AGC Conference Panel: "Managing the Ultimate Security Perimeter: Identity & Access Management"

I just had the honor of being invited back to moderate a panel at the Americas Growth Capital (AGC) Conference, held this past Monday in San Francisco. 


It was entitled "Managing the Ultimate Security Perimeter: Identity & Access Management" and featured speakers from across the world of Identity management: Identity Governance and Administration, Privileged Identity Management, Access Management and SSO, and Monitoring and User-Based Analytics.


The reason for posting about that here was to highlight that the belief of the panelists summarized to the fact that customers are now buying best-in-class solutions from each Identity segment and starting to combine them into a comprehensive system that answers the key questions about those who have access to corporate and governmental systems:

• Who has access to what?
• What should have access to what?
• What are they doing with that access?
• Is it typical?

Best practice means collecting and auditing accounts and entitlements across the enterprise – on-premises and cloud-based applications and file repositories - into a single view of each Identity with its currently assigned access rights; defining the business models that capture and manage the lifecycle of each Identity and entitlement; then monitoring and recording activity as those accounts and entitlements are used to access application data – highlighting suspicious or high risk behaviors, abnormal privileged user access, unusual insider activity, potentially hijacked credentials – all to detect and prevent insider threats, targeted attacks and fraud.


Why this in a blog about Business Development?  Because these systems come together for the customer as a result of strategic BD, and the companies that win are likely to have mastered the concepts of 3DBD - and built win-win relationships with those around them - be they centered on go-to-market or technology.


I plan to watch how this plays out in the next 12-18 months as these vendors replace the large Enterprise Software whose offerings are looking somewhat tired to many customers I talk with.


Watch this space - and I am glad to be back in this space after focusing on the success of one particular company over the past 4 years!


As aye


Michael

Managing the Ultimate Security Perimeter: Identity & Access Management

Selecting partners

One challenge faced by Business Development professionals and executive management is deciding which partners are the best to approach at a given time in the company's life.

Clearly, one can play roulette by betting on every number and, while it feels good to have so many small wins, as roulette players know the pile of chips gradually gets smaller. Further, the opportunity cost is huge and approaching the right vendor at the wrong time can be damaging to a future opportunity. So, we need techniques to target better.

Now, there are some 1D approaches to this that can work, such as: which partners might optimize near-term revenue; which are the most likely companies to acquire; which are the most interested in forming alliances with us? While those can certainly bear fruit, and I am never one to scoff at revenue, these approaches are, in my experience, less likely to lead to the desired strategic outcome.

More interesting ways to find strategic partners are available, and use 3D techniques:

• Try building a heat map with tactical and strategic X/Y axes, showing your company at the center. Plot potential partners on the tactical (revenue, near-term outcome) and strategic (ability to drive significant revenue, potential acquisition, etc).


• Plot more interesting vendors closer to the center


• Plot vendors that offer indirect paths to strategic outcomes as themselves strategic

It is also worth looking at your competitors and exploring what strategic alliances they might form, or grow substantially, that could damage your chances of success - those could be some of your top targets!

Repeat this at least quarterly for maximum effectiveness.

This is an art, not a science, but this approach should help maximize the outcome.

Until next time.

Michael

Up front investments

One area where negotiators spend a great deal of time in discussion software contracts is sizing the up-front investment, or commitment, each company is making to an alliance. Often, this is shrouded or overtly captured in subjects like: Pre-payment, up front payment, initial royalty, Non-Recurring Engineering (NRE) charges, and so forth. But, in general, each is a measure of what one company expects the other to "commit" to the relationship in exchange for a special license, commitment to resources, preferred market position, time to market, corporate focus or other less quantifiable "stuff".

As an example, a company may be seeking a preferred (e.g. source code) license and associated set of (e.g. engineering, marketing) services from a software supplier in order to achieve market advantage. In exchange, the supplier must commit resource and an implied single-mindedness to the relationship due to its magnitude or complexity.

For some negotiators, it is hard to get past the size of the financial commitment requested by the supplier (in my example) in exchange for the required license and resource commitments. How do I justify charging "millions" to my potential strategic partner? I find it useful to break down the kinds of value that a supplier is offering in order to come to agreement on the figure.

There are several items that might be embedded in that up front $ figure. Often, the figure was originally based on a need to supplement company revenue (caution!), but the supplier probably doesn't want to share that with its intended partner;-) So, it is helpful to justify the amount on a business level.
I find it useful to consider the following list of components that may be included in that figure. First, value the concrete items such as:

• NRE - Committed engineering labor at fully-burdened cost
• "Buying down" the royalty % from standard rates
• Specilaized ongoing support and maintenance

And, less quantifiable things like:

• Scale (the partner's needs necessarily require you to limit efforts elsewhere)
• Special (e.g. Source code) licenses
• Extended term of a license
• Market exclusivity for a period of time (a scary topic, but this can actually be valued!)
• Cross-licensing of collaborative efforts

To achieve the optimum outcome, the supplier's negotiator should use their skills to break apart the desired financial commitment into one or more of these, and demonstrate to their intended partner the value being delivered for the required commitment. It should help!

More on this over time. Enjoy the spring - the trees and flowers are blooming in Texas!

Peace,

Michael

Cloudy in RSA

Well, for those of us who have been in San Francisco and anywhere near the Moscone Center for the past few days, both the weather and the messaging has been decidedly "cloudy". The weather was typical for February.

The amount of messaging tied to "the cloud" was pretty amazing. I have to say that the level of marketing pile-on I saw relative to messaging for the cloud was a little over the top. From panel sessions to banners and billboards, Cloud was pervasive. At one level, it is exciting that so many vendors see the value in delivering messages, and hopefully product, in support of cloud deployments.

However, digging a little deeper, I and others I talked with during the week have real concern that this feels like another High Tech Marketing Frenzy, not dissimilar to "Virtualization", "The Internet" and "Eyeballs" that we've seen over the course of the past 15 years. In each case, the frenzy dramatically outweighed the eventual value to customers, resulting in more than a few missed expectations for vendors, investors and customers buying into the hype. This is reinforced by customers I've talked with recently that say they need help offsetting the hype with their business users, and that the industry is doing them little favors with self-serving hype.

So, let's be careful out there folks. We all know a bandwagon when we see one, but let's not jump so high that we miss the real opportunity to deliver value to customers. Hype doesn't create value!

It was great to see everyone (and I do mean everyone!) this week.

Until aye

Michael

RSA Monday

Well, despite this being a St Valentine's Day away from home, and a damp day in San Francisco, Monday was as I had hoped.

Maria and the America's Growth Capital team once again put on a fine conference for CEOs, SVPs and interested financial organizations at the Westin SF. As for the past few years this was a very long day, but a day filled with interesting topics, old friends and colleagues, and stimulating conversation. AGC manages to bring together so many people involved in the security marketplace. Most people I saw spent the entire day discussing new opportunities, meeting old friends and finding ways to change the game.

In addition, my colleague John Soper and I met with local San Francisco lawyer David Tollen. David provides outside legal services to local tech and other firms, and also offers training to help contract and legal teams in medium-sized tech firms to help them improve their skills and comprehension. We discussed the potential to collaborate on delivering services to Business Development and legal/contract teams in those firms to help them improve communication between contract teams and BD, and to improve their overall effectiveness in completing the alliance deals they need to maintain their competitiveness in the market, and to build long-standing alliances.

Specifically, we would aim to improve the BD team's comprehension of the business issues implicit in typical alliance contracts, and their ability to communicate using structured term sheets. Likewise, to help the contract team understand the business imperatives and gain trust in the BD team's representation of the issues, to improve the overall outcome and so that otherwise legal "hard stops" can be explored more fully in the negotiation process. I am interested in whether my readers see value in this. John may bring this to the local ASAP chapter for discussion if there is interest.

Particularly exciting to me was the unexpected opportunity to spend time with an old friend from 20 years ago who has some great strategic business development opportunities. Without this conference, we'd never have talked. Because of the conference, we may both have new opportunities. Such is the magic of this week in San Francisco!

Tomorrow is the first full day of the RSA Conference - for me, a day filled with meetings and my chance to visit the show floor. I'll plan to provide a synopsis of what I see as major trends.

Until then...

Michael

From the RSA Conference

The RSA Conference has, for me at least, become the leading Business Development event in the security industry. Combined with the America's Growth Capital conference, it makes getting together with old friends, colleagues and potential business partners easy, fun and rewarding.

So much of what BD folks do in this business is based on building trusting relationships - with partners, and most importantly between people - between colleagues - between friends. This conference enables those relationships to flourish, renew, and create new opportunities. Many former business partners and friends are working at their third or fourth company since we first did business together, and we enjoy catching up and looking for opportunities to collaborate. That's what makes this industry exciting and keeps us coming back - after soooo many years.

I'll add commentary on any interesting events as they unfold.

Good night from San Francisco!

Turning over "Rocks"?

First, I would like to extend my apologies for taking so long to post again! With music performances, Kerrville Folk Festivals and client work, it has been a busy year!

Following my earlier posting on JVP's and Extracting Value, I thought it would be interesting to discuss an example where finding strategic Joint Value unlocked an alliance discussion and led to a unique opportunity for both sides.

In this case, the two companies were participants in the adjacent segments of enterprise security. One large company - call them BigSecure - with a mature customer base and an ageing product in this market, and the other, a smaller company - NewTech - offering complementary technology. During some relatively tactical go-to-market discussions, NewTech realized that its own product direction would eventually compete directly with the mature product from BigSecure.

An interesting dilemma. Should NewTech (i) continue down the go-to-market path, which promised some exciting revenue opportunities, albeit tactical, ignoring the eventual, likely inevitable, collision that risked alienating BigSecure when its new product came to market, (ii) drive the go-to-market discussions off the road and avoid wasting any more time, or (iii) try to figure out how to engage BigSecure in a discussion about the potential collision.

NewTech knew that BigSecure's adjacent product was old, but there was still considerable momentum in the field and a huge installed base to be reckoned with. More importantly, NewTech could turn this approach to its advantage, by finding ways to integrate its technology with BigSecure, and realize even more upside (than a tactical GTM). Finally, there was the threat that NewTech's competitors would get to the table first, eliminating the opportunity. But, NewTech also risked the loss of competitive IP and marketing plans to BigSecure if they opened discussion too far.

What to do? What to do? Tactical gains vs. longer term strategic gains vs. a complete blowout!

The answer is often found in how you negotiate, rather than an "either-or." NewTech decided to negotiate down path (iii). But before showing its cards, it spent considerable effort in a short time negotiating away from the table exploring ways to move forward. NewTech began by carefully assessing BigSecure's options and possible moves, before making a more of their own, introducing a 3D approach into the strategy. With more information about BigSecure's challenges, and its plans with other partners to improve customer satisfaction with the ageing product, NewTech decided it would be able to gain advantage and decided to disclose its own new product plans.

This resulted in (i) identifying competitors who were vying to partner with BigSecure in addressing the problem; and (ii) unlocking new Value Creation opportunities to work with BigSecure by delivering its innovative capabilities into BigSecure’s installed base and new initiatives, both huge strategic advantages.

Lesson learned: It wasn't foreordained to turn out this way. “Turning over rocks” at BigSecure yielded significant rewards. But it was certainly true that the partnership would remain only a tactical GTM alliance if they did nothing. So the key was to explore strategic options in a 3D negotiation paradigm. Then decide a way forward.

Think 3D - it really can make a difference in the outcome and help identify and unlock Value in a relationship...

As aye.

Michael
PS Thanks to my friend John Soper for his invaluable editing!