Why Price Shopping for Security Software is a Mistake

Why Price Shopping for Security Software is a Mistake

The Perils of Fixating on Price: Lessons From Gasoline

When we set out to buy a product, price is a key factor. Think of your drive home from work. You might pass by four gas stations — price will likely be at the top of your mind. In fact, there are smartphone apps like Gas Buddy designed to help people find the cheapest gas price in town! While gasoline may seem like the ultimate commodity, price isn’t the only factor that matters. For example, you might skip a station that looks too busy or lacks your favorite snack. Location and convenience also play a role — would you sacrifice 20 minutes of your time to drive across town to save a few cents? In our “crazy busy” lives, the answer is probably no.

This gasoline buying scenario tells us that even the simplest purchases involve factors that go beyond price. When we turn to enterprise software, the stakes are even higher. Purchasing poor quality finance software may lead to errors on financial statements. Buy the wrong security software and your company will be exposed to greater hacking risks.

If price is not the only consideration, what else matters when you are creating selection criteria for identity management?

Developing Key Selection Criteria for Identity Management

Use the following suggestions to build out your selection criteria. As you go through this list, remember to seek input from stakeholders like procurement and IT audit.

  • User Feedback on Performance. To evaluate enterprise software, consider putting the software through a test. For identity management software, you might ask three managers to carry out a few transactions, like setting up new users. At the end of the test, ask them to complete a short questionnaire.
  • Integration. Despite being on the market for decades, Microsoft Office continues to be hugely successful. One reason for that success: hundreds of applications — made by Microsoft and other companies — seamlessly integrate with the Office applications. For identity management software, you will want to evaluate integration by looking at the product’s APIs and SQL options. Make sure that your IT staff are comfortable with the API documentation — not all APIs are created equal.
  • Quality of Training Resources. Even the best-made software comes with a learning curve. If you are working with security software, make sure to consider the quality of training resources. In particular, look for multimedia options such as articles and videos. Getting lost in a product menu is frustrating but can easily be solved with a well-made video.
  • After Sales Support. If you are adopting identity management software for the first time, you may want additional support. Ask whether the company provides phone and email support. Having the option to call someone and get help when you are confused is invaluable. The option to sign up for extended technical support, especially when you first implement the solution, is another point to consider.
  • Industry Experience. In some organizations, industry experience carries weight. For example, aerospace and defense have special regulations that all companies have to follow to succeed. In that case, it would be reasonable to ask if the identity management provider has such industry experience. If the company has no experience with your exact industry, look at their experience in other ways. For example: do they have the capability to serve thousands of employees every day?
  • Presentation Quality. If you are inviting sales professionals to your office, take the time to evaluate their presentation. Points to consider include: how well the person answered your questions, quality of the product demo and whether you were buried under jargon. If a company cannot clearly communicate during sales, that is a bad sign. Conversely, a presenter who takes the time to answer all of your questions is a positive sign.
  • IT Security Evaluation. Bring this selection criterion into play once you have a shortlist; it is more involved. Points to consider include: security certifications held by the company’s staff, third party security tests and compliance with industry standards. You might also consider carrying out penetration testing and other security tests to evaluate the software.
  • Mobile Device Compatibility. Even in 2017, many enterprise software applications do not work well on mobile devices. That limitation translates into delayed approvals and diminished productivity. Make sure that you look at the security and usability of smartphone access.

How to Use Key Selection Criteria: Make the Buying Decision

Whew! At this stage, you have created a long list of selection criteria. You have questioned company representatives, carried out tests and read product data. How do you make sense of all this information? Coming up with a weighted scoring system is one approach. For example, assign a maximum possible score of 100 points for each evaluated product. Allocate a certain number of points to each selection criteria (e.g. 20 points for price, 5 points for training, 10 points for after sales support, 15 points for industry experience, etc.). The evaluation process requires the art of professional judgement and the science of weighting selection criteria to reflect your priorities.

Putting your key selection criteria into practice is an excellent way to keep your purchases focused and disciplined. Instead of being led astray by shiny new technology, you will make purchases that reflect your needs. Further, you will have a robust process to show audit and your management if you are asked to explain your decision.


How To Prepare and Evaluate Tenders (Chartered Institute of Procurement & Supply)

Increased Transparency in Bases of Selection and Award Decisions (International Public Procurement Conference)

Software Evaluation Guide (Software Sustainability Institute)

Written by Nelson Cicchitto