If You Need to be ‘Disruptive’ to Sell your Security Product, Make a Better Product

You’ve all seen the ads; “Service X is disrupting the Y industry!“, or worse; “We’re using Artificial Intelligence to disrupt…”.

At this point I will look no further at what you have to offer, because if your product/service could stand on its merits, why would you to resort to using tired and almost entirely inaccurate marketing drivel? And are you really to solve my problems or just make money?

Yes, that was a rhetorical question.

The reason I am so dismissive of these claims is that the VAST majority of these vendors either have no idea what ‘disruptive innovation’ even means, or have realised that their product/service doesn’t actually meet the demands of the market. Unless they have created something new or fundamentally different (like the Internet, or blockchain for example), they are not being disruptive, they are competing. In most cases, the use of the phrase ‘disruptive’ is marketing-speak for “please don’t ask us how we stack up against the existing players.”

Saying you’re disruptive is like saying you have great sense of humour, it’s not for YOU to define, it’s for those around you.

For a start, ‘disruptive innovation‘ is; “innovation that creates a new market and value network and eventually disrupts an existing market and value network, displacing established market-leading firms, products, and alliances.

So in the payments space [for example], you are likely not disrupting the payments space itself, you are simply competing with the established players in the space. You are not creating anything new by facilitating payments, you are not creating new markets for payments, you are just trying to take out the middleman. In this case, the card brands/schemes.

You may argue that [again, for example] providing payment mechanisms to those previously excluded from these services (financial inclusion) is ‘disruptive’ because it “creates a new market and value network” but it doesn’t, it just expands existing infrastructure to those who could previously not plug in. It’s the mobile phones that are disruptive here, not the payment apps.

And then there’s the security space. The desperation to sell technology means marketers pull out all the stops. No buzz-phrase is too inappropriate, and no hype too outrageous. With an estimated worldwide information security spend of $124 BILLION for 2019, it’s really not surprising that security technology vendors are doing everything they can to get ‘their share’.

But here’s how this seems to work:

  1. Create something nice and shiney, but ultimately pointless;
  2. Hire or pay someone(s) known and ‘respected’ in the industry to endorse you;
  3. Market the crap out it;
  4. Create additional buzz by paying Gartner/Forrester a bunch of money;
  5. Get absorbed by large company with deep pockets;
  6. Watch product die;
  7. Repeat.

All it takes, it seems, is to get something into a ‘magic quadrant’ and you’re set. Now you’re a ‘must have’ technology regardless of the complete lack of suitability to organisations who need it most; those who don’t have either money to burn or in-house security expertise to run it. Which is > 90% of the organisations out there.

I can somewhat accept this nonsense in the payments industry, it’s in desperate need of a shake-up. But for those of us in the security industry this is utterly unconscionable. We’re supposed to be HELPING! We’re supposed to be the experts who make things better for our client’s businesses, not drain their budgets on useless toys.

This is NOT ‘just business’, this is corporate responsibility. This is the difference between ethical behaviour and outright greed. No, no one forced these companies to spend money, but most con artists don’t use force on their victims either.

In the end there is no security without technology, but only appropriate use of technology will make the difference between a business benefit and waste of money. While security vendors SHOULD know the difference and behave accordingly, the only way to guarantee a good buy is do your homework.

Crap analogy: You notice that your hot water is not as hot as it should be. Do you?:

  1. Run out and buy a new boiler; or
  2. Call a plumber

I’m not a plumber, and know very little about plumbing, but what I can do is:

  1. Do some homework on the issue at hand, it may just be a simple fix;
  2. If 1 fails, do additional homework on experts in my area and pick the three most likely candidates;
  3. Interview candidates, choose the one who seems most knowledgeable, and is prepared to come and have a look without charging me a fortune up front;
  4. Determine appropriateness of the expert’s recommendations with some additional homework;
  5. Hire an EXPERT to fix the issue.

Yes, it is that simple for security as well. If security wasn’t simple I would not be doing it. BUT, like any skill, it takes years of experience and effort to make it simple. The upside is that these experts are easy to spot, and all you have to do is ask the right questions.

[If you liked this article, please share! Want more like it, subscribe!]

If you think I'm wrong, please tell me why!

This site uses Akismet to reduce spam. Learn how your comment data is processed.