Insights: Article

Selecting the Right IT Vendor for Your Business

By Anders Erickson

March 28, 2019

We live in an increasingly outsourced world. Businesses look to third parties to perform tasks and activities—especially those that rely on or utilize information technology. Selecting the right IT vendor is critical to the success of an initiative or an entire business.

There are many reasons a business could choose to engage with an IT vendor. Perhaps they have a task that requires a specific skill set not found within their company. Maybe they need to temporarily expand their workforce. In many cases, cost savings is the driver. Businesses find that outsourcing an activity is less expensive than developing or hiring a specific skill set. Whatever the reason, engaging with an IT vendor should allow an organization to focus on their core business.

The scope of activities that businesses look to outsource cover a broad spectrum. On one end, some organizations seek to engage with an IT vendor that can substitute for an internal IT department. These vendors are often referred to as Managed Service Providers (MSPs). MSPs often provide a full suite of IT services. These services include providing a helpdesk function, keeping an IT network up and running, and procuring hardware and software. Alternatively, other organizations are looking for a vendor to provide a specific service or function. For example, a business could contract with a security vendor to perform security monitoring of their network. They could engage with an IT vendor to develop a web application or deploy a commercially available software solution. Any of these relationships can be short term or endure for decades. With so much on the line, the importance of selecting the correct IT vendor for your organization cannot be overstated.

Key Qualities of an IT Vendor
When selecting an IT vendor, an organization should consider four key factors: culture, processes, technology, and security. These are represented in the diagram below referred to as the IT Vendor Alignment Triangle©.

Key Qualities of an It Vendor diagram

 

Consider how a potential IT vendor’s approach and perspective of these four factors aligns with your organization.


First and foremost, the organization must determine if the culture established by the IT vendor reflects the way you do business. Does the vendor treat you the same way you treat your customers? Does the vendor treat its employees like you treat your employees? Does their growth strategy align to your organizations? Do they place a similar importance on the training and experience of their staff? Do they value their customers as relationships or view them as revenue streams? A vendor’s culture will tell you a lot about how they do business when a project isn’t going well. It’s easy to do business when everything is running smoothly. An organization’s culture will give you insights into how you will be treated when things go wrong.

An IT vendor’s processes are the formalized steps taken to respond to requests or events generated by your organization. Their responses should be based upon pre-defined standards and industry best practices. As an example, assume you’ve hired a new employee that needs a username and password to access your network. Your network is managed by your MSP. That MSP should have a defined, repeatable process that requires specific steps for the fulfilment of that request. Let’s say you’ve hired an IT vendor to develop a customized web application. That IT vendor should have defined processes for ensuring the system they are developing meets the expectations of the users. This process is often referred to as a software development lifecycle. Where these processes exist, are they communicated to the appropriate individuals within the vendor’s organization? What types of monitoring activities are in place to ensure these processes are followed? Have the vendor’s processes identified expectations and requirements for its customers? Preferably, these processes should be documented. A process that isn’t documented is just a good idea.

In most cases, the IT vendor will be either providing a technology solution or utilizing technology to provide their service. Their use of technology will have a direct impact on the success of your initiative or business. Let’s say you’ve contracted with an IT vendor to implement a financial application. If this software is built on an older piece of technology, then updates to the system could be timely and costly. You could find yourself investing more money on a newer solution much sooner than you anticipate. In a different scenario, imagine that last year you purchased a cutting-edge firewall. Now you’re looking to outsource your IT operations to a new MSP. What would happen if your new MSP doesn’t have previous experience with your new firewall? You may end up paying them to learn on the job. Even worse, you may end up having to purchase a different firewall that your new MSP can support. During contract negotiations, it’s not uncommon for an IT vendor to oversell the capabilities of a product or solution. It’s only later the customer learns that significant, unique modifications are necessary for the software to meet their needs. The customer is then left to reduce their expectations or pay for ongoing modifications and support.

Security is the common theme that ties together all other factors when considering an IT vendor. A company’s culture should demonstrate that security is a primary organizational objective. From executives to the newest intern, security should be ingrained into the daily habits and activities of everyone. Is everyone in the organization required to complete an annual security awareness training course—even executives and/or business owners? The vendor’s processes should reflect an environment where security activities are formally documented, implemented, and monitored by leadership. When an employee separates from the organization, who is responsible for ensuring that employee’s system accesses are disabled? How frequently does leadership perform a review of system access to ensure that terminated employees’ accesses have been disabled or removed? If the technology being introduced by an IT vendor is not secure, you could be exposing your systems to unnecessary risks. These could impact any number of business objectives (e.g., data protection, brand and reputation, or compliance requirements).

Getting Your IT Vendor Search Started
Before beginning the search for an IT vendor, determine you and your organization’s expectations for this initiative. The following are just some of the questions your leadership team should answer in defining your expectations:

  • How would I rank the factors in the IT Vendor Alignment Triangle© in order of importance to my organization?
  • What data will be shared with this vendor?
  • What access will they be given to our systems and applications?
  • How much can I afford to pay this vendor?
  • What information would I need to receive from this vendor to monitor the services being provided?

Defining these expectations will help guide your discussions with potential IT vendors. Writing these expectations into a contract will hold an IT vendor accountable.

Organizations can experience significant value in engaging with a qualified IT vendor. Considering the range of factors that will impact that relationship is critical to the selection process.

Latest Insights

March 26, 2019
Article
Each month, we strive to bring you the hacks, vulnerabilities and challenges of securing your daily habits and work environment. This brief is intended to help you make sense of the ever-changing world of cybersecurity so you can avoid similar…
March 25, 2019
Article
Nonprofits are often a target for duplicated websites. Make sure your donors are giving to you and not an imposter.
March 20, 2019
Article
Cyberthreats are a clear and present danger, and hackers can target manufacturing and industrial companies for trade secrets, business plans and more. Are you protected?
March 13, 2019
Article
Think you know the difference between an email from a friend and an email from a hacker? You may be surprised to find out the answer.
March 6, 2019
Infographic
Did you know a recent study found nearly 40 percent of manufacturers and distributors don’t have a cybersecurity plan? This is alarming for several reasons, and we’ve created this infographic to help show you just how critical a strong cybersecurity…
March 6, 2019
Article
eDiscovery and forensic solutions can be expensive, but small-to-midsize law firms are finding cloud-based solutions that are both cost-effective and user-friendly.
Find A Location