Do Security Vendors Have Solutions Looking for Problems?

Recently I had a conversation with a CSO who discussed the disconnect between a technology vendor’s (manufacturer) product roadmap and his organization’s needs. “I go to these conferences and it seems they are creating solutions without any understanding of how we are organized, our organizational measures of performance, or our challenges with risk and resilience,” he said. “They create solutions that are looking for a problem to solve!”

This is not unusual. What is often misunderstood is the ecosystem in and around technology vendors and what is supposed to occur in those transactions of value.

Most technology vendors hope to penetrate the risk, resilience and security markets through the “channel:” consultants, value-added resellers (VARs) and system integrators. Their business model depends on three things:

  1. Convincing the channel that their product’s features and functions are compelling.

  2. Convincing the channel that the investment in training and certification is worth the return.

  3. Getting the channel to promote the product in their selling efforts.

Note there are gaping holes in these three areas:

  1. There are usually no verifiable studies on the organizational or security risks that are mitigated by the solution.

  2. There are no consultative approaches (not sales approaches) that are provided.

  3. There is no feedback loop built into the client process of consultants, VARS, integrators and technology vendors and how they transact their business.

As we move into a new era of security leadership, business and security risks must be documented and studied. People, process and technology can be measured. Qualitative and quantitative data is collected and can form the foundation of a value argument to the organization.

This can be a big adjustment to the ecosystem of consultants, VARs, integrators and technology vendors and how they transact their business.

Read the full article here.