There are a few approaches I'd take in this negotiation over a data loss prevention (DLP) tool.
First, to honor the "no surprises rule" I have with my manager, I would explain the current facts, such as the bid received, its comparison to the original estimate and considerations as to why the bid was higher than originally thought.
Take a hard look at the total cost of ownership (TCO) for the DLP system of choice and compare the TCO to the other systems considered. It may actually be lower than the other products in the long run, though the initial price offered may obfuscate that fact. Be sure you have done this homework before meeting with management to discuss the higher cost estimate for the IT security budget.
Secondly, I'd go back to the vendor of your preferred DLP tool to explain that you want their product, and that it seems to be the best fit for the organization; however, you have a challenge with the price offered and would like to negotiate a lower price and/or other add-ons such as free training, extra support hours, longer license duration, etc. In some instances this may not have an impact on the initial price vs. estimate problem, but you can use this to show management the extra value added by the preferred DLP vendor. If it is a cash flow concern with your company, you can also approach the DLP vendor to see if they offer anything like a deferred payment plan.
Thirdly, to avoid this problem in the future, be sure to collect information early in the bidding processes relative to how the product is assessed by such organizations as Gartner in its Magic Quadrant, various product reviews and other places. These third-party reviews may be useful when making your case, too.
Lastly, help management understand the cost benefit of going with the more expensive product. Don't forget to include information such as costs the DLP system can help the company avoid, such as fines or general costs of the breach notification process. According to the Ponemon Institute's Cost of a Data Breach study, the cost is approximately $204 per record breached: Statistics like these can demonstrate the increased value offered by the preferred DLP.
Remember, management needs to explain these procurement decisions to their senior management, too, and as such, you need to provide them enough quality evidence to help them explain why they chose the higher-priced DLP system.
This was first published in April 2010