Avoiding Vendor Bloat

Some IT software vendors may hate me for this blog post, but I want to write it anyway. During my decade as an IT consultant for businesses of varying sizes, I’ve observed a particularly annoying phenomenon, which I call “Vendor Bloat.” What happens here is an organization’s IT decision makers identify some need and immediately look for technical solutions that will meet that need. This is not always a bad idea, but in many situations, the organizations fail to realize that they already have technical solutions that meet the need and end up with a massive number of  technical solutions from different vendors. This results in an IT environment that is constantly fighting with appliances, servers, and software solutions. The end result is a terrible IT infrastructure that ends up hurting the business instead of helping the business meet its goals. The IT support team has numerous vendors to talk to for support and those vendors don’t help them get the solutions working with all the other stuff they have.

In one extreme example I recall going in to an organization that had 3 email security appliances; a spam filter, an email encryption appliance, and an email archiving appliance. They were constantly having issues with mail delivery delays and failures and just couldn’t figure out what was causing the problem. I took one look and just had to shake my head in frustration. I went through the architecture of the environment with the client and showed them how a single cloud service could provide all three of their email security needs. Once they switched to that method, the email delivery problem mysteriously disappeared.

IT Unitaskers

The core of the problem is due to a type of IT “Unitasker” solution that meets only a single organizational need. If you haven’t seen TV Chef Alton Brown’s tirade against Kitchen Unitaskers, go watch it to get a little background on the term “Unitasker.”

Basically, IT software solutions or appliances that only do a single thing are dumb, and are often very close to being scams. They cost lots of money, do very little, and do more to hurt your IT environment than help. You should know that most of the quality solutions out there have the ability to meet multiple needs without third party additions.

Following the Email Security example, you want to look for a spam filtering solution that provides some form of email encryption and either archiving or spooling services as well. An email encryption solution should also provide Data Loss Prevention capabilities or have spam filtering features as well, and even a solution for managing Whole Disk Encryption or Endpoint Security can add great value.

Aside from the general annoyance of dealing with different support frameworks to fix a problem, you do not want to have multiple vendors handling your mail-flow. It’s a nightmare to troubleshoot issues with more than one vendor or two vendors in the mix, and issues are bound to happen when you have your email bouncing through multiple servers or appliances before hitting a mailbox.

So how do we avoid Vendor Bloat?

Don’t Be Lazy

The first step to avoiding Vendor Bloat is getting over the desire to avoid work. There is a lot of work and careful examination involved in properly assessing the need for an IT solution. But that work must be done if you don’t want to have someone take advantage of you and sell you things you don’t need. You should never ever cede oversight of the IT environment to a vendor.

Honest Self-Assessment

One of the first bits of work you need to do is to honestly and thoroughly assess your environment’s existing infrastructure as well as the need you have. If, for instance, there is a phishing attack on the environment, you need to carefully assess the damage before looking at solutions to keeping them from happening.

The process here requires you to examine existing costs, budgetary constraints, solution need, and cost to continue as-is (including hidden costs like reduced efficiency). If the aforementioned phishing attack only cost you a few headaches and you’ve only been hit with a single similar attack in the past decade, a $100k+ solution isn’t likely to be a good purchase.

Technical Examination

Take a look at your existing IT infrastructure and determine the capabilities of what you already have. You’ve spent lots of good money building your IT infrastructure already, so you need to make sure you don’t already have the ability to meet the need you have without spending tons of money.

Exchange server (and Exchange Online), for instance, is already capable of providing partner-based forced Email encryption through the use of Mutually Authenticated TLS encryption (Also known as Domain Authenticated TLS). Setting this up usually only requires about an hour of work per partner organization, so if you have a limited set of companies that you need to ensure email encryption with, it’s worth it to set that relationship up with Exchange rather than spend thousands on an appliance or cloud solution that only does email encryption.

It helps to consider least effort solutions when being faced with a problem in IT. There are a lot of good reasons for this. First off, creative solutions with your existing environment will allow you to maintain the existing support framework without having to expand or train employees to manage and use new solutions.

If you are a high-level decision maker, be sure that you have access to technical advisors to assist in assessing need. This is particularly true if the need is in an area that you aren’t familiar with.

Vendor Pushback

Whenever a vendor tries to tell you how to meet your company’s needs with their software or service, push back! Don’t let the vendors control the conversation. You have a need and they need to prove that they can meet more than just that need. You have to ask, “What else does this do?”

There are also a lot of hidden costs that need to get added to the equation when you add a new system to an existing IT infrastructure. You have to train your own staff to manage it, you have to adjust your processes to account for the new services, and other managerial issues will pop up once the solution is in place. A vendor’s pitch to you will not account for the hidden costs, so you need to be vigilant and serious when interacting with vendors. Don’t be distracted by the flashy lights and cool tech, and don’t be afraid to say, “I don’t need this.”


Vendor Bloat can become a very serious problem quickly, aside from the general need to have an IT environment where all the pieces work together properly. It is possible, however, to avoid getting yourself stuck in the vendor bloat trap if you are honest, careful, and smart about assessing the need to actually buy a new solution.

Leave a Reply