Steve Crowley, CIO at Covetrus

In our recent Sage Spotlight, Steve Crowley, CIO for the Global Technology Solutions business at Covetrus, delves into the challenges and strategies of identifying and integrating third-party technology solutions. Steve discusses their method of bypassing vendor "propaganda" to focus on direct use-case solutions and how Sagetap has revolutionized their vendor discovery and due diligence process.

Key Takeaways

• Steve's Approach to Vendor Discovery: Covetrus emphasizes identifying specific use cases and then seeking out solutions that address these cases directly, avoiding unsolicited vendor outreach and focusing on due diligence.
• Transition to Effective Discovery: Previously reliant on extensive internet searches for solution discovery, Sagetap now facilitates a more targeted and efficient approach, allowing them to engage with vendors of interest without feeling pressured.
• Cutting Through Cybersecurity Noise: The vast number of cybersecurity companies creates a challenging environment for identifying valuable solutions. Sagetap aids Covetrus in navigating this landscape by focusing on point solutions that align with their needs.
• Notable Vendor Discoveries: Steve highlights two impressive vendors identified through Sagetap: Oort, for its robust defense of data lakes, and Prelude, which optimizes investments in cybersecurity tools like Crowdstrike by verifying their effectiveness.
• Validation and Optimization: Prelude stands out for its ability to cut through the "noise" and validate the effectiveness of deployed security solutions, offering a much-needed assurance of security measures’ effectiveness.

Full Transcript

 Steve Crowley: I'm the CIO for the Global Technology Solutions business within Covetrus. We're in the animal health space. We're a highly technology-enabled business.

Sahil Khanna: How do you go about finding third-party technologies/vendors to look into?

Steve: Yeah, we tend to ignore the propaganda that comes out of vendors themselves, either through trade shows or direct reach-out.

I delete so many emails a day from companies that just want five minutes. We're not interested in that. We're interested in identifying our use case and then finding a solution to satisfy that use case.

When we do this, we think about due diligence. The first would be what discovery can we do on our own. Up to, let's say, six months ago, discovery on our own meant we would go out to the internet and we would try to figure out who had what information. So the school of hard knocks, if you wanna call it that.

What has turbocharged that approach in a more targeted, effective way is to engage Sagetap, where we're able to control the dialogue in that we engage with companies that I'm interested in for specific problems that we have, and it's all about learning.

I never have felt pressured to go the distance with company X or Y. It's about learning, either about the sector or about what they have to offer. The cyberspace is rife with all kinds of companies. And there's so much noise and so much confusion that great ideas are lost, and this is where our due diligence would fail because you can't pick it all up. There's something like 5,000 cyber companies.

And so what Sagetap has allowed us to do is to take a hard look at point solutions that we can then compare against our use cases. And if we find a match, then I listen. And if what I'm hearing makes sense, then we widen that exposure to the company.

So very targeted, much more effective way to get to closure for a specific use case.

Sahil: So you've taken a significant number of meetings, explored different vendors via Sagetap. Do any come to mind that you think were particularly exciting?

Steve: Yeah, there's a bunch, but I'll say that two that I would point to would be as follows: 

Oort, which really focuses on locking down your Snowflake data lakes, really impressive solution in spite of how good your periphery or your perimeter is protected.

If somebody does get through, then what's your second layer of defense? And I believe this is key in that space because you can't protect everything. And so you have to think about it as layer of defense number one, what happens if they get past? How do you impede them from getting deeper into your ecosystem?

And that comes through a layered defense approach. And that's what I think Oort offers specifically an area where you could be vulnerable. The sleepy part of, let's say, your environment where your data is sitting. And then it's too late. So really impressed with that solution.

Also, I spoke just last night with a company called Prelude. Very interesting company in that they help optimize investments in CrowdStrike or Palo or whomever, because we often live in a sense of false security. We deployed CrowdStrike. We hope it's working. We think it's working. But the question is, is it?

And Prelude has a way of cutting through the noise to get to that answer. Real impressive.