I still too frequently observe that organizations are too quick when it comes to technology decisions. In many organizations, there is first a decision that a "provisioning", "web application firewall", "single sign-on", or even "identity management" is needed. Then some people google for these terms, find some vendors and decide about the solution. That fits to requests like "We'd like to have identity management running by the end of the year - could you support us?"

On the other hand I frequently observe that many customers aren't aware of important technologies like Access Governance or Virtual Directory Services, to name just two of them. But if you don't know what's out there - how could you be sure that the solution you've chosen really is the best one?

Successful projects require as well a good understanding of which types of technologies are out there and which are best suited to support in solving specific problems (technology doesn't solve the problems, but it can support in doing that). That, on the other hand, requires not only to understand the real problems (challenges, issues, threats,...) which have to be solved but as well understanding how to do that. That will lead to specific requirements and a knowledge about the mandatory requirements and priorities. It will also help to understand which of different overlapping technologies (or which part of them) is the best one to start with. Once you have done all this, defined some book of rules, processes, and so on, you can start with choosing the product within a specific category.

And yes, correct: That takes a little longer than just choosing the product. But it will lead to decision based on facts and not on uncertainty.