How do you choose your vendors?
Trevor Pott has a little list. What has he missed?
Sysadmin blog Part of ranking vendors (and their products) involves attaching a certain level of priority to the different categories you judge them on. Everyone is going to value different elements of a supplier relationship differently, so the items on my list should be considered to be "in no particular order." I leave it as an exercise for the reader to create their own procurement spreadsheet of doom and weight the categories listed.
Trustworthiness of the vendor
"Trustworthiness" can be defined in any number of ways so I'll be clear about my meaning: when I talk about trustworthiness I am talking about a combination of "will follow the letter of the law" and more ephemeral concepts such as "honour."
Do they honour warranties without flinching is a traditional measure, but the harder stuff is more nebulous. Do they value your data security? If you put your entire client list into a vendor's cloud will they refrain from data mining it for their own purposes? Do they securely dispose of any data storage devices they swap out? Do they plan for breaches on their side? Have they embraced trustworthiness by design?
Is the support horizon of the widgets the vendor shifts aligned with your business needs? All of the Acer notebooks from the mid-aughties that I bought came with a had this rather annoying habit of dying a few days after the warranty expired; a warranty that was far too short.
The gold standard for me is "Microsoft of yore." It supported products for a decade or more - important, because in the real world SMEs are using six- and even 10-year refresh cycles on their equipment and the software that goes with them. I don't hold that the issues of support horizon can always be solved by SaaS; "rapid release"-style Google-for-the-love-of-$deity-stop-moving-my-fricking-buttons subscription models bring their own problems.
Considering support horizon is about more than just being cheap: many businesses go through cycles and money isn't always available for IT refreshes as often as vendors would like. A support horizon that is aligned with your business spend can be a critical consideration.
Closely related to the support horizon concept is Total Cost of Ownership. This includes everything from the sticker (or subscription) price to the cost required to manage and maintain the application. Factor in any bandwidth charges, electricity and cooling costs as well as support costs. Support costs can be internal (often in the form of training) or external (if the technology is something you are exposing to your customers.)
What happens if the widget breaks? Hardware can be replaced, data can't. If a SIP phone breaks you can just get a new one or install a SIP app on a computer. If a notebook breaks, is the critical data backed up somewhere? What are the business continuity plans for cloud applications?
The more convoluted and expensive that business continuity planning becomes the less highly I rank a vendor. At this point IT is so integrated with every aspect of daily life that I don't think it's unreasonable to expect that vendors have put serious consideration into designing their products such that business continuity is not expensive, burdensome or onerous.
Even my three-man company has scripts that take information from one place, transform it and inject it into another application somewhere else. Some of my clients with 50 seats have dozens of programs to interoperate; many fail to do so out of the box. A poorly handled API change at the wrong time of year result in the loss of large accounts or worse.
Few IT products existin isolation. Every month I am asked to make one more product talk to the interconnected hivemind of applications that stitch together my clients' companies. The stability of APIs – and how changes to those APIs are announced and handled – becomes a critical consideration.
'Storminess' of the product
How much time is wasted logging in? Updating things? I already spend enough time on this for it to be a significant portion of my day. Increasingly I expect vendors to be designing their widgets with features like "single sign on" and integration with various authentication systems.
I also expect vendors to have silent updaters, managed update processes or to be able to participate in another company's update management systems. The last thing my users need is yet another "would you like to update now" or "yet another thing to log in to." A related consideration is how well the widget handles your entire userbase logging on – or updating – all at the same time. Does it grind to a halt or tank it like a champ?
Complying with your laws
Your country probably has data retention, eDiscovery and privacy laws. Does the vendor comply with them, or is it merely caveat emptor with the hope that nobody will know better and the subscriptions will flow?
Trustworthiness of the vendor's government
The vendor has to live by the laws of its own government. How reliable is that government? Are they prone to Megauploading businesses? Cutting off internet access? Accidentally (or otherwise) blocking your vendor as part of a poorly handled filter effort?
Does the vendor have plans in place to deal with a government suddenly turned hostile or a DC provider that deletes all their data. Backups in another country, perhaps? We have a decreasing level of control over the people running our various governments; I prefer vendors who are aware that overzealous bureaucrats can do a lot of damage and know how to route legitimate customers around them and to their data.
Interoperability shows up in all sorts of ways. Hardware/hypervisor/operating system/application support, file format support and APIs being the big one. All which really boils down to "if I buy this widget does it narrow my options elsewhere in my design process?"
There is an opportunity cost as well; if the rest of the world starts moving in a different direction and you're stuck in the past it can become increasingly more expensive just to keep up with your competitors or stay compatible with clients. I am leery of lock-in, fortunately we have an entire industry to help with that.
Availability of skills
How hard is the widget to work with; how far off the beaten path do those managing and maintaining it need to be in order to master it? Technologies from vendors like Cisco or Microsoft's offerings are complex enough that they run their own certification programs.
If the widget you are considering falls into that realm how expensive are the people you'll need to run it and how widespread are those skills? You may have an administrator familiar with the widget being proposed, but what happens if that person gets hit by a bus? What will their replacement cost you and how quickly can you find one?
It's a minor nit perhaps, but all too often I've found exactly the product I want from exactly the vendor I want only to realise that the widgets are sold out and that the waiting list is a refresh cycle long. All other considerations are functionally irrelevant if you can't get the widget you need.
Alongside this goes the ability and willingness to do "custom orders," will they revisit their licensing if what's on the pricelist is nowhere near a good fit or swap out one part for another to help their hardware be "just right" for your needs? I suspect the willingness to bend the rules matters more in the SME space, but it is a serious consideration for me.
Quite simply a vendor that doesn't answer emails – especially in sales – doesn't make my list. I know I've been guilty of this myself from time to time, but I can't buy from a vendor that won't pick up the phone!
Having the “best” technology
I define having the "best" technology as having the most stable, feature rich and well integrated product on the market. Different aspects of this end up weighted differently depending on the product. You want a file server to be stable above all else but you probably want your image and video editing software to have the latest and greatest features above all else. Integration is incredibly important in a unified communications product.
Having the best of breed product may give you a significant competitive advantage; enough to overlook other considerations. "Best of breed", however, does not always provide an advantage. In these situations picking a runner-up vendor that provides "good enough" technology but excels in the other aspects of the business relationship is likely to be the better call.
The above are what I take into consideration when considering vendors, but any such list could do with a few additional factors. What elements have I missed? ®
Sponsored: Global DDoS threat landscape report