November 6, 2007 - #35

Mike's Pep Talk:

"The Borg: Strength is irrelevant. Resistance is futile. We wish to improve ourselves. We will add your biological and technological distinctiveness to our own. Your culture will adapt to service ours." 

- Star Trek, The Next Generation

Lots of vendors fancy themselves to the eponymous Borg from Star Trek TNG. It resulted in one of my first "Incites" back in February 2006 called "Big is the New Small." Some folks disagreed with the inevitability that most customers, all other things being equal, will choose to buy from a big technology vendor, as opposed to a start-up. If history equals the last two years, then I'm being proven right - almost every day. Yes, I'm referring to Symantec flexing their checkbook to buy Vontu, which I covered on the Security Incite blog.

So what? Besides taking an uncharacteristic minute to gloat, why do you care about all these acquisitions? Unless you hold stock in the start-up, of course. Basically Pragmatic CSOs look to solve their problems, not buy from a big company or a small company. Company size doesn't matter, ability to solve the problem and support the solution is paramount.

That means in a lot of cases you'll be buying from innovative start-ups that are focused on solving fairly specific problems. Those start-ups will eventually be bought or go out of business. That means you need to add a "nimble" gene to your procurement repertoire. It's not enough to buy for the best price the solution that meets your needs from a vendor that can support it. You need to have Plan B and sometimes even Plan C, to ensure you will still be able to operate when your vendor gets bought.

To be clear, acquisitions are not always bad for the customers of the start-up. Just most of the time. So you need to have your contingency plans set up to ensure that you can still operate (dare I say "survive") and keep focused on the other 4 Reasons to Secure.

So let's say, for example, you are one of the couple hundred companies that have built your data leakage strategy around Vontu. Since they are now part of the Yellow Borg (or will be sometime before the end of the year), what do you do? Just wait and hope that the deal works out? You know I don't think hope is a strategy, so we are going to take the bull buy the horns and make sure we are driving the relationship - not the other way around.

1. Wait for the deal to close - Until the deal closes, there is nothing really to talk about. Lots of SYMC people and Vontu people will be sitting in meetings, talking about integration and the like. But until the papers are formalized, nothing is going to happen.
   
2. Ask for a sit-down with your Vontu rep - If they are still there after the close, then you'll want to have a sit down with your Vontu account team. Remember, you spent an average of over $400,000 for the software, so you deserve to hear what the integration plans are, if/how the product strategy is changing, and what benefits you will see from the deal.
   
3. Sit down with your SYMC rep -  Just in case they forget to show up at the last meeting, you should also meet separately with the Big Yellow rep. He/she needs to be able to explain to you how your Vontu purchase and continued support (read maintenance renewal) will impact your current volume deals. $400,000 is a lot of AV renewals, so you should have a bit of leverage. Every market in security is competitive, so use that leverage to save some coin.
   
4. Invite Competitors B and C back in - Since you want to make sure you continue to have Plan B and C, re-establish the dialog with the DLP vendors that didn't win the deal the first time around. They know why they are there, and make it clear that no decision is forever and if SYMC bungles the integration, you'll be in the market for another solution. Learn what kind of pricing concessions are on the table and also how the migration process would work.
   
5. Hope a bit - Hope isn't a strategy, but it can't hurt - can it? So pull for the integration to go well and your previously small vendor to have lots more resources to support you better and bring new capabilities to market. There are clear advantages to having a big bankroll, maybe they'll take advantage of them.

But don't sit around and wait for things to go South. There is no honor in that. Yes, resistance is futile, but that doesn't mean that you don't fight the good fight every day.

In this week's issue:

• This week's P-CSO Tip: Remembering the Golden Rule

This week's P-CSO Tip

Remembering the Golden Rule

The converse of your start-up being acquired is if/how a Pragmatic CSO should work with small companies. Since the dogma of the P-CSO is all about solving the problem, there is a likelihood that the only companies capable will be small. Is there risk in working with a small company? Sure. But if you set the right tone and build the right relationships with your account team - you can get a lot better support from a small company. 

That's right. Even if you spend $400,000 with Symantec, you may not be a big deal for them. They close quite a few million dollar deals every quarter. But a $200,000 deal (just making that number up) for a start-up is a big deal. You will get access to the folks that build the software and also the CEO if/when you need it. If you work for a small company, then you don't have any leverage in either case, so you are probably better off with the big company, if only because they'll be around.

So like you need to build a good rapport and relationship with your colleagues on the senior team, you also need to have good relations with your key vendors. That means you treat them as you would want to be treated: fairly and with respect. That doesn't mean you take crap, accept fabrications relative to delivery timetables or functionality, or let them off the hook if something doesn't work.

But beating them down, just to show you are boss is the wrong thing to do as well. Remember, this is a small industry and the folks that you may screw over today will show up, at the most inopportune time. I guess the Golden Rule still holds.

Buy It Now!

Ready to buy the Pragmatic CSO right now? Good, I'm sure you'll find the process of value to your organization. But if not, then remember you've got 30 days to tell me it sucks and ask for your money back. Click on the links below and go right to the shopping cart. A journey of 1000 miles begins with one step, take that step today. 

 

---