Vendor software solutions usually have configurable settings to work in a particular environment; what we don’t expect is to end up paying for significant adaptations to make the software work. Without understanding the required level of configuration or customisation, costs for the new solution can quickly skyrocket. Investigate the solution more thoroughly before making a buying decision. Using the system ‘out of the box’ should be a viable option.
Here are some examples, but these will vary depending on the type of system:
- Identify and Access Management – does the solution have a built-in option to integrate with Active Directory or other directory services? Given the level of Active Directory usage throughout the world, this should be the case for this genre of software. Configuring the system to know which domain to look at is expected. However, it would be a disappointment to purchase the solution and then need to pay extra for the development of an integration module.
- Support packages used to fix products – selling a solution combined with a support package is one thing; however, offering consultancy services to make the software work properly is often a fact of life in the IT sector. The consultancy services could quickly become more expensive than a “built in-house” solution.
- Existing integration modules – what systems does the solution already integrate with as standard out of the box?
- How much, if any, bespoke software development is required? – the solution should be functional out of the box. If there are special requirements that no other organisation has, then the software may need tailoring.
If the product needs modifications, you should thoroughly consider if it is the right choice and investigate other options.
Robert is an information security consultant with over 20 years of experience across various organisations, both in the United Kingdom and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Contact Robert directly through Linked In.