Thursday, November 02, 2006
Private Conversations: Why Industry Analysts are providing bad information to large enterprises...
Over the weekend, I will blog out my thoughts on attending the 451 Group conference and hope to share what I learned from FSISAC. It was a panel of security leaders and an executive level discussion of how insider risks can affect and organization's brand and ultimately its shareholder value. The discussion was more about the problem space and rarely did anyone even discuss products or vendors. This of course leads to my first suggestion for industry analysts is to start uncovering more in the way of common problems shared by large enterprises and stop telling me about vendors.
On the panel were Josh Levine, now of Kita Capital but formerly CIO of E*Trade, Scott Blake, CISO of Liberty Mutual and Bruce Bonsall, CISO of Mass Mutual. In attendance were also CIOs and Chief Security Architects from Peoples Bank, State Street, Fidelity and other top-shelf names.
Some of the questions discussed were:
- What users are most concerning to you (outsourcers, contractor, careless employees) and why?
- What resource are most at risk? What incident types are of most concern (e.g. exposure of confidential customer data, theft of core IP including financial results, downtime, sabotage or audit/compliance failures)?
- What are the ultimate characteristics of an ideal solution to this growing security problem?
The discussion was one of the absolute best that I have participated in a very long time. Sadly though, others that work for Fortune enterprises who weren't in attendance didn't have a method to participate out of band. It would have been great if we could have podcast the discussion.
Forums such as these are starting to grow in popularity and in many ways speak to the fact why conference attendance is in the toilet for most venues. Many folks would to participate not just simply attend. Participation requires dialog while attendance simply requires showing up and listening to the monotone pitch from a vendor.
Maybe, industry analysts need to figure out how to enable more conversations amongst ourselves vs simply relying on moderation and the notion of a point-to-point briefing. Folks are starting to find more value in dialog than in just simply receiving information in the form of a white paper that they can't share with others due to licensing restrictions.
Maybe, industry analysts need to start attending these types of forums or even sponsor them. It would increase the quality of their research ten fold. I am asking myself, why would I want to spend time at work briefing a single industry analyst when for the same effort I could brief one hundred of my peers?
Analysts nowadays are simply being left out of many discussions. Have you checked out Information Management Forum or the Technology Forum? You may have noticed that many organizations are banning industry analysts from even attending
Anyway, at this event there was one vendor in attendance: Securify whom I didn't have much familiarity with prior to the event nor even was put through the pain of listening to a thinly veiled chock-a-block eye candy powerpoint lacking any substance. Their CEO, Buck French whom I chatted with inspired me at a personal level to simply talk, not about their solution but to just simply talk. He was human which is something that most CEOs of software companies don't quite understand. Humans talk to each other while machines run whatever program they are told to run.
I am curious as to why other software vendors (especially those in the security space) aren't all over replicating this model? For the ones that read my blog, going forward I hope that they will be pretty quickly. It is worth vendors time and even us enterprisey folk to not just attend events but to also participate and I would recommend any of my industry peers to attend the next set of forums put on by this organization...
Links to this post: