Dive Brief:

• The most important part of negotiating with software vendors is the preparation stage, said Paul McKay, senior analyst at Forrester, while speaking at the virtual Forrester Security and Risk Global 2020 conference Tuesday. CISOs and CIOs need to familiarize themselves with the vendor's market, pricing dynamics, and work in tandem with procurement. 
• McKay recommends reviewing the terms and conditions as soon as they become available, because deals can "fall away" when the terms are advantageous to the vendor and "onerous" to the customer. Without understanding early on, legalities could "blow the deal up at the end of the process," he said. 
• When executives want hardier discounts, McKay suggests using existing managed service agreements (MSA). "Often you have MSAs with lots of major providers that live elsewhere within the organization," outside of a CISO's purview, he said. If there is someone else pursuing the same solution, companies might be able to make a bundle within the existing contract.

Dive Insight:

As COVID-19 and the recession reshape IT budgets, technology leaders are consolidating capabilities, asking for payment flexibility, and cutting costs whenever possible. 

In the case of security, the pandemic forced industries into three spending buckets, McKay said: 

• Survival mode: There is no other choice but to cut costs anywhere and everywhere possible.
• Adaptive mode: While cost containment is a top concern, transformative investments are cropping where up appropriate.
• Growth mode: Companies will rev up spending where they can to accommodate speed and scalability. 

Regardless of economic uncertainty and constraints, technology leaders should always armor themselves with a mind for negotiating software contracts. But some negotiating techniques can also hurt a company in securing discounts or reasonable rates. 

McKay relayed an anecdote about an executive who waited until midnight on vendor's year-end sales cycles to secure discounts. While this approach to pressuring vendors worked in many cases, it also gave the company a "nasty" reputation. If a salesperson brands a company as "difficult to work with … it can backfire on you," said McKay. Midnight deadlines should only be used in emergency scenarios. 

If vendors can't provide any degree of flexibility, McKay recommends abandoning the deal. But there is always a limit to how much vendors can yield to customer demands and discounts. When this happens, companies can ask about untapped license entitlements either rolling over into the next year or furloughing payments. 

Companies could propose extended support services if the core software can't be further discounted. "People have a lot of success with getting services thrown in for free or at a large discounted price," such as training or certification. 

Vendors are "often much more willing to move on those sorts of things, but these can often give you more value than the headline discount would," said McKay. For CISOs, these deals ensure the solution is actually actionable for the environment and "is tuned correctly."