Simply put, Peer-sourced Decision Analysis (PsDA) is the process of gathering intelligence from experts to support complex decision-making...
As a security integrator, we have been helping our clients navigate the complex process of purchasing cybersecurity products and services for 15 years. During that time, we’ve seen the difficulty of these decisions escalate as companies are faced with a multitude of product options across the ever-evolving threat, data processing, and compliance landscapes. This complexity results in a significant increase in the time and effort needed to research and evaluate solutions, which can add up to hundreds or even thousands of man-hours each year.
To help overcome this burden, security professionals are turning to third-party validation. In this blog, we will examine why companies seek these sources, the difficulties they face when gathering this data, and introduce a new approach called Peer-sourced Decision Analysis (PsDA). As a preview, our customers who have adopted our PsDA process have saved a minimum of 80% of the time typically spent on solution analysis. Let’s jump in.
In the realm of cybersecurity, third-party validation plays a critical role in the purchasing process. There are two main types of validation: expert and peer feedback, and technical validation. However, for the purposes of this discussion, we will focus on the former, as it is an integral part of most cybersecurity purchasing engagements.
Businesses can benefit significantly from this information when it’s collected correctly. Firstly, the data is highly credible because it mainly comes from unbiased feedback given by industry experts and peers. Secondly, when the insights are aligned with the strategic outcomes for the project, they provide great clarity on the decision being made. This enables businesses to make faster, more informed decisions that are backed by expert insights and peer experiences.
There are two primary ways that our customers leverage this data when purchasing cybersecurity solutions:
To underscore the importance of this data, Delinea recently surveyed over 900 CISOs and senior decision-makers to understand how they make cybersecurity tech buying decisions. The study found that respondents overwhelmingly cited gauging their efforts in comparison with their colleagues as a top priority.
Link to Delinea study: https://delinea.com/blog/how-it-decision-makers-make-cyber-security-tech-buying-decisio
Security professionals rely on four main sources for third-party validation, which vary in terms of the trustworthiness of the source and relevance to the situation (context). These sources include:
From a user perspective, the ideal solution would be to learn from peers who have recently made the same purchasing decision and share the same analysis parameters. This means their project goals, data processing environment, security control landscape, and operational maturity would need to be almost identical. In this scenario, since the context can be validated and it’s coming from a trusted source (peers), the users of this data could consider it actionable information. This intersection is represented by the blue circle in the below diagram.
This “ideal solution” holds great promise for security teams to move a lot faster with better data, but it’s very hard, if not impossible to accomplish. According to Gartner, mid-sized companies spend over 50% of their time researching and analyzing products on third-party validation activities. If you aggregate that across the decisions IT organizations make in a year, it can translate into hundreds, if not thousands, of man-hours of time.
From our 15 years of experience working with customers on these efforts, much of the inefficiencies in this process come down to two main things:
As a result of these factors, third-party validation often becomes just glorified user reviews that are related to the “outcome” of the decision, instead of the “inputs” used to make the decision. This is an important difference, as the latter is the key to unlocking the power of collective wisdom in business-to-business decision-making, while the former is a carryover from how we engage collective wisdom in our personal lives.
The best way I’ve come up with to explain this is to compare it to how we use crowdsourced user reviews when planning a road trip.
Making decisions related to a road-trip can be complicated due to various logistical constraints that need to be considered. However, with the combination of GPS maps and user reviews, the planning and execution of trips have been revolutionized. Instead of pouring through maps and researching destinations using paper travel guides, we have outsourced that overhead to data science and the collective wisdom of people who have traveled to the same destinations.
The tight integration between these solutions is what makes it so powerful. The GPS map serves as the source of truth for what users can and cannot do on their road trip, considering factors like timelines, distances, traffic conditions, and more. It also serves as a structure for engaging crowdsourced reviews in the context of possible travel options, enabling users to make faster and better-informed decisions.
Unfortunately, when it comes to engaging third-party validation, the equivalent of the GPS map is missing, making the process manual and time-consuming. It’s like measuring inches to miles on a Rand McNally Road Atlas.
What if security leaders could engage a “project map” to navigate through complex decision-making, similar to how we engage a GPS map for travel? Well, now they can!
As mentioned in the opening sentence, PsDA is a process for sourcing intelligence from experts to support complex decision-making. In this case, buying cybersecurity products and services.
By utilizing PsDA for customer engagements, we dynamically create “Decision Maps” for how to engage these projects, rather than solely focusing on the outcomes of past decisions. Driven by a ML/AI models that continually get smarter as more users engage with them, we can produce a much more valuable data set that offers several key benefits for our customers:
The diagram below illustrates the PsDA workflow and how it compares to other crowdsourcing solutions in terms of analysis capabilities and data fidelity (informational vs actionable).
To understand the benefit to our customers, it’s important to highlight where we focused our efforts to prove the concept. Knowing we couldn’t take on every project immediately, we set our sights on two of the most important projects for our clients: Managed Detect and Response (MDR) and Endpoint Detect and Response (EDR). Our goal was to help our customers select the best vendor for these solutions using our Decision Maps to guide the way.
After four years of doing it this way, we are really excited about the results, which far exceeded our expectations. Our maps not only addressed the inefficiencies of doing third-party validation (which Gartner equates to 50% of the analysis burden), but they also created a structure to perform the vendor analysis in the same workflow. The combination of these benefits was then measured against the typical hours our clients spend doing these activities across both business and technical resources. Over the past 18 months, we have tracked a saving of 80%+, which is huge!
In the coming months, we will be delving deeper into the various layers of value this approach provides. To stay informed, subscribe to our blog for the latest updates.
If you’re ready to digitally transforming your cybersecurity purchasing process, please contact us at 800-GO-LATUS or klane@latussolutions.com for more information.
For more information on our Decision Analysis process visit our Connect page: https://latussolutions.com/connect/