Blog Archives

Chasing ambulances, winning trust and people in glass houses

So after a day of major email outage for Google mail users (i.e. that were Postini originally), things have finally settled down. Like many others working in the email security space, this provided mild bemusement – although not enough to start embellishing the potential ramifications (or pointing out how wonderful our SLA is). Unsurprisingly, other vendors have found it difficult to contain themselves – with one blog entry trumpeting the 100% uptime SLA.

Now vendors making “interesting” claims and SLA guarantees is nothing new – MessageLabs offered a 100% SLA against known and unknown viruses years ago. However, using this tactic to seduce customers – especially ones who are suffering at the hands of their current provider – is arguably immature and also prone to disaster. In fact, any sizeable organisation with half clued-up IT professionals/CIO will pull apart such claims – or at least insist on some stringent additions to the “teeth” said vendors claim they have in their SLA. For instance, how can you truly offer and guarantee 100% when you do not own the premises, the fibre, and simply lease space in the data centre? Crazy!!

Irrespective, back to the point of this – namely ambulance chasing or winning trust. Instead of jumping on the bandwagon and selling on the pain that has been caused by the outage, why not try a different approach? An approach that talks about the higher-level, strategic challenges that will (or have) manifest once a technology company has been acquired; whereby the acquirer sweats the asset, then strips the asset, and then slowly allows the old service/product to degrade – whilst offering inducement to come aboard the new one. This is of course not unusual, and you can look at the email market to see examples of large acquisitions over recent years to see this pattern repeated. For example; Symantec acquired MessageLabs for circa $700m, the founders (quite rightly) cashed in on their 10+ years of hard work, the talent slowly drifted away from the corporate beast that was night and day from the exciting startup they joined, and the service receives little or no significant investment.

This is no criticism of Symantec – nor anyone else. It’s a commercial reality. You don’t spend that kind of money on a business and then throw in the same again just for fun! Anecdotally, I often hear of a once great business or technology that has become a pile of rubbish after the big IT giant opened its war chest and offered the VC and founders the right price. Because of this, perhaps the trick is to have a rational and sensible conversation with a CIO, hopefully well ahead of the winding down of the original product or service – and certainly before a major outage. Have those “succession planning” conversations, but above all discuss the merits of the alternative you are proposing. Kind of basic sales stuff really.

So back to my ambulance chasing peers who are enjoying this current malaise – please remember that every VC has an exit, every founder a price, and above all, people who live in glass houses……

Consumerisation and Cloud – Information Security’s perfect storm?

Put a load of IT professionals in a room, ask what their definition of Consumerisation is, grab your popcorn, then sit back and enjoy the debate.  After all, if a bunch of IT experts can’t agree between themselves – how can CIO’s and businesses begin to wrestle the problem? I’ll stick my hat in the ring here and state that (IMHO) consumerisation isn’t simply bring your own device/computer (BYOD/BYOC), but also encompasses (generally online) services and arguably software.

Next, ask them what their definition of cloud is – more popcorn.  Those of us who’ve been around a little while will remember an acronym – namely ASP (Application Service Provider), which was perhaps the predecessor of cloud.  But wait a second – was ASP actually what we now know as SaaS?  Or is SaaS a subset of cloud? Wikipedia, NIST, and other sites seem to agree on a broad definition; that cloud computing is a method of accessing computing resources (systems, storage, applications) on demand – generally via the internet.  But this also has highlighted the need for a completely different approach and thinking – especially when considering Information Management & Security.

Certain bodies have been promoting this alternative thinking for some time – most notably the Jericho Forum.  The risk however, is that many organisations may well jump headlong into cloud – seeing it as the current panacea for their IT challenges.  There is an additional danger that organisations and their IT professionals build infrastructure and access methodologies that are an extension of the current approaches – i.e. generally an “outside-in” approach.  By this, I mean the traditional method of approaching the problem from a perspective of “keeping the bad guys out”

Perhaps a better starting point is to assume that you can/will be compromised so in effect your business information is potentially open to all. Start at the data and begin to think about what information is unimportant, important, confidential, and “secret sauce”.  then work outwards – i.e. who needs to access it.  Focus your time and money on securing the information that really needs securing – keeping in mind that users could use any device and be anywhere.

One of the biggest barriers to leveraging cloud services is due to concerns around security.  To address this, many vendors are offering services that incorporate strong encryption of data – meaning you can leverage economies of scale, yet know that your business information is meaningless to anyone that doesn’t hold the keys.  This might be a step too far for an initial foray – and the “secret sauce” may never see cloud –  although some organisations are readily using cloud computing having identified the information they need to protect and the information and applications they are less concerned about.  One notable example of this is AutoTrader, with a very clear cloud strategy led by Tim Jones.  You can see one of Tim’s presentations here

One thing is certain; the rising tide of tablet sales – together with more and more cloud services – mean that organisations need  to adapt and change.  Of course you could try and resist this advance, but then a guy called King Canute thought he could push back the sea…..