Manufacturer Reps: Do Your Customers Ask You To Sign Ndas Often?

Michael, can you clarify? When you say customers? Do you mean integrators asking manufacturer reps to sign NDAs? Or the other way around? Or some other combination?

Btw, we are having a related discussion about integrators asking their end user customers to sign NDAs.

Because integrators, as the name implies, INTEGRATE. In some instances that is what separates one integrator from another. So, if you are able to distinguish yourself and your solution set through your ability to integrate various products and services with a mixture of your "secret sauce", why wouldn't you want to protect that knowledge management through the use of NDA's? I've also witnessed how loyalty to a manufacturer can often be a One-Way street in the "IT" security profession. Having cut our teeth in the physical security trade, I can unequivocally state that the physical security dealers have a relationship that is not as one-sided as I have witnessed since "crossing over". Let's just say after getting burned more than once we have learned it is better to guard your clients and projects as Top Secret compartmentalized projects for our company's eyes only - as circumstances permit.

I have been asked to sign NDA's by integrators several times and have declined most of them, as they were too broad or open ended. I have signed two, based on specific projects or special relationshipos where we are privy to vey sensitive securty issues and business practices. When I consider the NDA's I declined to sign, they appear to be based on a perception by the integrator that the reps they bring into opportunities, either because they need access to certain products, demo gear or knowledge, should not be trusted. This whole topic of trusting reps has been ongoing for a very long time, and has its roots in the early years ('60s and '70s) when the electronics market was just taking off and considered to be a "sellers" market. Reps at that time literaally controlled the access to their products, as demand far outstripped supply, which led to shady deals, undercutting, special relationships, etc. Thing have changed slighty since the good old days since the market switched over to a "buyers" profile.

To keep the discussion brief, today security projects are ever increasing in size, scope and complexity, and a rep firm that has established good practices regarding personalized and individualized service, persistent follow up, and yes, a code of ethics, is a valuable partner for an integrator to work with. There is some general bias to reps (in fact, John, I hear echos of it in some of your comments), but in reality, is the ratio of "bad" to "good" reps any worse than that of integrators? One of your previous comments was that you know of a rep with a bad reputation in your area, and I submit that bad reps are generally well identified, and avoided. At the same time, we have a list (very short, thank goodness) of integrators we will not deal with for much the same reasons.

On the praactical side, NDA's between reps and integrators are probably just wasted paper anyway. Tracing the source of an information breach, and taking legal action on it, is improbable at best. I feel an that establishing a relationship based on trust, and frank discussions between integrators and reps accomplishes more that a signed NDA.