January 23, 2020 | By Moshe Dadush, Infrastructure Security Manager
Running a Proof of Concept (POC) should always be considered an integral aspect of the product purchasing process.
At the initial stage, it is essential to prove to the customer that the product is actually doing what it is designed to do. It is also imperative to show how the product will fit into the customer’s existing environment and interact effectively with the various components of their organization.
Unfortunately, you may have come across some purchases where this procedure was completely omitted or poorly carried out.
Let’s digress a little bit to another topic that is related to the content of this article: The Vendor Choice! Regardless of the specific product we purchase, it is important to ask the vendor the following questions:
- What’s the company’s roadmap in general?
- What are their approaches to product creation and production in particular?
- What is the company’s perception of the market in which it operates?
- Will the company continue to develop the product?
As a preliminary step, you want to obtain answers to those questions to avoid uncertainty later, even before the POC.
Getting to the POC stage
It is very important to begin the POC after meeting with all the relevant parties to the process. The meeting should produce a document that details all the metrics that will be examined and describes the role each party will play in the product purchasing process. The metrics should be clear and measurable so that thoughtful decision could be made.
Some of the important metrics that should be considered include:
- Making sure that the product performs the primary function for which it is purchased. If it fails to do that, other sections of the metrics are not relevant at all. It is important to note that we may not be able to test all possible scenarios. Take for instance, if it is an EDR or AV system, you will not be able to run a real threat in the production environment. Therefore, it is important to agree in advance on the product’s features or functionalities to be tested.
- Configuration and ongoing management – How easy is it to set up and manage the product you are interested in buying? This is a significant question: A product that requires daily and frequent management will compel you to be prepared in terms of manpower. And it will directly increase your organization’s monthly / annual expenditure.
- Integration with other components of the organization–How perfectly will the product interact with the other components within your organization? Will it smoothly send alerts to the managers, to a logging system, and seamlessly integrate with AD etc.?
- Performance Impact – If the product is installed on end stations, what kinds of impact will it produce on system performance and user experience? If this is a network component, is there any impact on browsing, sending out emails, logging to workstations, etc?
- Is the product flexible enough to make room for organizational growth and change? – Two or three years from now, will the product be able to accommodate the changes that occur in your organization? Or will it be mandatory for you to deploy more components before it can function?
- Customizing the Product for Organizational Needs – There is no product that fits an organization’s needs one hundred percent. Therefore, it is important for you to know what you are getting. How easy / complex is it to make adjustments on the product in order to meet your organization’s needs? If this is a manufacturer’s activity, this is a great opportunity to understand what he is committing to, what the schedule is, etc. However, since this is a time-limited process and usually takes place in a controlled environment, it is difficult, at times, to get the full picture of how a product will work when deployed to the customer’s environment.
POC is an important step of the product purchasing process. It provides the much-needed answers that can be used in making an informed product purchasing decision.