Is the lack of excitement in cyber security procurement causing people to make bad choices?
Cyber security software. It’s very clever and very important but let’s be honest, it’s not exactly the most thrilling of purchases is it?
If I think about all the “big” purchases I’ve made in my life, my first car, first house, wedding dress, every single one was accompanied by meticulous research, emotional engagement and an agony of indecision over “is this the one” before finally putting my money on the line. Yet, when it comes to making purchasing decisions as a corporate buyer I think I have to look in the mirror and admit that perhaps I am not quite as diligent. Corporate purchases are often far more complicated and sorely lacking in some of the much-needed endorphins that encourage greater engagement with the task at hand.
(At this point you might be thinking “speak for yourself Clare, but personally I love buying cyber security software” in which case great, don’t bother reading any more, please proceed straight to www.ondmarc.com and place your order. But if that’s not you, then you might be interested in the below…)
So when it comes to buying cyber security software this understandable lack of enthusiasm, and fear of complexity, can lead to buyers not going the extra mile when evaluating their security vendors, especially when they’re considering Domain-based Messaging Authentication, Reporting and Conformance solutions (if only the industry had come up with a snappier title!). After all, isn’t a DMARC solution from one company pretty much the same as a DMARC solution from another? As long as they’ve got some good logos on their marketing material and the proposal comes in under budget then that’s enough isn’t it?
Well quite frankly no. In fact, some of the biggest differentiators in this solution space are around the companies themselves, not just the products they sell, and in particular how seriously a vendor takes security.
To help prospects with choosing a DMARC solution that works for them we put together a buyer guide that includes exactly the sort of questions you should be asking your security vendors, if you aren’t already…
- What are their security accreditations? You only want to buy your security solutions from someone who takes it seriously. If they are lax with their own approach to the fundamentals of cyber security your data could be put at risk — lost or compromised. Make sure you check out if they have external certifications like ISO27001 or Cyber Essentials.
- What do existing customers think? If possible, try to speak to one of their current customers; this is the best way to find out what’s great (and not-so-great) about their product and services.
- What does their roadmap look like? You might be buying the product for what it offers today, but what does tomorrow bring? Are there any other innovative and interesting features being offered?
- What are their support services like? Without in-house IT systems knowledge, DMARC may be viewed as tricky to implement for small organizations, or complex to deploy across large organizations. This means a suppliers’ support services can be a key way to fast-track implementation and achieving p=reject. Support teams will also prove invaluable as you will need to maintain and refine your DMARC implementation over time.
With a few well placed questions you’ll soon find out just how seriously the security “experts” take security, and ultimately end up making a much better purchasing decision for your organisation.
So whether you’re looking to to chat to experts about DMARC, or if you need some guidance about how to present this to decision makers, our buyer’s guide will give you all of the insight you need to get your organization DMARC-ready. It might not make buying cyber security software thrilling, but it will make it easier!