Dirty IT security consultant trick No. 11: Knowingly recommending products that will be discontinued
Twice recently I've encountered customers who were lured into buying solutions just months before their end of life.
In one case, it was high-speed networking equipment. The other was a network access control solution. Each spent megadollars to deploy what ended up being a discontinued product. In one instance, the consultant later let it slip that he was suspicious the solution was going to be discontinued because he had heard all the developers were let go last year.
Isn't that a tidbit you might want to know before making a buying decision?
Dirty IT security consultant trick No. 12: Saying one thing, signing another
One thing consultants are very good at is translating your needs into a vendor's purchasing nomenclature. This is especially important when customizing or purchasing a partial solution. You want X of this and Y of that, and the consultant ensures these needs are met, cutting through any possible miscommunication.
Except when they don't.
No matter how many times you're told what you're going to get, make sure it's part of the contract. Too often, the product arrives, the project is supposed to begin, and something is missing -- something expensive. The customer goes back to the vendor and finds out the consultant didn't include a particular item on the contract.
The consultant will retort that they were clear about what was and wasn't on the contract, even if you are dead sure what they said verbally was different. Then you have to come up with the additional budget to get what you want or otherwise scratch the entire project.
Dirty IT security consultant trick No. 13: Shortchanging accountability
Doctors take an oath to do no greater harm to their patients than when they first arrived. I wish consultants had a similar oath.
Too often consultants implement projects poorly, leaving their customers to endure service outages in their wake. Knowing that the only thing that changed in your environment was what the consultant just installed is of no consequence. That just moves the consultant to openly wonder whether something unrelated is causing the outage on the very system they messed with.
Insist on a contract that makes your consultant accountable for unexpected service outages due to no fault of your own.
Dirty IT security consultant trick No. 14: Consultants who make big changes before leaving
Lastly, my favorite consultant trick is the one where they make a major change just before they get on a plane home for the weekend or take an extended vacation. Sure, the resulting outage isn't always their fault, but if you're going to make big changes to an IT network, do it a few days before you skip town. Nothing is worse than having to leave multiple, unanswered emails and phone calls to a consultant while your user base is experiencing downtime.
- Read the Off the Record blog for stories from IT pros, and share your own tech tale -- anonymously, of course. If we publish your story, you'll get a $50 American Express gift cheque.
- IT's 9 biggest security threats
- 9 popular IT security practices that just don't work
- 10 crazy IT security tricks that actually work
- Malware Deep Dive Report
- Data Loss Prevention Deep Dive Report
- Insider Threat Deep Dive Report
- Malware IQ test: Round 2
- Malware IQ test: Round 1
This story, "14 dirty IT tricks, security pros edition," was originally published at InfoWorld.com. Follow the latest developments in security at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.