Until recently, it's not been an often thought, or talked about topic; but an increasing amount of risk is starting to creep into companies due to their software vendors. That is, the programs you use every day, could end up being cause of a major IT and/or security incident within your company.
This is especially true with the move towards more and more cloud and web-based programs. While on the surface, many modern applications feature slick modern interfaces and "login from anything with a web browser" accessibility, a lot of time these applications tend to gloss over some very important factors. As a result, it has become extremely important to vet just what software companies you're using and get some solid answers on how certain things are being handled.
Here are 5 big questions you should be asking every one of your software vendors, both current and future:
What does the backup/restore process for each vendor look like?
This is one of those questions most people don't ask or think about because a lot of modern software is "in the cloud! so of course it's backed up, right?".
The truth is that backup and recovery is going to vary a lot between different vendors. Some vendors will have a very thorough and granular system in place allowing you to initiate a restore not just in the event of a complete failure, but to also roll back accidental changes (or malicious deletion) if needed. Other vendors however aren't quite so robust. Some will only cover internal systems failures and require you to use a third-party backup solution to fully protect your data. In some cases, a vendor may just tell you you're out of luck no matter what. Be sure to probe exactly what kind of backup and restore capabilities are available in any software that touches critical data.
What are the communication policies for the vendor?
Another concern which often gets waived away because "it's in the cloud!" is the communication policies for things like maintenance, updates and most importantly, outages and breaches.
Asking about what you can expect in the form of communication in the event of an unexpected outage or data breach will tell you a lot about the maturity level of the company and is one that can stump a lot of sales reps. Like backup, it's also something which will vary vendor to vendor and if you're going to use a piece of software or service to perform an important task, you're going to want to know what's going on when it doesn't work (or if they've been breached).
What is the data collection and privacy policies for each vendor?
While security is usually an important thing that many vendors will tout, something also important to pay attention to is what the policies are around your data as far as the vendor itself is concerned.
Some companies can be very liberal with the data the collect as your company uses their software or services. On the surface this may not seem like a big deal, but in some cases it can be a major security concern. It's important to review the privacy policies for your vendors, as long and dry as they may be, to really determine what you may or may not be giving up on the platforms you use.
What is the export policy for data contained in the software?
While you may not see the need for it now, there almost always comes a time where you need to transition from one platform or software solution to another. Maybe your business has outgrown what you currently use, or perhaps the software has been victim of the corporate takeovers (as is common in the industry).
When that time comes, it's very helpful to know if and how to export the data in the software to your new platform. If you're looking at a new software solution, ask ahead about data export and retrieval. While most software solutions have some form of retrieval, some companies tend to play keep-away in an effort to keep you locked in to their platform. Knowing what you're getting into ahead of time can make a
How is the software hosted and how is the data stored?
As we move into more and more cloud-based solutions, performance dependencies change from individual computers and servers to internet connections and data center locations. This is an often overlooked fact and can end up causing less than desirable results when it comes time to actually use the platform.
When evaluating new potential software solutions, it's useful to know things like how the software is hosted and where the primary data centers are (performance), how many data centers are used (performance and continuity) and if things like CDNs are used (data footprint). Many times this can be found on a vendors website, but most sales reps should also usually have an idea.
Keeping informed on the software you use in business
Keeping up to speed on not just the software you use, but the vendors behind it is more important than ever. While these are some basic questions you should definitely be asking each and every vendor, these are not the only ones. We recommend taking time to sit down and determine what is important in your business's technology stack and then follow up with the vendors to ensure they are satisfactorily meeting expectations.