Choosing an IT Security Vendor: five key factors

Feb 16, 2021

Gaetano Mecenero

By Gaetano Mecenero

Feb 16, 2021

 - By Gaetano Mecenero


Read in German

Digitalization has been advancing rapidly, and not just since the pandemic. This does not only have an impact on a Company’s own business model, but also on the choice of suitable vendors. The latest qualitative market surveys show that new factors are becoming more important.

The choice of the right IT Security vendor needs to be well considered. This is true not only due to security aspects, but because of any effects the choice has on the user experience, being it for the Company’s clients, or employees. In addition, rapid implementation of new requirements and the ability to adapt to new situations are key added values that should no longer be underestimated. The following five questions will help you select the right vendor for a successful long-term collaboration.

1. Does the vendor guarantee future viability?

Especially in today’s times, a vendor has to be able to react very quickly to changing Customer needs as well as to changing risk scenarios. Having a vendor that can flexibly respond to your priorities and make decisions quickly determines how timely innovations are implemented. A completely in-house engineering team, developing products and software stacks from the ground up without any technological legacy, as well as short decision-making processes are valuable points. Innovation should not only be driven by the customer, but also by the vendor itself. Especially in the IT Security market, it is important to always think one generation ahead to address future cyber risks from an early stage. Vendors with strong ties to international academic and industrial research have a significant advantage over traditional ones.

2. Is the vendor suitable for partnership and ecosystem models?

Partnerships and ecosystems are becoming more and more relevant. Your own business model is becoming increasingly interlinked with that of other companies. This also changes the risk map and raises the question of how congruent the risk scenarios are. Vendors should not only have expertise of the industries relevant to you, but also a deep understanding of existing and forming ecosystems. Choosing vendors that focus on a product with a clear value proposition enables you to choose the integration and deployment models most suitable to your specific needs.

3. Does the vendor have the flexibility to meet different user needs simultaneously?

Let’s take for instance the Authentication market. Today, it is no longer enough to offer one solution for all users. User behavior varies greatly, ranging from tech-savvy teenagers, individuals less attuned to the latest technological innovations, as well as corporates with static processes. Even more so vary the risk scenarios: an employee often needs a different login flow than an end customer, just as a user who travels a lot needs to be authenticated differently than someone who mostly interacts with your services from home or work. The flexibility of defining different user experiences for user groups or individuals must be a given in today’s world. The offering must therefore include a wide variety of login methods, as well as individually configurable fall-back solutions. This is a key criteria to prevent support and helpdesk costs from exploding.

4. How transparent is the pricing model?

Pricing models should adapt to the behavior of your users and bring a high degree of flexibility. Unfortunately, many vendors still offer static, obscure, and ad-hoc licensing models. This bears the risk that you end up paying for things you do not use, or even worse skip vital IT security checks in order to keep at bay ballooning licensing costs. Thus, licensing models that adapt to user behavior (pay per use) are considered the most customer-friendly models. In addition to the licensing model, particular attention should be paid to possible follow-up costs for changes, updates, or when new technologies are introduced to the product. For some vendors, this is the primary way to make money. Once you have decided on a vendor, the switching costs are relatively high. It is thus important to take such aspects into consideration when selecting a new vendor.

5. Does your vendor have the same cultural understanding?

Culture is often difficult to describe and measure and is therefore not documented in any RFP. Working on the basis of a common ground can positively impact the success and efficiency of collaborations by reducing the risk of misunderstandings. Collaboration is strongly influenced by shared values and cultures. This starts from the language and goes all the way to how interactions are carried out. For instance, do people only communicate via email or do they prefer to quickly pick up the phone or arrange a meeting? The closer the vendor is to you — also geographically — the easier it is to work together. Ultimately, however, the collaboration should also be fun and mutually enriching. When the vendor’s passion for the topic becomes visible, and the discussions are carried out at the right level, the collaboration between the vendor and the customer can really pay off.


The choice of the right IT Security vendor needs to be well considered. After all, from the Customer’s point of view security measures have always been seen as critical, a business barrier, and a necessary evil. It does not, however, have to be like this: the balancing act between user-friendliness and security plays a central role. In addition to security requirements, tangible values such as rapid implementation and delivery, and the ability to adapt to new situations, as well as intangible one such as culture-fit between teams, are also important. Particularly in the case of cybersecurity issues, long decision-making processes, technological debt leading to slow product changes, as well as geographical distance, or a lack of innovation and security know-how can all take their toll not only in the near future, but most importantly in the long run.

IT Security vendor

I want to learn more

Let's talk about your use case and how we can help