Risky business: How to evaluate identity security vendors
Authored by Jerry Aubel, Senior Product Marketing Manager
CISOs are faced with making critical decisions every day. From project priorities and resource allocation to technology vendor selection and beyond. Some of these decisions have longer lasting consequences than others, like selecting the right identity security vendor to partner with. So, how should you approach the buying process to ensure you make the right choice and are enabling your organization to reduce risk and accelerate the business? Below we outline key criterion when choosing a security vendor.
First, ask the tough questions
Relationships with technology vendors are long-term affairs, and you need to be confident that the vendor has stability for the long haul. Due diligence can include a variety of sources, from credit worthiness to the supplier’s ownership and funding model to company history. Other things to consider include things like the supplier’s history of innovation, list of patents, and number of staff involved in research and development. Some of this information is simple to determine, especially if the vendor is a public company. If not, don’t be shy; dig in and ask! The level of transparency you receive will go far in helping you make the right choice. While technical and functional capabilities are important, you also have to think operationally.
Consider the support model
Oftentimes, one of the overlooked aspects of a technology vendor is the scale and activity of its customer community. An active community fosters collaboration among users and an opportunity to network, get answers, and share best practices.
A prime example is SailPoint’s Compass Community which boasts nearly 90,000 members where users engage with peers and experts, submit ideas, and take advantage of a large knowledge base to answer questions. In addition to the Compass Community, SailPoint supports an active developer community that helps users extend their identity security platform beyond what comes out of the box, delivering additional value.
A couple questions you might ask include:
- What does the product documentation look like?
- Will the support model meet your needs?
After all, to continue our relationship analogy from earlier, when looking at a security vendor you need to know what sort of relationship you’re agreeing to.
How does Professional Services play a role?
Another top consideration in a vendor partner selection process is implementation. You need to look into the depth and breadth of the professional services capabilities, as well as the size and scope of a partner network. For example:
- Is there a certification process in place for partners?
- Does the partner network have global reach?
Tip: Look for a professional services capability that spans the lifecycle of a technology solution, from deployment to the ongoing health and maturity of an identity security program.
Solution capabilities are also important, but how do your users and administrators become proficient with an identity security solution? A good example is SailPoint’s Identity University which provides a comprehensive online curriculum that helps ensure customer success. SailPoint meets your education needs where you are, with on-demand or in-person instructor-led courses available. The course curriculum is designed to help maximize your identity governance investment, delivering the knowledge you need to build a sustainable and robust identity management program.
Getting down to the intangibles
The intangibles can’t be ignored when evaluating identity security vendors.
- What do their customers say?
- How willing are they to be a reference? Have you checked things like their Net Promoter Scores? This gauges the company’s solution would be recommended.
Additionally, what do industry analysts have to say about vendor partners in the identity security space? The major analyst firms regularly evaluate solution providers in the identity security space. As a result, SailPoint has consistently been ranked as the leader since the discipline was tracked in the various reports.
Finally, and perhaps most important, what type of reputation does the vendor have in the market?
- Will they treat your relationship with honesty and integrity?
- Were they transparent in the sales and contracting process?
- Were they fair and honest in a proof of concept?
- Were the sales engineers knowledgeable and helpful in their pre-sales interactions?
- Could they demonstrate true economic business value of their solution?
SailPoint strives to treat every customer and every interaction with the utmost honesty and integrity – that’s at the heart of our core values – innovation, integrity, impact, and individuals and our commitment to you, our 2600+ customers. So, ensure you’re getting a holistic view of a potential vendor from features and capabilities to long-term viability, community, training materials, and overall market reputation.
Interested in taking SailPoint’s offerings for a ‘test drive’ to get a sense of what a day in the life of a SailPoint user or admin is like? Try out our self-guided interactive click-through demos for SailPoint Identity Security Cloud.