Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

14 dirty IT tricks, security pros edition

Roger A. Grimes | Feb. 26, 2013
Beware these underhanded techniques for draining IT security budgets and avoiding accountability

If the answer is no to both of these questions, then reconsider the purchase no matter how awesome the solution.

Dirty IT security consultant trick No. 7: Travel bribes

They come in and insinuate that if you buy their product they will be able to "recommend" you as a visitor to their annual conference meeting in some exotic locale: "Buy our expensive IPS and you'll have a week in Maui coming up soon."

Or they fund an expensive "networking" trip for you before you buy the product.

I can't say I really hate this technique, even though what your consultant is suggesting is usually unethical and sometimes illegal. Who doesn't want to visit a nice vacation spot, stay in a five-star hotel, and eat in restaurants they could never otherwise afford?

Of course, it always pisses off the consultant when you decide not to buy. When I get offered something that might be mistaken for a bribe, I think it's best if I don't buy any product, just so no one gets the wrong idea. But thanks for the trip!

Dirty IT security consultant trick No. 8: "One last thing"

I hate this trick most of all. The consultant brags and brags about a particular solution, even demos its awesomeness. It is awesome. You'll take 10 of them. Then after you've convinced management to allocate the money to buy it, the consultant tells you a tiny fact that crushes all the advantages.

I've been told after signing a contract that the data storage I was shown in the demo, which I thought was part of the product, is extra. After signing a contact, I've been told the solution has a few bugs. Those bugs, it turns out, invalidated the product. I've been told, after the fact, that the solution doesn't work as well on my wider enterprise, though the consultant was very familiar with my environment. I've had consultants leave out annual service costs, mandated upgrades, and all sorts of details that tipped what I thought was a good decision to become a bad decision.

And they tell you the new information with a smile.

Dirty IT security consultant trick No. 9: Ignoring your deadline

From the outset, you tell the consultant or vendor your drop-dead date for finishing a particular implementation or project. They work with you, gain your trust, and their solution seems perfect for your company. You place your order, and all of a sudden they don't have a product, installers, or trainers that can fit your schedule. It's hurry up and wait.

You wonder how they didn't hear you repeatedly at the beginning when you asked if they could make the date expectations you were directed to meet. Their changing date forces you to make another purchase decision, eat into another budget, or reschedule a major vacation. It's never fun.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.