The Home of the Security Bloggers Network
Home » Cybersecurity » Cloud Security »
Welcome to the fourth and final blog post in our series dedicated to helping you find a cloud security vendor that fits your cloud security strategy. This series takes you along the journey of picking, evaluating, identifying and assessing your security partners so you can feel confident as you deliver cloud security to your organization.
We invite you to review the other posts in this series:
And now, drumroll please: You’re ready to start a POC with a cloud security vendor. Congrats on sorting through the options and noise to get to this point – it’s an achievement! Since you’re still in the evaluation phase, you’ll want to keep doing your research and tracking progress to ensure the POC brings the clarity and value you seek.
Let’s make your time count. With input from our security experts, below is a list of POC-related questions to ask. These will help you get the most out of the POC and ensure that, should you choose it, the solution will answer your needs for mitigating relevant security threats.
Why ask this? Diving into a POC is not yet a full-blown commitment – but isn’t “no strings attached,” either. Ask your vendor about the time and resources they expect – and recommend – that you commit to get the most out of the process.
Their answer will help you understand the POC’s impact on your team’s time and timeframe. If the “down payment” (the effort you’re asked to put into the POC) is too high, you may want to reconsider. Also, before committing to the time investment, make sure you have confidence in the vendor.
You can also reveal from a vendor’s response if they carry out POCs efficiently. You may be lining up multiple POCs, so compare their response across vendors.
Other questions to ask include:
Supply chain attacks are a growing risk. The fact that your supplier is in the cybersecurity industry does not make you less vulnerable. When switching to a new solution, you need to make sure that: (a) your vendor takes proper measures to secure your data and systems; (b) switching to the vendor’s solution won’t “break” your existing security stack, putting you at risk.
To ensure no critical security controls are being turned off during the POC, ask:
We daresay this is the most important question in the POC. It addresses your POC metrics monitoring and goal tracking so you can ensure the solution fits your cloud security strategy and and ROI reporting objectives — the concept of ROI is the same as for any project.
But not only that. The answer tells you what data you’ll have for making your decision and gives you agency, should you decide to move forward with full solution implementation, for garnering support for your decision throughout the company. It also helps you compare the ROI outcomes of different security vendor POCs.
Questions for success measurement include:
However savvy you are, avail yourself of the vendor’s guidance, especially at the beginning. This is important to helping you understand the nuts and bolts of the solution, but also enables you to evaluate what it will be like to work with the vendor day-to-day. You will see how responsive and knowledgeable they are – and what it would be like to deploy the system for less experienced or knowledgeable people on your team or in your organization. Regardless of what the vendor suggests, we recommend having any stakeholder you deem relevant – across security, DevOps, IAM, other engineering teams and even leadership and contractors – take part in the POC.
Suggested questions for evaluating the communication aspect of the POC:
The purpose of the POC is to evaluate the gap between the many sales calls and product pitches you went through and what the solution actually does. If the gap is small or non-existent, the solution can be successfully implemented into your architecture.
But what happens if you suddenly realize you need customization of a new capability?
Agile, cloud-native businesses have made it increasingly acceptable (and technologically possible) for customers to request features and get them delivered in a short period of time. This is even more so for startups, which are attempting to penetrate the market and need customer success stories (which one day you may help provide them).
By determining the process by which you can request and receive a new feature, you will get a sense of how flexible and attentive to your needs the vendor and the product roadmap may be. A flexible roadmap can mean very high ROI for you down the road.
Questions for assessing customization options:
One of the most important questions you asked the vendor before the POC was how to measure the POC’s success. Now is the time to review the resulting metrics and identify if your goals were met, and the solution is worthy of implementing to meet your needs.
Questions to ask include:
The POC is a worthwhile step toward understanding solution value. You are now ready to decide if you want the platform to be part of your daily workflow. If so, now is the time to find out the operational aspects of onboarding and usage.
Questions to ask regarding solution implementation:
Cloud threats and attack vectors are growing, vendor offerings are constantly changing and the need for effective cloud security solutions is acute. Careful consideration before you make an investment in a solution is justified and can make a huge difference for your organization’s cloud protection. In this kind of market, POCs make a lot of sense – and are an excellent way to address the ever-relevant “caveat emptor.” Whatever you do, keep doing the research, asking clarifying questions and gaining a detailed understanding of the vendor’s cloud security capabilities – including those you may not have thought you were looking for – and differentiation. It’s the best way to find the vendors that will get you there and keep you ahead of the next threats.
We hope you found this blog post series on choosing and evaluating a cloud security vendor useful and wish you success in your quest and decision.
The post Top 7 Questions to Ask During a POC with a Cloud Security Vendor appeared first on Ermetic.
*** This is a Security Bloggers Network syndicated blog from Ermetic authored by Ermetic Team. Read the original post at: https://ermetic.com/blog/cloud/top-7-questions-to-ask-during-a-poc-with-a-cloud-security-vendor/
The Home of the Security Bloggers Network