Vendor contract negotiations offer opportunity, frustration for buyers

Contracting out work to third-party IT vendors is often challenging.

From licensing issues, regulations forcing companies to submit multiple bids, and the arcane art of negotiation, anything could make or break a deal. And there’s also the possibility of threat-surface expansion. But there are ways to make the process easier.

Vendors are important because there are many things that companies need to do that would be better to have a third party manage. And that doesn’t end with the contract itself; in some cases, negotiation is done by a separate vendor.

Getting help. Oftentimes buyers will turn to third-party negotiators like consulting firm West Monroe. Nate Buniva, a partner at the firm, told IT Brew that clients generally approach the company when they’re already in a bind and need help to get a good price and the most appropriate solution. That goes from the request for proposal, which they structure to be quickly converted to a contract, to working with vendors to answer their questions and shape their proposals for the best fit. Contracting can be a “wild card,” he said, and so the role of a firm like West Monroe is to ensure the proposal delivers on the client’s needs.

Navigating negotiations with the aid of the advisor means that there’s an added layer of protection, and the third-party firm can step in and be forceful with vendors without making you look like a bad guy. That can pay off down the road, too.

“Vendors are not vendors, they’re partners,” Buniva said, adding, “they’re going to help you and your organization grow and scale.”

Keep it simple. Chris Gibson, CEO of the Forum of Incident Response and Security Teams (FIRST), told IT Brew that he’s had some struggles in the vendor contracting process when it comes to moving platforms. Keeping it simple and streamlined is paramount, and a company that offers that ease of transition has a leg up.

“I don’t want some incredibly complicated way of moving from one platform to the other,” Gibson said. “So, building standard systems that allow for that kind of interoperability would be hugely important to me.”

On their end, vendors prefer to have as much information as possible, F5 Field CISO Chuck Herrin told IT Brew. For AI-related issues, that means things like understanding how integrated the technology already is into the existing stack and the use cases the buyer is looking to deploy machine learning for.

“From a vendor perspective, we have to break it down into, what type of use cases are we talking about, and then be really transparent so that we’re answering our customers’ questions appropriately,” Herrin said.

Total intelligence. Herrin added that he couldn’t think of a time when it would be advantageous not to have more information. Knowing where the buyer stores data, what they maintain on prem, and so on are essential for guidance and finding the solution that works better on both ends. It also helps firms like F5 troubleshoot for potential problems going forward—that in turn tempers frustration when things go wrong and allows for expectation management.

“If people are aware that these risks are normal and something doesn’t go well, then there’s much less…negative emotional reaction. It’s not a surprise,” Herrin said. “We knew that could be a possibility, we took the risk anyway, because the business benefit was worth it.”

Gibson agreed, telling IT Brew that in the incident response space FIRST operates in, a smooth back and forth is key. Vendors looking to work with FIRST or similar organizations need to ensure they’re listening and taking on board what their customers need.

“Work with the incident response community to understand what they want, so you’re not selling something that looks flashy but doesn’t solve the problem,” Gibson said.