One of the vital widespread questions we get from CISOs — and CIOs — is whether or not they need to settle for vendor consolidation and add extra Microsoft to their safety stack or do every part of their energy to battle towards it. For the previous few months, we’ve spoken to these leaders by way of inquiries, steering periods, and analysis interviews to debate this precise problem. This analysis culminated within the launch of our report, The CISO’s Information To Microsoft Investments.

This report delves deep into CISO and CIO sentiment about Microsoft as a vendor and, most significantly, how these leaders handle distributors with product traces and attain as huge as Microsoft’s.

A number of the key takeaways from the report (with loads extra within the full report for Forrester shoppers!):

• Escape is unattainable. Whether or not it’s based mostly on identify recognition, partnerships, cloud, productiveness suites, laptops, online game consoles, or some other cause you may consider, questions like “Why not simply do extra with Microsoft?” will come from finance, enterprise line leaders, and your board. The way in which you reply this query issues, and the solutions can’t be private or technical. The solutions must be monetary and backed up with proof.
• Microsoft is a professional safety vendor. Since 2021, Microsoft has been evaluated towards its rivals in a number of Forrester Wave™ evaluations, incomes Chief positions in a number of. The argument that “Microsoft isn’t an actual safety vendor” gained’t maintain water.
• Breaches don’t matter. Loads of safety distributors wish to fireplace up a DeLorean and take us again to the early 2000s as they clutch their pearls about this Microsoft vulnerability or breach. CISOs care. Some CIOs care. CFOs, CEOs, and boards don’t care, particularly on this financial setting. In addition to, everyone seems to be a client of — and a enterprise associate with — an organization that’s had a breach by now. This doesn’t transfer the needle, and the trope is as drained as it’s ineffective.
• However measurement typically does. We heard from CISOs and CIOs that the sheer enormity of Microsoft typically works towards them within the type of inconsistencies throughout account groups and gross sales processes – particularly with RFPs, product names, and included performance. The ensuing confusion opens the door for smaller rivals to offer the centered consideration wanted to assist leaders make a strong enterprise case for retention of — or funding in — their most popular merchandise.
• Worry results in anger, anger results in hate, and hate results in … di$rely$. Whether or not a CISO actually desires to go along with extra Microsoft or not is type of unimportant. Savvy CISOs, CIOs, finance leaders, and procurement groups can come collectively and use the overwhelming, existential dread Microsoft instills in its rivals to squeeze out reductions and deferred funds from them.

Microsoft isn’t the one safety vendor pursuing a consolidation technique. Loads of others are too. However few of these distributors have the identical attain throughout the enterprise that Microsoft does with as many traces of enterprise. This report is designed to assist safety leaders choose their battles in the case of this tech — and safety — mega-vendor.

Forrester shoppers with questions ought to request a steering session or inquiry with me or my colleague and co-author Jess Burn to debate intimately.