Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

14 dirty IT tricks, security pros edition

Roger A. Grimes | Feb. 26, 2013
Beware these underhanded techniques for draining IT security budgets and avoiding accountability

Dirty IT security consultant trick No. 10: Promoting product -- and getting kickbacks

We expect consultants to be impartial and to recommend the best solutions for our companies. Lots of consultants make extra money from their "partners" to push particular solutions. We get that. But pushing a product without telling you about the possible conflict of interest goes beyond the pale.

I remember one consultant, many years ago, who advised me on what networking equipment to buy. He didn't tell me that he was getting a vendor kickback, and after we became "friends," or so I thought, he tricked me into buying more network equipment than I could ever have used. It was enough network ports for three times the number of Ethernet runs I needed.

To this day I have memories of all that equipment, hundreds of thousands of dollars' worth, sitting unused in a backroom storage area. It was my mistake. The consultant? He bought a brand-new boat that year.

Dirty IT security consultant trick No. 11: Knowingly recommending products that will be discontinued

Twice recently I've encountered customers who were lured into buying solutions just months before their end of life.

In one case, it was high-speed networking equipment. The other was a network access control solution. Each spent megadollars to deploy what ended up being a discontinued product. In one instance, the consultant later let it slip that he was suspicious the solution was going to be discontinued because he had heard all the developers were let go last year.

Isn't that a tidbit you might want to know before making a buying decision?

Dirty IT security consultant trick No. 12: Saying one thing, signing another

One thing consultants are very good at is translating your needs into a vendor's purchasing nomenclature. This is especially important when customizing or purchasing a partial solution. You want X of this and Y of that, and the consultant ensures these needs are met, cutting through any possible miscommunication.

Except when they don't.

No matter how many times you're told what you're going to get, make sure it's part of the contract. Too often, the product arrives, the project is supposed to begin, and something is missing -- something expensive. The customer goes back to the vendor and finds out the consultant didn't include a particular item on the contract.

The consultant will retort that they were clear about what was and wasn't on the contract, even if you are dead sure what they said verbally was different. Then you have to come up with the additional budget to get what you want or otherwise scratch the entire project.

Dirty IT security consultant trick No. 13: Shortchanging accountability

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.