You cannot fix stupid vendors
- 
 @IRJ said in You cannot fix stupid vendors: @JaredBusch said in You cannot fix stupid vendors: Instead you simply refuse to purchase form them when possible. When not possible, you do the absolute minimum required to implement and keep any change documented in order to prevent stupid shit they do from coming back on IT. This is where it is nice to have policies in place that only allow secure apps to be deployed that meet a a defined criteria. This policy is then signed by CEO and CTO. So when they want the software, you show them it doesnt meet the policy they signed and is it creates unnecessary risk Great idea. 
- 
 @scottalanmiller said in You cannot fix stupid vendors: @IRJ said in You cannot fix stupid vendors: @JaredBusch said in You cannot fix stupid vendors: Instead you simply refuse to purchase form them when possible. When not possible, you do the absolute minimum required to implement and keep any change documented in order to prevent stupid shit they do from coming back on IT. This is where it is nice to have policies in place that only allow secure apps to be deployed that meet a a defined criteria. This policy is then signed by CEO and CTO. So when they want the software, you show them it doesnt meet the policy they signed and is it creates unnecessary risk Great idea. Another thing to write on the policy is that if there are any exceptions to this they must be signed off and documented. You will find out how quickly the c levels or even directors will not want to sign anything off and accept responsibility for the risk. 
- 
 @IRJ said in You cannot fix stupid vendors: @scottalanmiller said in You cannot fix stupid vendors: @IRJ said in You cannot fix stupid vendors: @JaredBusch said in You cannot fix stupid vendors: Instead you simply refuse to purchase form them when possible. When not possible, you do the absolute minimum required to implement and keep any change documented in order to prevent stupid shit they do from coming back on IT. This is where it is nice to have policies in place that only allow secure apps to be deployed that meet a a defined criteria. This policy is then signed by CEO and CTO. So when they want the software, you show them it doesnt meet the policy they signed and is it creates unnecessary risk Great idea. Another thing to write on the policy is that if there are any exceptions to this they must be signed off and documented. You will find out how quickly the c levels or even directors will not want to sign anything off and accept responsibility for the risk. My office wouldn't care.. 
- 
 @Dashrender said in You cannot fix stupid vendors: @IRJ said in You cannot fix stupid vendors: @scottalanmiller said in You cannot fix stupid vendors: @IRJ said in You cannot fix stupid vendors: @JaredBusch said in You cannot fix stupid vendors: Instead you simply refuse to purchase form them when possible. When not possible, you do the absolute minimum required to implement and keep any change documented in order to prevent stupid shit they do from coming back on IT. This is where it is nice to have policies in place that only allow secure apps to be deployed that meet a a defined criteria. This policy is then signed by CEO and CTO. So when they want the software, you show them it doesnt meet the policy they signed and is it creates unnecessary risk Great idea. Another thing to write on the policy is that if there are any exceptions to this they must be signed off and documented. You will find out how quickly the c levels or even directors will not want to sign anything off and accept responsibility for the risk. My office wouldn't care.. My guess is they don't care because there are no ramifications. Most of what I have seen is all talk and no action. Add to that, even if you show the signed sheet, blame will be shuffled on down the line. 
- 
 @pmoncho said in You cannot fix stupid vendors: @Dashrender said in You cannot fix stupid vendors: @IRJ said in You cannot fix stupid vendors: @scottalanmiller said in You cannot fix stupid vendors: @IRJ said in You cannot fix stupid vendors: @JaredBusch said in You cannot fix stupid vendors: Instead you simply refuse to purchase form them when possible. When not possible, you do the absolute minimum required to implement and keep any change documented in order to prevent stupid shit they do from coming back on IT. This is where it is nice to have policies in place that only allow secure apps to be deployed that meet a a defined criteria. This policy is then signed by CEO and CTO. So when they want the software, you show them it doesnt meet the policy they signed and is it creates unnecessary risk Great idea. Another thing to write on the policy is that if there are any exceptions to this they must be signed off and documented. You will find out how quickly the c levels or even directors will not want to sign anything off and accept responsibility for the risk. My office wouldn't care.. My guess is they don't care because there are no ramifications. Most of what I have seen is all talk and no action. Add to that, even if you show the signed sheet, blame will be shuffled on down the line. yeah, when the owners are the shareholders, they don't have to give a shit. 



