information Security in Services (non-Government)7 months ago

Additional questions could be related to your business case and compliance requirements. Will this consolidation help solve these? There must be more discussions and risk assessments around just going with the best quote.

Content you might like

If you have had a negative experience with a vendor (without naming the vendor), what did you learn from it?

Financial ManagementVendor Management
VP of Global IT and Cybersecurity in Manufacturing6 years ago
Have clear business requirements up front, make sure the proposal includes items such as scope, timeline, cost, resources.
Read More Comments
22.1k views3 Upvotes28 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes

What’s on your IAM roadmap for the next 18-24 months?

Identity & Access Management (IAM)Threat & Vulnerability ManagementSecurity Strategy & Roadmap
Director of IT in IT Services4 days ago
Implementation of Zero trust architecture, its modules across the organisation is a priority for us. So, we will be implementing zero trust strategies in IAM, inline with overall strategy.
1.4k views1 Comment

How can CISOs influence (or perhaps even contribute to) the business’s AI adoption strategy?

Security Strategy & RoadmapSecurityDisruptive & Emerging Technologies+3 more
CISO in Manufacturinga month ago
CISOs have a unique opportunity to proactively shape their organization's AI adoption strategy, Because AI adoption is either in the process of emerging or companies that have already gone down a path are readjusting their ...read more
1
Read More Comments
701 views6 Comments

Are below the operating system vulnerabilities a top concern for your organization?

EngineeringGovernance, Risk & ComplianceSecurity & GRC+1 more

Yes79%

No20%

5k views3 Comments