Vendor Management

Vendor Management
CISOs, what's the secret ingredient to a healthy and productive relationship with your cybersecurity vendors?

Top Answer: Plenty of coffee dates. :) But on a more serious note you as a CISO need to know what you need and vendors need to have patience and understanding that not all technologies are relevant or needed for a particular organization. Pitching all the products your company offers doesn't make a lot of sense most of the time because there might be overlapping technologies in use and worst case scenario you end up looking desperate as a vendor if you pitch too many things. 

Related Tags
If you are a current SAP customer, when do you plan to migrate to SAP S/4HANA?

Top Answer: No plan to migrate soon.

Related Tags
People & Leadership
Strategy & Architecture
End-User Services & Collaboration
Applications & Platforms
Governance, Risk & Compliance
Data & Analytics
Business Intelligence
Disruptive & Emerging Technologies
Team & Organizational Design
Security Strategy & Roadmap
IT Strategy & Roadmap
Outsourcing & Managed Services
Backup & Disaster Recovery
Public Cloud
Hybrid Cloud
Contact Center & Telecom
Data Center
Device Management
End-User Devices
Productivity Tools
Collaboration Solutions
Document Management
Business Applications
Human Resources (HRIS)
Technical Product Management
Software Development
Quality Assurance
Continuous Integration/Continuous Deployment (CI/CD)
Enterprise & IT Service Management (ITSM)
Availability & Capacity Management
KPIs, Metrics & Reporting
Financial Management
Vendor Management
Service Desk
Management Tools
Risk Management
Data Privacy
Artificial Intelligence & Machine Learning (AI/ML)
Data Warehouse
Security & GRC
Identity & Access Management (IAM)
Peer Insights
Vendor/Product Recommendation
Business Continuity & Disaster Recovery
Crisis Management
Customer Engagement
Customer Relationship Management (CRM)
Enterprise Resource Planning (ERP)
Business Relationships
Talent Management & Performance
Portfolio, Program & Project Management
Data Management
Big Data
Vendor/Product Assessment
Process Management
Asset & Configuration Management
Operations Management
Mobile Development
ERP & Bank ConnectivityERP & Bank Connectivity

Connecting your ERP to global banks can be a headache. This Pulse survey of 100 IT leaders sheds light on how technology can simplify the process.

What are you most looking for from vendors that pitch you?

Top Answer: I want to understand your how your product / service works techncialy, what is your company strategy and most importantly skip the marketing terms/hot topics. At the end of the day I want to know if you are a fit within my technology roadmap and how specifically that can work.

Related Tags
Does your company have a technical lawyer who can evaluate vendor contracts?

Top Answer: No, but our purchasing team works very closely with our CISO when signing new, or renewing existing, contracts to ensure any PHI/PII or PCI data is appropriately protected and we have good documentation on how they handle it. For other technical areas, I don’t know what work is done between purchasing and the CIO

Related Tags
Which is better: a one-vendor firewall strategy, or a two-vendor firewall strategy?  Why?

Top Answer: There is no right answer here; well, the right answer is  "it depends" :) From a security standpoint, it's best to have multiple vendors and multiple firewalls in this case. If there is a zero-day vulnerability in a firewall from Vendor 1, then the Firewall from Vendor 2 will likely not be affected. Now, having multi-vendor firewalls is more challenging from support and employee training. It is easier to get your team trained on supporting one firewall vendor and keeping up with all new features than training on multiple firewall products. I have been on both ends of the fence, and it's way easier from a management/organizational side to deal with one vendor/product, but it doesn't mean it's the best approach.  Cost is likely increased in multiple vendor strategies. Let's say you need to buy 1000 firewalls. If you buy them from one vendor, your purchasing power is higher, so you can negotiate better pricing vs buying 250 firewalls from 4 different vendors. In the case above, if you need to purchase firewall management software to manage all the policies remotely, firmware updates etc., very likely, having one management product to manage 1000 firewalls will be cheaper than four different vendor management products.  If you are an MSP, then it makes sense to have a multi-vendor strategy to offer an entry-level firewall, mid-range firewall, and enterprise-level depending on the client. They can all be from different vendors, and the differentiator here is the price, support, features etc. Again, it's hard to tell what is better without knowing much about your use case and environment. 

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

Top Answer: Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

What tools or techniques do you use to manage your suppliers?

Top Answer: We mostly depend on recommendations as well as some testing by our team members here. Even if it's a question of which ISP to go ahead with, we’ll have communication with 2 to 3 different providers. We make sure that our developers actually test a few of those services before we go ahead with one of them. 

Is your vendor management currently manual or do you use tools?

Top Answer: Security reviews come through my team, so we end up being a bottleneck for the company when they want to bring in different vendors, services, or products. We're trying to do the best we can, but with manual processes, it's never going to be that great. We are looking at different products to automate this and make it a much more robust process where we do reviews annually, alerts go out, and different business units take care of it. As a CISO in my company, I don't have all the relationships with the IT vendors. The CTO would have a lot, but there are business units that have their own relationships with these IT vendors as well, because we have large technology arms. What we are good at is keeping access to our operational network very controlled. So it's not like the wild west, but we have improvements to make. You have to implement a whole framework, and it's not that we don't have any of it in place. It's just more manual than it should be. If we find out that they're trying to implement something we have to tell them, “Hold on, that has to come back through the security department.”

Related Tags
Security protocols for your SaaS vendorsSecurity protocols for your SaaS vendors

How many SaaS vendors meet their customers' security and compliance requirements today? 100 CIOs share their experience.

Has anyone worked with AI OPs vendors, and what was your experience?

Top Answer: The AI-Ops spending landscape is crowded. There are a significant number of legacy platforms and, to be respectful, I will not name the three or four three-letter acronym companies that are in there, but I have not seen them do anything remotely related to AI, ML or AI-Ops.