5 Key Steps For a Successful Security Product Selection Process

You need to do your due diligence and engage in a deep research process so that you define your organization’s requirements for a cyber security product and include the broadest possible selection of relevant vendors. You want to outline your organization’s full requirements - functional, non-functional, technical, pricing, vendor presence, etc. – and their weighting. This process is your key to understanding what your ideal cyber security platform is meant to protect against, and how it must do so (in the Cloud, via SaaS, on-premises), depending on the type of environment and data your organization handles. Here, brainstorming with colleagues and/or consultants, as well as building in lessons and experiences from uses of any products you already use, can help you obtain additional information, perspectives, and insights, so you can proceed through the selection process smarter and more efficiently.

Narrow down those vendors who meet the requirements that are specific to your organization

Your organization’s needs are unique, and they must be taken into account when planning for a successful security platform selection process. Though you started off by exploring as many vendors as possible, now, you must determine which vendors are able to fulfill the set of requirements that are specific to your organization and the data it collects and circulates, without adding in extras you don’t need or want to pay for. These narrower requirements should refer to your organization’s existing security tools, required integrations, , size, environment type, networks, operating systems, and target user population (who you’re planning to protect: employees, customers, and/or other stakeholders). 

Balancing your organization’s requirements with the potential vendors who can meet them head-on will help you find the sweet spot your ideal security product should fill. Here, the key rests in engaging in thorough market research, to scout for “shallower” requirements and “broader” vendor options, and then quickly shortlist vendors that meet your needs, without spending too much time, money, or resources. After all, time is money, and the more time and money you spend sifting through potential security platforms that do not fall into your security platform “sweet spot,” the more money gets left on the table, and the more vulnerable your organization is to potential cyber security threats.

Your POC needs to be smart and aligned with your requirements so that it is maximally specific and minimally generic. When planning your POC, make sure that it is designed to include any tools you use and reflect any nuances, to which particular products are sensitive. Also, ensure that your POC environment accurately represents your organization’s environment; it should include technical factors that could influence the tested security platforms’ performance, but should not be overcomplicated by factors that aren’t critical to your organization’s operations or aren’t relevant of that particular assessment. Thus, for example, if your organization is looking to buy an end-point solution, knowing which OS your organization uses is key, to ensure there’s no conflict between programs. However, if your organization is looking to select a network security product, network topology should be paid particular attention to, so that simplified networks aren’t over-complicated by overly restrictive platforms, and vice versa. 

If your organization is in the market for multiple products, it’s crucial that your POC test all relevant security platforms “apples to apples.” This is true regardless of whether the products are being tested in parallel or one after the other, to avoid forming any subjective biases against different vendors. While you must prioritize your organization’s needs, it’s only fair that you’re fair to the vendors – and to your own organization - and perform fair, meaningful comparisons, in the process. 

KPMG’s Cyber Arena Cyber Arena integrates innovative technologies with KPMG consulting to create an unmatched and holistic approach to cyber technology selection. This way, your organization benefits from a simplified and expedient security platform selection process, while saving on valuable resources, such as time, money, and internal staff training.