Survival in the Security Space: Taking a Closer Look at the Ingredients for Longevity

Today I was thinking about one-hit wonders.

That one, amazing song that everyone is singing. It's on cereal boxes, commercials, T-shirts, and then suddenly, it's gone. Then you have the songs that can't die. Ones that pop up at your grade-school formals, follow you through life, becoming a song on a 'Best Of' compilation CD and morphing into your favorite karaoke song in the end.

I think of these things in relation to the security industry. I was trying to figure out just what it takes to go from being that one-hit security wonder, to a karaoke security favorite. Then again, you have those companies that may not have made it the first time around. Maybe they hovered on the edge of the billboard charts, or possibly they scored a hit, but were superseded by the new trend of the day. How does re-evaluating one's direction put them back on track to 'best of' status? Of course this is a lofty exploit, trying to figure out the magic potion of such things, so I turned to a cadre of trusted industry experts to give me their personal thoughts on longevity in the security space.

In times of economic woe, especially in our over-saturated high-tech market, how can one determine if a security company is solid? Despite the fact that they may have re-structured, laid off 20 percent of their workforce, and canceled seemingly good product lines? The stock market runs away from these companies, screaming. However, does it really spell failure? I asked Dan Blum of the Burton Group, how he defined a solid security company.

"A solid company has a good customer base, sustainable revenue stream, a product line with a future, and a strong management team. Many companies have suffered due to the extremes in the hi-tech boom and bust cycle. I would look at what is left of the company when the dust settles, more than the details of what happened with lay-offs."

Victor Wheatman of the Gartner Group sums it up this way: "Well, there's downsizing and there's downsizing. A large company, assuming its business model is sound, is more likely to survive than a smaller company that downsizes to a shell. We evaluate vendors in a number of ways, but some of the criteria includes: viability (investment, commitment, focus and competence), service/support (the ability of the vendor and associated IT partners to help users install and maintain the product throughout its lifecycle, both pre and post installation), features/functionality (a metric that defines what a product does or its key non-technology related characteristics), and technology (a metric that examines the nature and characteristics of the product's underlying technology. For instance, some technology doesn't port well to new platforms)."

In discussing this same theme with a company that has seen some economic disturbance, I talked with Dean Coclin, new business development manager at Baltimore Technologies, about their approach to staying afloat in a fickle and trend-based market.

"The answer lies in basic business principles, which Tom Peters gives an excellent recipe for in his 1982 book, In Search of Excellence. Baltimore realized it should 'stick to its knitting' and hence, we divested the Content group, which no longer fit in with our core businesses. Staying 'close to the customer' is another important ingredient which we are committed to. Listening to what your customers are telling you is an invaluable aid in product planning. Our new CEO, Bijan Khezri, made it clear that while everyone was responsible for the company, he also encouraged a measure of autonomy and entrepreneurship. Our employees are the best source for new ideas that grow the business. Having said this, we believe that keeping the business model 'simple and lean,' will allow us to react quicker to customer needs and maintain a lower cost structure," he explains.

I also wanted to examine perception, which appears to affect success in large measure. I'd like to think that the sheer size of a company doesn't mean a thing in a capitalist economy, but so much of consumer confidence is based on perception of success.

Wheatman responds, "You mean technology consumers? Perception gets you in the door. The vendor still has to meet the client's need at a good price and make sense. Wall Street doesn't mean a thing either. It seems some companies are willing to buy from upstarts if they seem to have a better idea, a better technology approach, and if they don't make (many) mistakes in execution. Buyers can be risk takers sometimes, help drive product development direction and essentially get the full, undivided attention of the vendor."

So I asked Blum what Burton does to educate clients about vendors, what the indicators were for a "good buy." Was it service related? Financial stability of the company? Flexibility of the installation to grow as needed?

He responded, "All of the above, as well as the architecture and strategy fit with the company's installed base, target directory/security architecture, and guiding principals."

Gartner's Wheatman adds, "Does the client like the vendor's personnel? The human relations factor (who do we like) is the sub rosa context of many buys. We have to like the people we're going to deal with, we have to trust them. My gut feel is, does the product fit the need and is the price good?"

And I asked Dean Coclin what he felt Baltimore's key to future success would be. He offered the following:

"Innovation and 'industry firsts' are key to success in this industry. Baltimore has a reputation for both. Being nimble is also important in this market. The IT managers need vendors that can respond quickly to bug reports, change requests and feature enhancements. Large vendors tend to put these in the queue for the next major release, but we believe we can respond quicker than that."

Which led me to ponder the notion of what it takes to be included on a 'Best Of' compilation, and Wheatman offered his thoughts, "Best in class still has to show up in class. Snake oil salesmen talk a good story, but the product may not work. White coats are like Field of Dreams. They figure if they build it (and it's good), they will come. But they aren't good at marketing, can't play the investor game, and are likely to fail. They may be the 'best,' but market share tends to fall to products that are almost good enough."

So, there doesn't seem to be a magic potion or secret to true industry longevity, but similar themes did pop up in talking to all involved. When asked to sum up a few determiners that have been repeated indicators of success and longevity, I was given the following:

Blum responds, "I think it's having a strong management team, plus sustainable revenue stream, etc. If the company has a weak management team, they will squander any competitive advantage they have. Whereas, if they have a strong management team, they can build out from their existing competitive advantage. I also think, to a great extent, the boom/bust tech cycle tests companies. The weaker ones will never recover. The stronger ones that survive, may come out even stronger, although the jury is still out on that one."

Wheatman states, "Luck. Guessing what the problem is going to be and fixing it. A clear message, that is concise and consistent. Too often companies fall in love with obfuscation, big words, and clouding what the hell it is that they actually do. Remember the company, TriStrata? Their approach was 'like' a one-time pad ... but it wasn't a one-time pad, and that ultimately caught them and they all but disappeared after an extremely visible start."

And our vendor, Coclin of Baltimore, adds: "Partnerships are critical to our particular business. We rely on the system integrators that specialize in security, as well as the tech companies like Microsoft, Cisco and Oracle. These play a major role in associated software. This has proven to be a good strategy as partners have both pushed and pulled our products. Innovative product development is also key. Looking ahead and envisioning new platforms. We released the first product to market that supports the new SAML standard (SelectAccess version 5.0), making it easier for companies to engage in disparate online business relationships, which we see as the future in our portion of the security industry."

And only time will tell whether or not the companies that are here today, will be here tomorrow, and whether or not you'll be humming their tune on the way to the market, or whether you'll be requesting them in your next rowdy bout of security karaoke.

Melisa LaBancz is a San Francisco area security journalist who has never sung karaoke, but thinks she is a good singer nonetheless.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.