Read This Before You Accept Another Software Demo Invitation…
The software demo has a long-established place in software sales. It’s difficult to make sense of software without seeing it in action. But committing to a software demo is a significant time commitment in our busy world. Before you accept another identity management software demo invitation, use this article to get ready.
It Takes Two for an Effective Software Demo
Like any meeting, you need to prepare to make the most of a vendor’s software demo. By virtue of their experience and focus, a vendor’s sales staff are likely to be highly prepared. They have a plan and some idea of your needs. What about you as the potential buyer of an identity management solution? You wouldn’t sit down with your boss without advance preparation because it would be a waste of time. By the same principle, use the questions in this article to prepare for the meeting
Resource: For “extra credit,” put yourself in the shoes of the software salesperson. A great sales professional makes buying easy and takes the time to answer your questions. Yet, we also have to understand that they will probably emphasize the product’s best features rather than its problems. Given that reality, preparing for the demo is critical.
Questions to Ask Before You Go Through an Identity Management Software Demo
1. What is my organization’s current approach to identity management?
Without a firm understanding of your current identity management maturity, a software demo is a waste of time. It’s like buying a new house without thinking through how much space you need, schools in the area, or amenities. A detailed assessment of your identity management maturity level goes beyond the scope of this article.
Use these questions to quickly assess your identity management situation:
- Does IT and the business know the value of identity management?
- Have oversight or risk groups (e.g. risk management, auditors, IT security) pointed out any problems related to identity management recently?
- What are the most important computer systems and information that you need to protect to keep the business running?
2. Who needs to be in the room for the demo?
At this stage, you have two options. First, you can go through the vendor demo on your own. Second, you can invite other people in your company to join the call. How do you decide which approach to use? Consider your level of identity management knowledge and the organization’s need. If identity management is a priority, invite multiple people for the demo.
Tip: Not sure who to invite to the demo? Start with this list: IT security, one or two business managers, procurement, and internal audit.
3. What are your business plans for identity management?
We hinted at this point above, so let’s go deeper on the question now. What are the company’s cybersecurity priorities for the year? You may be pursuing a broad program to improve cybersecurity maturity and controls. Or you may be preparing for a “state of cybersecurity” presentation to management. Finally, you may have a goal to stay current with the latest and greatest cybersecurity technologies.
4. What cybersecurity risk incidents has my company experienced?
In an ideal world, every company would develop a cybersecurity program because it is a best practice. In reality, investment in cybersecurity often follows a major incident.
If your company has been hacked — especially if you had to pay a “ransom!” — that experience needs to guide your process. When you are going through the initial buying process, there is no need to “open the kimono” and share all of your company’s embarrassing security failings. However, you may tell the vendor something like this: “we recently carried out a cyber security self-assessment and found identity was a weak point.”
5. Who is experienced at buying enterprise software?
It’s time to get personal for a moment. No, we’re not talking about what you do outside of work. We’re talking about your experience in buying enterprise software. In the past three to five years, ask yourself this:
- What is the dollar value of enterprise software you have purchased? (If you have been involved in higher value purchases, you will be well positioned to make a purchase.)
- What is the implementation complexity of software you have investigated?
- Do you have IT project management or implementation experience?
6. What is my level of technical sophistication in cybersecurity?
Unlike a consumer electronics purchase, a cybersecurity software purchase has far reaching consequences. If you buy the wrong solution, your IT department may not be able to implement it successfully. To manage that risk, invite a cybersecurity expert from your company to the demo.
Tip: If YOU are the security expert, the reverse of this tip applies. That means you should invite a business user to the demo to balance your technical perspective.
7. How many software demos have you already attended on identity management?
Continuously attending software demos doesn’t make sense. Software Advice advocates a simple rule of thumb: “Evaluate five or fewer systems.” That’s a good rule for looking through a short list. If you have already gone through half a dozen identity management vendors, it is time to stop and evaluate what you have learned.
Tip: Ask yourself if you are learning significantly new information about the market with each new software demo. If the answer is no, it is time to end the software demo process.
8. What security credentials does the vendor have?
Unlike other fields, there are many competing standards and frameworks that influence security. Some organizations focus on ITIL standards. Others prefer NIST documents such as NIST 800-60 (Mapping Information and Systems to Security Categories) and NIST 800-61 (Computer Security Incident Handling Guide). Find out which standards matter at your company before you attend the software demo.
Sources
How to Negotiate with Powerful Suppliers (Harvard Business Review, July–August 2015 Issue)
How to Evaluate Software Demonstrations (Software Advice)
Giving a Great Software Demo: Show Them The Dinosaur First (SurveyMonkey)