What strategies can improve work relations with cybersecurity vendors, particularly during the buying process, and what is essential for maintaining a positive relationship after acquiring the product?
Sort By:
Oldest
Director of IT in Healthcare and Biotecha year ago
I'll try to give a pragmatic answer that will hopefully be beneficial to both sides.Customers - it's helpful to do some homework about the product before any sales calls, RFPs. Review their website or ask for some product materials. It will make for a more meaningful and informed discussion. Be clear about your objectives and business/security challenges you are trying to solve.
Vendors - one common complaint I hear from peers is not listening. There have been many-a-times where a vendor has tried to sell me something without even asking what problems I'm trying to solve. Take time to understand what the customer is looking for. Be honest about what your product can and can't do. How can your product address the specific needs mentioned?
Resellers - the right reseller can really help navigate the buying process, but a bad reseller can make things way more complicated than it needs to be. I've had the privilege to work with some great ones, but also very poor ones as well. The good ones have always invested the time to understand the needs of the customer. The bad ones have usually just tried to push products whether they were suitable or not.
- scope of work should be exactly and detailed planned, as well as KPI's to measure achievements of goals
- goals should be set realistic
- during buying process you should have well defined criteria to choose vendor, we usually use weighted scoring table to have it also well documented
- you need to check overall costs (TCO), specially is important how much it will costs you to add additional seats or features for cybersecurity products or services you are buying
- you must check integration possibilities with other solutions or products which might you use
- extremely important is to have well defined support process, path of escalation of problems and issues
- define process for emergency situation. If you have zero day attack or vulnerability time to react and take necessary measures is critical
- you should have nominated person on vendor's side who is your primary contact for all activities
- you must have regular communications and meetings with vendor to check open topics, problems or issues which might arise, bugs on vendor side etc.