Manage Security With Vendor Support Contracts

Image for post
Image for post
Image Source: Shutterstock

What Is It? We’ve all bought electronics from our local retailers. When we encountered issues, we either had to take it back to the store (remember your receipt!), contact the manufacturer (that was fun), complained to some authority, or ended up having to sort things out on your own. Sometimes we bought extended warranties which did little more than cover the replacement or repair period for the item, or just ended up replacing it altogether.

While that may be fine at home, that approach doesn’t work in most workplaces, and we expect a lot from our hardware, software, and services that we purchase from vendors. We’re also very good at learning enough about these products to use them, but also enough to be dangerous. Unless we have had the good fortune to work with the vendors, we often encounter moments where we’re not sure what to do, so we send an email or pick up the phone.

Unless we’ve spent the money on a service contract or other type of support, which will often go nowhere, we find ourselves digging through forums and seeing the same questions over and over, asked differently, but not answered. We dig through knowledge bases, become very skilled at Google, and start asking around with all our colleagues and contacts. Sometimes we find the answer, sometimes we figure it out on our own, but a commonality is how much time we waste doing this.

We also find that when new patches and updates are made available that without a support agreement, we can’t access them. Ask anyone trying to download firmware how creative they must get to get the file(s) they need — and if they *always* come from a reliable source. More than once I have spoken with well-intentioned people who downloaded a *free* update only to find it riddled with malware, broken, or incomplete.

Most of you that know me know that I am vendor agnostic. This isn’t a knock against any of them. I respect them and enjoy interacting with them and using their technology. I think vendors do a fantastic job providing us with outstanding products and technology, so it’s only fair we spend the time and money to have them look after it as well. Who knows a vendor product better than the vendor? Sure, we all have our horror stories, but, with a little patience and persistence, they’ve always come through for me.

Where Do I Start? Inventory. What do you have, from whom, and what versions do you have? Which of these is covered by warranty, extended warranty, or some sort of managed services agreement of support contract? While you probably have a good idea what you have and how many of them, you may not always know if it’s covered, for how long, and when it’s due to be renewed or replaced. First things first. Have a good, current, and complete inventory of all hardware, software, and services assets.

With the inventory, it’s time for a little digging. You’ll probably have a serial number, license number or similar that spells out to the vendor what it is when it was made, and whether it’s covered or supported. You may spend a little time digging through your asset databases, but you can also check with the vendors. Many have online tools to check the warranty of appliances, and if you have a login for the vendor support site, you should be able to gain access to support contracts. Be aware that not everyone in your organisation can do this. If need be, find out who can get access and be very nice to them!

Don’t hesitate to pick up the phone and send emails to vendors to ask. You’ve taken an interest in their products, and they’re usually happy to help in any way they can. Hey, sometimes it can lead to more sales in either hardware, software, or support. Win-Win!

How do I make It Work? Once you understand the hardware, software, services, applications, and so on that you use, whether it is covered by a support agreement of some sort (including warranty), and whether you have any type of vendor support included, it’s time to fill in the gaps.

This is not to say that you should arbitrarily have everything included because that would get expensive, fast. It would be like buying the most costly health insurance but never going near a hospital and if you did, only using a tiny portion of it. Prioritise your assets and focus on the more critical ones first — firewalls, core switches, payroll applications, endpoint protection suites, encryption software, and so on. Be mindful of your budget and consider the cost of downtime versus the value of the support.

With those details sorted, contact your vendors or integrators through whom you purchase your products, services, and support and get your help. Also, understand inclusions and ommissions when the support renews. You must also consider your equipment when it reaches end-of-life so you can ask the vendors and integrators (or service providers) to send you reminders. Do yourself a favour and keep track internally. You don’t want to try to download a critical patch or ring them up in the middle of the night when everything is down only to find out you’re no longer covered! Ask lots of questions and get the answers you need to make informed decisions.

Acquire the support and coverage and go back to business as usual, a bit more relaxed because you know if something goes a little wonky, you’re covered. It’s kind of like a good insurance policy.

Pitfalls? Read the fine print. I know that sounds old school but take the time to understand what is and is not covered. If something included is not needed or if something omitted is required, find out how you can adjust the support agreement. Sometimes the little extra cost pays off in the long run anyway.

Also find out when the coverage starts for your products and services. Some start as soon as it leaves the factory (i.e. “manufacture date”), some as soon as they leave the distributor, some as soon as you purchase it, and others when you install it. I once had a client whose “brand new” switch was no longer under warranty because it sat on a shelf for a year as a spare and because it had neither had support or extended warranty applied for over a year, it could not be purchased. An extreme example, perhaps, but the point is to figure all this out before you end up in a situation.

Ghosts in the Machine? You may also need to figure out who will provide support when needed. It may come from the vendor directly, from a distributor, integrator, consultant, or other authorised third-party. Be sure that whoever is providing the support is appropriately registered and certified. Sometimes you can even have authorised people on staff already via their certifications. It all depends. Be sure to find this out as well.

Anything Missing? The sooner you act, the sooner you will be covered and the sooner you can relax. Start today by finding out what you have, if it’s covered, and acquiring the coverage and support on a priority basis.

Disclaimer: The thoughts and opinions presented on this blog are my own and not those of any associated third party. The content is provided for general information, educational, and entertainment purposes and does not constitute legal advice or recommendations; it must not be relied upon as such. Appropriate legal advice should be obtained in actual situations. All images, unless otherwise credited, are licensed through Shutterstock

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store