Select your vendors quickly and through a data-driven approach that identifies effective solutions in a cost-effective manner.

Josh More, the owner of Eyra Security is the author of several books and articles. His book Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendors is an answer to the commonly asked question – “How do I select a good vendor when I don’t have the time to test them all?” Developed when he was working with a medium-sized bank on vendor selection, Josh’s vendor selection process is optimized to rapidly iterate through all options and select a solution that ideally fits an organization’s current needs, suspected future needs and budget. Organizations that must select vendors commonly fall into one of three traps:

  1. Selecting a vendor from a generic third party’s assessment – providing more than is needed at more cost than is justified.
  2. Selecting a vendor based on features that seem appealing, but have not been proven as necessary – resulting in heightened complexity that can increase overall risk.
  3. Choosing simply to renew or expand a relationship with an existing vendor – risking stagnation and loss of competitive advantage as other firms move to newer technology or service offerings.

By avoiding these common traps, vendors may be selected who will function as true partners and provide more value than they cost.

The Approach

Assessing vendors is a tricky process. Large and regulated organizations are forced to demonstrate due diligence in vendor assessment, but often do not know how to do this. This results in a great deal of busywork being required by both the vendors and the organizations. Smaller organizations don’t know what to look for and, as a result, often wind up selecting based on price instead of value. This results in service failures and vendors that just milk their customers for as long as they can.

Assessing Vendors shows you how to walk the line between under- and over-assessing, so decisions can be made on sufficient data without wasting time, digging too deeply, or making decisions too quickly. This hands-on guide will show you how to use an iterative approach to vendor analysis, so you can rapidly filter out the vendors that are clear failures and then select likely winners. It will then show you how to do progressively deeper dives into the likely winners so you can select a preferred vendor. Finally, you will learn how to negotiate with your preferred vendor to get reasonable prices and services.

  • Provides an iterative approach to vendor assessment, showing you how to make decisions on sufficient data without wasting time
  • Includes checklists to help you navigate the decision-making process, while considering all the important factors needed to make a sound decision
  • Helps you understand and evaluate vendors based on key concepts such as performance criteria, functional testing, production, and price
  • Provides an iterative approach to vendor assessment, showing you how to make decisions on sufficient data without wasting time
  • Includes checklists to help you navigate the decision-making process, while considering all the important factors needed to make a sound decision
  • Helps you understand and evaluate vendors based on key concepts such as performance criteria, functional testing, production, and price

The Book

If you wish to peruse or purchase the book, it may be found at:

AssessingVendors-edit

Amazon

AssessingVendors-edit

Barnes and Noble

AssessingVendors-edit

Google Books

AssessingVendors-edit

Elsevier Direct

The Service

While the process itself is not difficult, a fair, relatively unbiased approach to vendor selection is often a different way of approaching a solution than most organizations are used to. For organizations that wish it, vendor assessment assistance is available as a service from Eyra Security. While each assessment is unique to your specific needs, other assessments in similar vendor spaces can provide valuable insight that can reduce the total cost of the process.

Vendor assessment services have been previously performed around numerous types of solutions, including but not limited to:

  • Disk and application imaging software
  • Outsourced log management
  • Anti-malware software
  • Anti-malware services
  • Perimeter devices (UTMs, NGFWs)
  • Patch management
  • Storage technologies

If you wish assistance with your vendor selection process, please contact us.