When choosing new software products or solutions for your organization, complexity is inevitable. The software procurement process is often clunky and difficult to navigate. And if an organization skips any part of its due diligence, then it puts itself at risk of creating cost inefficiencies or compromising its security posture.
That’s why it’s important to have parameters in place that address factors important to your organization before even beginning the buying journey. Doing so helps your IT and security teams ensure that your tech stack stays secure, you’re maximizing value out of every solution, and you have what you need to control complexity.
It’s important to approach this journey with a mindset that prioritizes ownership and transparency. For vendors, not taking the time to publicly and proactively show that your security practices are satisfactory creates bottlenecks for potential buyers. If these values aren’t being prioritized, the buying journey may not go as smoothly as you’d hope.
Here is a list of IT and security-focused questions to ask of buyers, internal teams, and vendors before moving forward and purchasing new solutions.
Product justification questions
1. Why do we need this product?
Adding yet another tool to your likely long list can add unnecessary burdens to your teams and infrastructure. Consider what business challenges a new solution will help you solve before opting into a new product that may contain capabilities you already have through something you’ve already purchased.
2. Why isn’t what we already have good enough?
What makes this product different from the ones you already have? Does it do a better job than the similar product you already own? This conversation may lead you to replacing a different solution or realizing that you don’t actually need one at all. Or, it may lead to your teams increasing your capabilities, productivity, and efficiency. You don’t know if you don’t ask!
3. Do we have the right funding to buy a new product?
Buying a new solution might not be an option right now. As the economy continues to shift, it’s important to identify cost inefficiencies wherever you can. This may mean that you explore your hard costs to see what you already have before opting for a new product. This is where ownership becomes a priority – having these discussions helps eliminate unnecessary costs.
Ownership, compatibility, and integration questions
4. Who is responsible for what?
Establish a governance program within your organization. It’s beneficial to decide who will procure, maintain, use, and offboard any product you bring into your organization. The answer to this question will depend on your specific needs - maybe the IT team will configure certain aspects of the new product, or it might be a business unit. You’ll also want to troubleshoot this plan before actually integrating new products. If an employee wants to manage and later disable user accounts on their own, then who will manage this once that person leaves the organization? These issues can be avoided if a governance program is already in place.
5. Is this product compatible with the products we already have?
It’s rare that a product will exist in a silo. You’ll want to ensure that this new product complements what already exists in your tech stack, not duplicating it. For example, if you’re considering buying an EPP/EDR solution, make sure it doesn’t conflict with your existing endpoint protection solution so that permissions are managed correctly and that security gaps remain closed.
6. How will this product be integrated into what we already have?
After establishing governance, you’ll want to plan out the integration process. Who will manage this? Will it be the IT team, another team, or just one person? Who will take care of setting up user accounts for those in your organization who need to use the product? Will every employee need access? Do you already have an identity provider that manages this and can integrate with the new product? These questions are just the beginning of what to consider when planning out integration.
Security questions to ask vendors
7. How easy is it to gain a single sign-on capability?
It’s a big red flag when a vendor makes single sign-on capability features part of the most expensive tier. This means that a vendor is forcing you to pay for a lot of features that you may not even need to gain a highly necessary security feature. Your company’s policy may not allow you to purchase a SaaS product that doesn’t support SSO. Withholding a key security capability from users paying lower-tier prices is a sign that you may want to evaluate other vendors.
8. How easy is it to gain information about your security program?
Many security-minded vendors, including Axonius, are opting to proactively share vital information about security practices to help increase transparency and save valuable time. This is often done by creating an online security portal that shares necessary information about the organization’s security program that may have previously been answered in a 100+ question security questionnaire.
Next steps
Asking these eight questions before purchasing new solutions will increase adoption rates, clarify ownership, and ensure that integration and security issues are considered.
Book a demo to learn how Axonius gives you a comprehensive understanding of all assets, their relationships, and business-level context to uncover various security risks and show you what you already have before purchasing new solutions.
