How can you give yourself as much flexibility as possible to decide when to go with best-of-breed capabilities? How do you ensure you're not sacrificing the quality of your security solutions at the altar of vendor consolidation?

Applications & PlatformsSecurity & GRC
178 viewscircle icon3 Comments
Sort by:
CISO in Finance (non-banking)2 years ago

It all comes down to regular vendor reviews and assessments, regardless of whether you're locked into an agreement with a vendor or not. It's crucial to determine whether the vendor is covering what you want and where you want to be. This involves defining your needs through assessments and reviewing them on a routine basis. Each time you have a vendor renewal, you should reassess everything, as your risks and vulnerabilities are constantly changing. This comprehensive assessment will allow you to decide whether it still makes sense to stick with your current vendor or if it's time to switch to a new vendor who can provide something better.

Director of Information Security in Services (non-Government)2 years ago

When choosing a vendor, it's important to take into account all of your internal requirements. This includes whether you're moving towards cloud-based solutions or developing an arm in your organization. You should stand up all your vendors, present them with your list of business requirements, and ask how their toolset can address these requirements. It's also important to ask whether they can deliver these solutions without adding additional skews to their product. Ideally, you should be able to configure their product to address all of your new and existing business requirements.

Director of Cyber Engineering in Healthcare and Biotech2 years ago

Understanding your requirements is key. You have all the flexibility you want until you make a decision. Therefore, it's crucial to understand what you're trying to decide on and how you're going to make that decision. It's also important to build deliverables into your agreements. If you do this correctly, you'll have a way out if things don't go as planned. If you don't, you'll be locked in, making it more difficult to change vendors if necessary. Understanding what you're trying to solve and the issues with your current solutions will give you the flexibility to make decisions. Ultimately, you should choose a vendor that can meet most of your needs to a satisfactory level. This will give you enough flexibility to decide whether you want the best of breed or more consolidated solutions.

Content you might like

What do you do when an existing vendor embeds AI into an implemented platform without prior warning?

What topics would you like to learn more about / be most likely to attend a webinar on?

Ransomware / Malware / Phishing34%

Privacy29%

Cloud Security56%

Network Security38%

Zero Trust vs. VPN33%

Remote Workforce Security24%

Seamless User Experience12%

Legal and Regulatory Compliance5%

View Results

To what extent are organisations actually realizing measurable value from AI-enabled capabilities in GRC platforms, and to what degree is embedded AI now viewed as a core, expected feature in GRC tool selection rather than a nice-to-have add-on?

What "tells" have you noticed for AI-generated text (i.e., typical words/phrases, or other patterns indicative of GenAI)?

Read More Comments

Are you planning a project to transition existing manual app testing to automated testing?

Currently satisfied with our level of test automation19%

Plan to start an automation project in the next 1-6 months56%

Plan to start an automation project in the next 6-12 months16%

Plan to start an automation project in 13 or more months5%

Don't know2%

View Results