Beware of Data Security Vendors That Try to be All Things to All People

Don Miller

I have a question for those who attended the 2015 RSA data security conference in San Francisco.  Did you come away feeling a bit confused?  If so, you aren’t alone, as evidenced by comments made by two Gartner bloggers.

Rise of Chaos: “Fuzzy” Product Categories

One blogger named Anton Chuvakin, in a post entitled RSA 2015: Rise of Chaos!!, offered several “opinions/impressions/thoughts” about the conference, including this one:  “Surprise of the year: fuzzy product category boundaries – and getting much fuzzier still [more on this below].”  Mr. Chuvakin elaborated later in the post:

In the past at RSA, you easily noticed that there were “SIEM vendors”, “DLP vendors”, “TI providers”, “anti-virus vendors”, etc. There were also larger vendors that sold product of several categories. But at least there WERE categories. My experience at RSA 2015 show floor really ruined this world view!

Mr. Chuvakin went deeper and explored possible root causes for all the perceived fuzziness.  Below is a list of four possibilities offered by Mr. Chuvakin, and I’ve quoted him verbatim because his descriptive powers are amazing:

  • One explanation is that vendors “go broad” and try to take over some adjacent niches – sometimes at the cost of losing their excellence in the core market. So, is this innovation or confusion?
  • Or, maybe vendors decided that sporks and foons sell better than spoons and forks? But while sporks may solve a real problem (less weight to carry on a hike? less utensil types to stock?), most people use spoons and forks on a daily basis (spork is a mediocre spoon and a worse fork, IMHO).
  • Another reason maybe that there is a lot of VC money in infosec / cyber today and any type of a hybrid product have a right – and money!- to exist, however narrow its niche?
  • Or maybe vendors flee what some see as discredited categories, like SIEM and DLP, and make up funky new ones to appear new and innovative?

Well said, Mr. Chuvakin.  His comments remind me of several vendors in the secure/managed file transfer space.

The web page for one vendor which lists and describes its secure/managed file transfer solutions is about as long and confusing as a tax form.  The solution set for another vendor is a hodgepodge of software it has added over the years, not organically but rather through acquisition, and it’s difficult, if not impossible to determine which piece does what.  Several other vendors add to the fuzziness by creating new terms to describe basic file transfer processes because, as Mr. Chuvakin put it, they subscribe to the theory that “sporks and foons sell better than spoons and forks.”  If you ever find yourself succumbing to this approach, please remember the sage advice of Mr. Chuvakin:  Sporks may solve a real problem, but most people use spoons and forks on a daily basis.

Recommended read: More Evidence That a Managed File Transfer Solution Can Help Protect Data

The [Data] Security Market: Looking for Love in All the Wrong Places

Another Gartner blogger named Jack Santos, in a post entitled “The Security Market: Looking for love in all the wrong places,” offered this observation about the state of the data security market after the RSA conference:

The impression was that we have a market run amok – every vendor trying to do everything (jack of all trades master of none), lots of niche vendors; customers buying products that overlap, not knowing what they have that can do the job, and managing multiple products that don’t want to be managed – or at least don’t want to play nice with each other.

We see that happening in the secure/managed file transfer space.  Several vendors advertise wonderful secure/managed file transfer solutions, but only as a component or as an add-on to the core piece of their business.  For example, the core business of one such vendor revolves around data integration, but that vendor also offers a managed file transfer “option.”  Another similar type of vendor refers to its secure/managed file transfer solution as a “complementary” piece.  What does this mean?  To use the words of the Gartner blogger, these vendors are “trying to do everything (jack of all trades master of none).”

You Can’t Be All Things to All Customers

That’s the title of a piece written by Kevin Johnson, an entrepreneur and author.  In his piece, Johnson highlights a conversation he had with his VP of Marketing and Sales, who said:  “I think we sell too many things. I find that sales are suffering because we confuse prospects with so many options, and therefore people are less likely to buy.”  Johnson eventually came to the realization that his VP “was right. My company needed to change; we needed to focus on what we did best instead of trying to be all things to all people.”

I couldn’t agree more.  When looking for a secure/managed file transfer solution, you should focus on those vendors that focus on perfecting the secure/managed file transfer process.  Find those vendors whose core business revolves around secure/managed file transfer, not those “trying to do everything (jack of all trades master of none).”  Finally, look for those vendors who have delivered innovative secure/managed file transfer software solutions to a broad range of global customers over a number of years.

Recommended read: The Swiss Army Knife of Enterprise Data Security