As a 25+ year old company, we recognize that more is not always better. In fact, it is often much worse.
Being the trusted technology advisor for thousands of employees throughout the world comes with a lot of responsibility. As a result, a way to take steps backward is to try and have multiple entities leading your technology endeavors. A primary reason why this is nearly impossible is the simple mathematical equation that there are literally thousands of solutions and approaches for accomplishing similar business results when it comes to technology. If you are being pulled in multiple directions because you have conflicting advisors, you will end up confused, stalled in your decision making and often, far more vulnerable than before.
I want to be clear – having a third party evaluate what you are being provided from a technology provider is not harmful. In fact, in many cases, it is a good move. But when is the last time you had another CPA firm evaluate your CPA’s work? Or your attorney’s? Or your banker’s? My guess is never.
Why is that? Typically, because you trust them wholeheartedly. And everyone recognizes that it is a poor practice to explore. Then why is technology any different?
At PCA, we have been known to use the “you don’t want too many cooks in the kitchen” analogy. When we take over IT management, we request you work entirely with us. We believe that the relationship you have with your Trusted IT Advisor needs held in the same regard as your CPA, attorney, and banker.
Specialization is different, of course. PCA does not offer software programming so if there is a business case for it, you would engage another provider for that portion. However, your trusted technology partner would oversee and engage alongside that provider to assure you reach your business outcomes. The two entities would interact, but not try to accomplish the same goals. This is like a having both a business attorney and a defense attorney that could collaborate but perform completely different tasks.
It is common practice to engage a cybersecurity firm to do penetration testing and vulnerability assessments. But it is ill-advised to do that without your Technology partner’s involvement. The partner should take the results and implement the solutions to provide you with a more secured environment.
There are some providers that do not believe in this approach. Given the heightened security risks today, it is a poor practice to have multiple providers doing the same thing as you have now increased your attack vectors. Having a “snapshot” assessment of your overall security or IT posture is one thing – setting a “recording” for an extended period of time to gather more data is a risk not worth taking because #TheThreatsAreReal.