The major concern was particularly insider threat, since perimeter security had been sufficiently matured. When we started looking for automating solutions, the confusion entered making decision difficult. Then one of my colleagues suggested using magic quadrant. He had used it while selecting SIEM tool. This article is to share the learnings from the experience of using magic quadrants.
Long time ago when internet was in its nascent state of development, search engines were evolving and Web services were nearly absent, some visionary organizations such as Gartner, Forester, etc., built knowledge-base by collecting and analyzing information and making it available at an affordable cost. One such service, which is still most popular and sought after is ‘Magic Quadrants’. The main beneficiaries of this service were CIO, CTO and CISO.
How does a Magic Quadrant work?
The consulting organizations (Gartner, Forester, etc.) collect information on technology solutions for a various specific services from available vendor solutions for example: ERP, SIEM, DLP, IDAM, etc. They will also collect the generic requirements from users for these services and evaluate each solution by scoring it against these requirements. In addition, they use additional evaluation criteria such as sustainability, growth plans, diversity, etc. that addresses the questions related to vendor risk. The result of this comparative analysis is presented in a quadrant with each cell representing comparative positioning of solution in comparison with other vendors. The convention presented here as example is used by Gartner) leaders, challengers, niche players and visionaries. Organizations interested in selecting solution use these quadrants as guidance while choosing vendor solutions.
Challenges of Vendor Selection
Although Magic quadrants are an excellent aide in decision making, selecting relevant technology solutions is quite complex as the customers have to consider various factors such as:
- Expected outcomes
- Capability requirements
- Budgetary provisions
- Suitability for organization
- Ready to use
- Ease of implementation
- Integration with other technology solutions
- Training, Support and maintenance requirements
- And so on
Key factors for consideration
Magic quadrants are developed based on common parameters and criteria and hence it has to be customized as per requirements of the specific organization. In using magic quadrant an enterprise has to consider the following:
- Define solution requirements in detail covering:
- Cost and benefit
- Study the latest magic quadrant, particularly look for:
- Parameters identified to ensure they cover enterprise requirements
- Scoring mechanism and weightage for the parameters relevant to enterprise
- Identify solutions and make their own comparative statement.
- Shortlist few solutions (provided they are available) and perform proof of concept (PoC) to ensure suitability for the enterprise. If it is not possible to conduct PoC due to lack of resources and skills, then consider taking expert help. When faced with such an issue we hired an expert to conduct PoC and then engaged them in the implementation project. The experts do not just advise but help in implementation to prove that the solution works.
- Review support, maintenance and training requirements for solution.
- Prepare plan for acquisition and implementation.
Magic quadrants have been helping organizations in selecting technology and shall continue to do so, however organizations must use them as one of many and not the only criteria while selecting solution.