Vendor Management

Top Answer: Plenty of coffee dates. :) But on a more serious note you as a CISO need to know what you need and vendors need to have patience and understanding that not all technologies are relevant or needed for a particular organization. Pitching all the products your company offers doesn't make a lot of sense most of the time because there might be overlapping technologies in use and worst case scenario you end up looking desperate as a vendor if you pitch too many things. 

Are IT leaders turning to SaaS Management Platforms to track SaaS usage and spend across the organization?

Top Answer: No plan to migrate soon.

Top Answer:

Top Answer:

Connecting your ERP to global banks can be a headache. This Pulse survey of 100 IT leaders sheds light on how technology can simplify the process.

Top Answer: I want to understand your how your product / service works techncialy, what is your company strategy and most importantly skip the marketing terms/hot topics. At the end of the day I want to know if you are a fit within my technology roadmap and how specifically that can work.

Top Answer: No, but our purchasing team works very closely with our CISO when signing new, or renewing existing, contracts to ensure any PHI/PII or PCI data is appropriately protected and we have good documentation on how they handle it. For other technical areas, I don’t know what work is done between purchasing and the CIO

Top Answer: There is no right answer here; well, the right answer is  "it depends" :) From a security standpoint, it's best to have multiple vendors and multiple firewalls in this case. If there is a zero-day vulnerability in a firewall from Vendor 1, then the Firewall from Vendor 2 will likely not be affected. Now, having multi-vendor firewalls is more challenging from support and employee training. It is easier to get your team trained on supporting one firewall vendor and keeping up with all new features than training on multiple firewall products. I have been on both ends of the fence, and it's way easier from a management/organizational side to deal with one vendor/product, but it doesn't mean it's the best approach.  Cost is likely increased in multiple vendor strategies. Let's say you need to buy 1000 firewalls. If you buy them from one vendor, your purchasing power is higher, so you can negotiate better pricing vs buying 250 firewalls from 4 different vendors. In the case above, if you need to purchase firewall management software to manage all the policies remotely, firmware updates etc., very likely, having one management product to manage 1000 firewalls will be cheaper than four different vendor management products.  If you are an MSP, then it makes sense to have a multi-vendor strategy to offer an entry-level firewall, mid-range firewall, and enterprise-level depending on the client. They can all be from different vendors, and the differentiator here is the price, support, features etc. Again, it's hard to tell what is better without knowing much about your use case and environment. 

Top Answer: Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

Top Answer: Yes

Top Answer: Teams recently went 3x3 (vs 7x7) which helped tremendously. Microsoft has announced 40+ in the future. Teams was already an alternative to Zoom as it was essentially 'free' with our O365 subscription.

Top Answer: We mostly depend on recommendations as well as some testing by our team members here. Even if it's a question of which ISP to go ahead with, we’ll have communication with 2 to 3 different providers. We make sure that our developers actually test a few of those services before we go ahead with one of them. 

Top Answer: Security reviews come through my team, so we end up being a bottleneck for the company when they want to bring in different vendors, services, or products. We're trying to do the best we can, but with manual processes, it's never going to be that great. We are looking at different products to automate this and make it a much more robust process where we do reviews annually, alerts go out, and different business units take care of it. As a CISO in my company, I don't have all the relationships with the IT vendors. The CTO would have a lot, but there are business units that have their own relationships with these IT vendors as well, because we have large technology arms. What we are good at is keeping access to our operational network very controlled. So it's not like the wild west, but we have improvements to make. You have to implement a whole framework, and it's not that we don't have any of it in place. It's just more manual than it should be. If we find out that they're trying to implement something we have to tell them, “Hold on, that has to come back through the security department.”

How many SaaS vendors meet their customers' security and compliance requirements today? 100 CIOs share their experience.

Top Answer: We don't have one.

Top Answer: The AI-Ops spending landscape is crowded. There are a significant number of legacy platforms and, to be respectful, I will not name the three or four three-letter acronym companies that are in there, but I have not seen them do anything remotely related to AI, ML or AI-Ops.