I just had a long conversation with a vendor and was asked how IT evaluates vendors, technologies and service providers. In other words, what aspects are consistent whether you are talking hardware, software or services? This is how I broke it down. I would love to hear your thoughts with regard to whether I got it right or am off-base.
Trust, from my perspective, is the first and most important hurdle. It defines the difference and the advantages both OSS and Microsoft have in the market and, as a hurdle, if it isn't overcome, nothing else matters.
This means I can depend on you to do what you say you are going to do and not act intentionally against my best interests. OSS actually shows a lack of trust because people feel they need to be able to look at all aspects of a product; strangely enough, this is often true even if they lack the skills to do such a review effectively. In short, it is like saying, "I trust you only if I can observe everything you do," which, to me, isn't trust at all.
If I were to point at why a vendor most often loses an account or gains a new one, it is because of trust. In the case of a loss, trust has been breached or the buyer simply does not believe the entrenched vendor can be trusted to provide anything beyond what the winning vendor provides. Entrenched vendors should almost always win bids because the cost of displacing a vendor who knows a business with a vendor who does not should exceed any short-term ability to provide a lower price. But it often doesn't and that is why there is so much vendor movement in some accounts.
This isn't a need to buy security software or technology; this is the need to feel secure. Even though it may be false security, both Apple and Linux providers seem to do a good job of making folks feel secure. Here we mean a lack of worry. Security vendors, because theirs is an insurance type of sale, make the problem worse because they have to constantly make people feel unsecure in order to sell their solutions.
I think we could argue that, if we are comparing products, a platform that has more security vendors to support will inherently appear less secure than one that has very few. This is because there is no one marketing the second platform's vulnerabilities.
Regardless of the cause, the number of patches, exploits and breaches that occur during a given period, coupled with the worldwide issues surrounding both criminal and terrorist activity, make this a critical area. Products and companies that appear inherently more secure will probably be valued well above those that aren't.
But, what we should not forget is the fact that the goal is not to have the most security solutions but a platform, product or service that has the least security concerns. No Disruption
There was a time when productivity would have been the third hurdle but IT has been promised productivity so much and receives so little in return that you can't help but hear the chuckles when any vendor beings it up now. And the IT folks aren't laughing with the vendor.
Right now, they are more interested in things that don't disrupt their day-to-day operation. They often replace technology because it is either obsolete, meaning it can't do the job or they can't get support for it, or because it is at the end of its expected life and they don't want to risk it failing on the job.
IT buyers tend to favor vendors who have shown a track record of coming in and making problems go away rather than creating new ones. Historically, IBM has had a huge lead here but recently companies like EMC and HP have been giving it a run for the money. This often works against Microsoft because it seldom owns the engagement and often, if there is a problem, regardless of who is at fault, it is blamed.
IT is simply, and increasingly, viewed as a service provider and measured in uptime and consistency of service, so it shouldn't be a surprise if it, in turn, measures vendors this way. Concepts like "stable image" flow out of this requirement and it is the last of the top three things IT values most highly.
This speaks to several things. I think it goes to the core of why IT isn't aggressively being funded and, in turn, isn't moving aggressively to platforms like Windows Vista, or to new hardware, but is investing in security and network technology. It also suggests, from a vendor perspective, that a trust problem will create significant market exposures just like a trust advantage will create opportunities. Microsoft is the most interesting to watch here because it is, in many accounts, the most trusted vendor, but in many others the least trusted. It's the only vendor I've ever studied where the customer base looks like it belongs to two separate companies -- one that is well loved and one that is deeply hated. I'll explain part of the "why" behind that in the future.
But, I'd like to hear from you. Do you think I am on the mark or not?
One closing note to think about, if I am correct about how you view your vendors: Might this not be a problem with regard to how you are being viewed as well? Isn't this another way to say IT is a cost center and, as such, is now constantly faced with managing budget cuts as opposed to being a place the firm invests in strategically? I think it is a lot more fun for all of us when, and where, IT is more strategic. This might be a problem worth thinking about fixing.