Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

The Overlooked Key to CISO Success: Maximizing Effective Security Partnerships

As CISOs seek to consolidate vendors and reduce costs, building effective relationships with key security vendors can be the foundation for security program success.

Many security leaders take a “check the box” approach to purchasing technology. With today’s average enterprise using upwards of 20 security technology vendors, perhaps this isn’t surprising. Unfortunately, this approach fails to leverage all of the benefits that can be obtained by building a strong “human” relationship with these vendors. This not only assures the vendor will know the CISO’s business needs, but can also greatly improve success. Vendors have the ability to be more responsive if there are existing, clear lines of communication with the customers they are serving. 

In a recent Harvard Business Review article, two security leaders used the analogy of an automobile noting that, “technology is a critical piece of the cybersecurity puzzle, but just as with a car containing all the latest safety technology, the best defense remains a well-trained driver.” It seems clear that skilled security leaders are critical to an effective defense. Technology has not replaced human beings. However, the automobile analogy illustrates the need for a cooperative approach between the vendor and the customer. The best automobile is worthless without a good driver, but it is equally true that the best driver will not be successful driving a poor performing or slow race car.

Creating a successful vendor-customer partnership means syncing the security team “drivers” with a high-performing technology “race car.” Below are four key ways security leaders can build a successful vendor relationship to maximize the value of a true partnership.

Select a quality vendor based on leading indicators

Select a vendor that is recognized by peers and independent trade groups (i.e., Gartner, IDC, Forrester) as leaders in their specific area. It is important to have a single harmonized platform where vendor consolidation can create efficiency. However, be sure not to pursue consolidation at the risk of poor security performance.

Selecting market leaders who have a proven history of delivering results is imperative because security leaders need good tools. Meet with the vendor’s team, not just the sales representatives, and ask yourself if the vendor is readily available, if they are transparent, and whether they provide clear communication with you and your teams. Are expectations clearly set? Is the vendor a good fit for your organization’s culture and needs? If you’re confident in your answers to these questions, then these are all good indicators of a positive, successful and enhanced partnership with the vendor.

Set clear expectations early and often

This imperative step should be done as early as possible in order to establish a good working relationship. The vendor contract will set out deliverables, but it’s important to have a group meeting that sets step-by-step project plans and long-term and short-term goals. Many times a security team may purchase a new technology but never share how this fits into their overall and cumulative strategy. If a vendor understands the intended use and goal, they can better support the objectives. There may be features or methods that should be added, or perhaps taken away to save costs if they are not needed. Professional services can also be tuned to support the use objectives and long-term program plan. 

A good security vendor will want to be clear about the features of their product and how it addresses the issues that will be conquered with the deployment. The vendor should also explain the process for raising concerns, expectations for response time and the resources available to customers. It is also the vendor’s responsibility to help the customer connect with key leaders within their organization who can fully support the set client goals. 

Establish clear communications channels

In a time of crisis, a security leader does not have time to figure out how to reach a vendor for support. It is critical at the start of any relationship to establish a cadence of open communication channels and know who is available for support, or to resolve concerns. Smart vendors have customer liaisons on their staff who can be extremely helpful in quickly resolving any issues. These liaisons are focused on ensuring customer success and building strategic partnerships with their customer base. It is also important to be transparent about goals and intended use for technology. As noted above, this can help the vendor better focus on the unique needs or goals of the customer.

Engage with customer advisory groups

Many vendors have advisory groups of customers that are intended to provide feedback and improve products. Being involved in these groups is a small investment of time with potentially big rewards. As a customer, it is an opportunity to provide direct input into the features and capabilities you want to see developed. It may also provide you with additional communication and influence opportunities to promote your company needs. This is like having your own development team building the tools you really want. Don’t miss this opportunity to influence your products and services. You will also have an opportunity to meet and network with your peers as part of this advisory board. This provides an opportunity to share ideas and learn new approaches which can be very valuable.

Navigating cybersecurity risk can be challenging. Without the right tools to understand how and where the business is at risk, there can be security blind spots. New and increasing threats are identified every day. Staying ahead of cyber risks can feel like treading water, and to be successful, CISOs need to be strategic, invest resources in the right places and get the right team of vendors in place to support their security program. It is important to consider whether a vendor fits your needs and team culture. Investing time at the start of a vendor relationship can save many hours of frustration later. By setting clear expectations and open communication, the CISO can receive better service and improve overall security.

Adam Palmer, contributing author

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.