Getting past the hype – how to find the right security product
Readers will know I believe there is a conspiracy involving the security industry, intelligence agencies/law enforcement and governments. The purpose is to over-hype the security threat so that the industry can sell more product, intelligence and law enforcement can get bigger budgets and government can pass an increasing amount of more controlling legislation.
Now this doesn’t mean that there is no security threat nor that every person working for the security industry is involved in the conspiracy. But therein lies the problem: how do you navigate your way through all the hype that comes from
- a security industry that needs to sell product
- a security industry that seeks to ingratiate itself with government via clearly bloated threat estimates in order to land lucrative government contracts
- a marketing industry skilled in turning an incident into a crisis
- intelligence agencies/law enforcement seeking to justify increasingly out of control budgets
- governments wishing to control the electorate via 1984-style legislation
in order to find what you actually need to stop the genuine threats that really do exist.
Wisegate can help. It’s an independent organization of senior IT managers from across the whole spectrum of industry – and it regularly publishes reports drawn from its own internal roundtables and discussion groups. One recent report covers just this topic: CISOs Share Top 10 Tips for Managing Vendors.
Quite simply, this report is packed with ideas for getting past the hype to find the right product from the right vendor; and it then explains how to maintain the best possible relationship with that vendor going forwards.
For a taster, my favourite tip actually suggests asking the wrong question to get the right answer. One of the CISO members of Wisegate (this one from a large industrial manufacturing company) uses ‘disruptive questioning’ – he doesn’t just ask, what are your strengths?’; he more specifically says, “When are you not good? What do you do worse than your competitor?”
How the vendor answers these questions will tell you a lot about that vendor, his attitudes, and whether you will be able to work with him in the future.
For the full ten tips, see the Wisegate report, CISOs Share Top 10 Tips for Managing Vendors.
But I particularly like this one – which could be a rule for life in general: “Demand what you pay for, and say thank you when you get it.”