Security software is mandatory for enterprises facing an Internet community of aggressive hackers and criminals. But enterprises shouldn’t feel locked into deals with their security vendors, a Gartner analyst said.Under the right circumstances, switching vendors may make financial sense, said Peter Firstbrook, research director with Gartner. And with security vendors making a gross profit margin of 60 percent, enterprises may have more leverage when renegotiating deals, he said. “These guys [security vendors] are pretty fat and happy right now,” said Firstbrook, who spoke at Gartner’s IT Security Summit in London Tuesday. “They’ve got a very healthy profit margin. Don’t feel sad for your antivirus vendor or your antivirus sales rep.”Oddly, the antivirus security software market is mature, but software costs aren’t going down, Firstbrook said. The major security vendors aren’t worried about losing clients because customers believe that changing products would be costly, he said. Before switching, IT managers should think about the complexity of rolling out new software. The companies best situated to make a change are those confident in their abilities to distribute software, test new products and educate users, Firstbrook said.When slugging it out in negotiations, enterprises can do several things to ensure they get the best deal. First, companies should get quotes from a number of vendors and not be afraid to play one vendor off against another, Firstbrook said. Perpetual licenses are good, but organizations should remember that they can negotiate a price only once. Enterprises should also aim for rich packages that include home user licenses and some support, Firstbrook said.Licenses for desktops and e-mail security services should be calculated on a per-seat basis, but server license costs should be based on number of CPUs, Firstbrook said. Companies should not increase their seat count merely to meet a vendor’s price list.Gartner expects an increasing number of security functions to be incorporated into single software packages, Firstbrook said. “I think that over time, vulnerability assessment, patch management, software configuration management will all merge with our antivirus software so we have one view of the security status of a PC, and if it’s broken we can update it,” Firstbrook said.-Jeremy Kirk, IDG News Service (London Bureau)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature CIOs grapple with the ethics of implementing AI With ethical considerations around AI use increasingly top of mind, IT leaders are developing governance frameworks, establishing review boards, and coming to terms with the difficult discussions and decisions ahead. By Esther Shein Dec 11, 2023 13 mins Generative AI Generative AI Generative AI feature Reed Smith turns to AI for lawyer staffing solution The legal firm’s Smart Resourcing tool helps balance workloads and ensure partners find associates with the right skills and experience, while empowering employees to make connections across the firm’s global footprint. By Sarah K. White Dec 11, 2023 8 mins CIO 100 Legal Digital Transformation news Emirates NBD drives sustainability goals with Microsoft partnership By Andrea Benito Dec 10, 2023 2 mins CIO news COP28: How Du and Ericsson's partnership is supporting UAE Net Zero Strategy By Andrea Benito Dec 10, 2023 3 mins CIO Green IT Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe