How do you keep vendors in check for security reviews?
Sr. Director of Enterprise Security in Software, 5,001 - 10,000 employees
For us, that review is annual, and we try to do it around renewal time. Three months ahead of renewal, we start looking at whether this is the right tool for where we are. As a company, Rubrik is not where it was four years ago. What we're willing to accept as a risk from a supply chain vendor today is significantly different from what it was even a year ago. Someone might say, “Well, you rubber stamped this a year ago,” but a year ago we weren't in the exact same position as we are today. Even if a tool was okay a year ago, let's see their most recent pen test. Now, I may have much more sensitive data, or maybe there is more sensitivity around not being hacked before you IPO, if you're on that track. Don't be afraid to break up with that vendor if they're no longer the right one for you.Content you might like
Software category14%
Organizational structure45%
New operating model19%
Buzzword21%
575 PARTICIPANTS
Yes54%
No32%
Unsure12%
512 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees
I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read more
When I have an issue, I might have to reprimand them, but if they respond well, I'll be there to back them up and tell everybody they have their shit together. We all have problems, so give them a bit of a breathing room. That has always worked for me both as a vendor myself, as well as having vendors sell to me.
Partnerships are key. I think we sometimes forget that you have to pick a partner that's going to grow with you. For whatever tool or technology you're picking, the vendor needs to have a roadmap that matches what your roadmap is, or else you have the wrong vendor. And the flip side of that is sometimes you outgrow a tool or you outgrow a vendor. They may have been the right vendor for a certain scale, but they aren’t once you scale up.