As someone who works in the IT security industry, I work with a lot of vendors. I used to work with a lot more, but as a side benefit of streamlining business, I’ve been able to cut down my vendor pool. At first it was a bit of a shock, but after a year of trial and error, I’ve learned a few great lessons that I think are a perfect strategy for any organization looking at updating their infrastructure, outsourcing or subscribing to a hosted cloud model.
First, less is more. One of the biggest issues that I come across is how organizations have a ton of different legacy gear, and they try to add a new vendor into the mix. It’s really like having a nice calm fishtank and then throwing in an aggressive newcomer. It’s not necessarily a good idea as if you start buying one-off boxes you’ll end up with either too many devices from different vendors and thus lots of different interfaces, or you run the risk of something not working due to a conflict of communication between devices. Personally, I’ve always been a fan of the “less is more” school of thought, since the fewer points of complication you introduce, the less chance of conflict.
The second issue that comes with introducing lots of vendors is that the sheer complexity of managing the infrastructure is a bit of a pain. If you have different equipment (say Juniper, Check Point and IBM) all purchased from different vendors, it becomes messy from a support perspective, since vendors will point fingers at each other, and you’ll have each vendor calling you to sell you more stuff. I would rather purchase from one vendor who knows my business well, can suggest the right services based on what I have and what they think I should be doing. The more points of contact you have, the more points of potential failure is how I see it.
Lastly, if you are looking for functionality, try to avoid one-off boxes. It’s an expensive way to do things and it will end up being more expensive than if you buy fewer products that have more functionality. There are some great solutions now that are coming as the great vendor consolidation continues which makes it easy (and more affordable) to buy solutions that do more than one function through the use of technology such as software blades or modules. The benefit is that these services can be turned on and off without having to purchase new equipment, which means they scale better than if you were to buy everything separate.
With all the next generation technologies coming out, it’s going to be increasingly important to ensure that as you add new components to your infrastructure, or leverage managed or hosted services, that you streamline the number of vendors and solutions to ensure that your environment is manageable.