A company's chosen go-to-market path has never been more crucial. With the world rightly focused on keeping people healthy amidst the Covid-19 pandemic, companies must be agile and able to adjust their go-to-market plans when necessary. Though we are all focused on helping our first responders and keeping our families safe, there is a subset of cybercriminals who are taking advantage of the pandemic by exploiting fear and concentrate their attacks using Covid-19 related messaging.
"You get a very short period of time to execute your intellectual property; you have to execute a go-to-market strategy equally as fast and equally as innovative." ~Dave Dewalt
Security go-to-market is not a one size fits all approach, but this is the path that many security companies take! Choosing the right go-to-market path is as critical to a company’s success as is their product. Silicon Valley is riddled with companies that had the best technology but failed ultimately due to poor go-to-market choices and execution. Optimizing your go-to-market activities is crucial under the best market conditions and even more so now, with the market changing so dramatically! Throughout this series of blog posts, I will talk about how to optimize your go-to-market planning and execution. The first part of that is finding the right path to the customer while being respectful of the time and pressures they are facing. Think of those companies whose product could do with improvements—some of them a lot of improvements. These are the guys who have nailed the go-to-market, some of them very successfully, and they are the pinups you should use to highlight how important it is to prioritize and plan your go-to-market strategy. I’ll cover examples of good and bad go-to-market strategies in a later post.
Buyers face a multitude of choices today. This overabundance of choice has a paralyzing effect and makes it difficult to make any choice. This overabundance of choice doesn’t just affect the security buyer; it dribbles into our everyday life, affecting decisions as simple as how we select jam! How many varieties of gourmet jam is too many for shoppers? In Sheena Iyengar's and Mark Lepper's 2000 study, they state the answer is 24. With 24 varieties of jam, shoppers were one-tenth as likely to buy as shoppers who saw a smaller display of only six varieties. Numerous studies have confirmed these results across not grocery store items but also items such as retirement investment options. Buyers seem to suffer from "choice paralysis" when faced with too many options. So how does this impact the security market, and what can you do about it?
Instead of a grocery store stocked with a multitude of jam choices, CISOs have the RSA conference aisles in San Francisco each year to browse through to find the top items on their security spending list. The problem is Security products do not fit nicely onto categorized shelves as jam does. In the early day, the RSA conference had security vendors measuring in the 10's with attendees estimated in the 100's. There were small numbers of vendors in a handful of categories such as firewalls and vulnerability scanning; the show barely took up half of a single side on the Moscone center floor. Fast forward to RSA 2020, which was attended by over 40,000 people and more than 700 vendors on the show floor. The show now takes up 100% of the entire Moscone center and still turns away vendors. Many vendors are skipping a show floor booth and setting up shop in neighboring hotels to meet with customers.
Richard Stiennon's recently published Security Yearbook 2020 shows over 2,336 security vendors in over 200 categories worldwide. Some categories have as little as 10-20 vendors in them, while others have 200-300, with the largest number of vendors falling into the Network category. Individual categories could also further be segmented, e.g., Networking could include Firewalls, Intrusion Protection Systems, Network Detection and Response, etc. Additionally, many of the vendors have solutions in multiple categories or single solutions that appear in numerous categories. In February of 2019, Car and Driver stated, "There's a world of choice in today's car market, what with more than 400 different models and many car types available". If you select the wrong car, you might suffer no more than a cup holder that doesn't hold your hydro flask. Pick the incorrect combination of security technologies, and you put your job, career, and company at risk. More choices are not always better. With all the noise, what is the best go-to-market approach for a security vendor to take?
Customers can learn about your company’s products through any number of methods, including digital campaigns, trade shows, and cold calling. The key is to determine the most effective path to market, and then maximize the value of that path. Security sales typically want to sell directly to the CISO, so how does a CISO sift through all the vendor speak to determine what their company's needs are and determine which vendors may meet that need? How does a CEO of a security company evaluate his team's go-to-market partners? The answer is much like any other decision; people typically turn to the ones they trust. CISO may turn to their peers at other companies, the opinions of specific market analysts, consultants, the MSSP they have experience with, or a reseller to find someone they trust. Given where the CISO is looking for answers, it is no surprise that one of the most common routes to market for security products is the use of indirect channels (resellers, MSSPs, System Integrators, etc.). The key is when to use indirect channels, how to use indirect channels, which indirect channels to use, and once a path is selected, how do you maximize your chance of success with the channel. The wrong choice can waste precious time and resources, allowing competitors to pull ahead of your company. And here’s another roadblock: Stakeholders (or as a lot of them are, wannabe stakeholders). Who are your internal team-members who need to be involved in your go-to-market strategy? You will need a strategy within a strategy to work with the more traditional stakeholders to ensure you have overall alignment.
Regardless of the indirect channel mix used, most companies will focus most of their channel resources on some type of reseller. With as many security companies as there are, there are a similar number of indirect partners available. Resellers can fall into many different camps: Value Added Reseller (VAR), Systems Integrators, Distributors. Within these types, some will have a local focus, national focus, and some even a global focus. They will vary in the number of security products and services they sell. Picking the right resellers to work with and assuring for their success is where Billy Beane's Moneyball principals come into play.
I’m sure you’ve seen the film, “Moneyball“, based on the real-life work of Billy Beane and Harvard-educated statistician Paul DePodesta. Moneyball covers their work around Sabermetrics, which is the analysis of baseball with a strong focus on statistics that measure in-game activity. Their work in Sabermetrics focused on building a team of undervalued players to stay within the team's budget. Their success enabled the 2002 Oakland A's to be competitive, with other baseball teams spending almost three times more in player salaries, resulting in the A's making it to the playoffs. The 2002 A’s were not a one-off. Liverpool FC, arguably the most successful English football team ever, won European soccer’s biggest prize for the sixth time in May 2019 using Sabermetrics. The principles of Sabermetrics can also contribute to the selection of reseller partners. The key is finding the equivalent "in-game activity" metrics to measure a partner.
Traditionally channel managers, much like baseball managers, will look at the obvious indicators of success, such as the number of employees, their yearly sales, and financial stability. Many of these are signs that a partner COULD be successful in selling your product. I would instead put forth that these traits are better indicators of the partner's stability and much less of an indicator of the partner's ability to successfully sell a new product to market. Instead of these apparent traits, for the next part in this blog series, I will propose we look to the reseller's mix of products and services as our "in-game" metrics to determine their value in helping take our product to market.
Let me know how you would apply these concepts to improve your go-to-market and maybe I will include them in a follow up piece.