That phrase came to me many years ago when working on a multi-million pound IT outsourcing deal. We were up to our necks in the finer points of platform-wide and stack-deep security, and I realised we were fighting amongst ourselves more than challenging the final competing vendors. This infighting was partly due to the large amount of IT staff in the room likely to transfer to the winning team and partly due to the view of security controls as a bolt-on extra. Our folks kept stressing the dependencies and limitations that squeeze the ability to implement things that our policies required, essentially doing the supplier sales job for them. Poor procurement practice, by any standard, but symptomatic of the syndrome named above.
Fast forward to a battle-weary post-integration team, sitting across desks from colleagues now settled in new roles. I’m being schooled about the pressure the vendor is under to get the network segregation done. There’s the shortage of PMs, the co-ordination with two other service providers, and the risk of budget overruns. Vendor relationship managers doing the vendor account managers’ job. Empathy for those on the ground more than those who sign the cheques. Just like those hostages who feel an inappropriate affinity for their captors.
You might think that the dynamic is different in the days of cloud computing. After all, we can shop around for fairly generic units of replaceable service. Except we can’t. This fact was called out at length just this week in the New York Times when the publication referenced the primacy (pun intended) of Amazon’s cloud. The market for Platform-, Infrastructure-, and utility Software-as-a-Service (e.g. email, word processing, presentation creation tools, and spreadsheets) is concentrated around single brands. The cost and flexibility benefit come from relatively customer-agnostic parts of the business models. (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/company-suffering-supplier-stockholm-syndrome/