Security Investment Perspective

Current Challenges

As the Managing Director investing in security, I find it disheartening that the economic recession of the last two years has dampened enthusiasm for security investment by corporate enterprises and government.  But as the economy has stabilized, and some beginnings of reinvestment have emerged, I see new opportunities arising; although not as many as in year’s past.

This presents a challenge to early stage companies who are bringing new products and services to market. Not only do the new offerings need to provide significant value over competitors, but also the offerings must be high in the constrained priorities of potential purchasing organizations. Recently Deloitte, the international consulting firm, reported on the biggest barriers in deploying IT security. They highlighted 1) insufficient funding, 2) increasing sophistication of threats, and 3) inadequate availability of security professionals.  Tied for fourth place were lack of visibility and lack of support from stakeholders.

Additionally, the complexion of security threats, IT as well as physical, continues to evolve. With digital content delivery come new opportunities for piracy and abuse.  Online games are vulnerable to security attacks since manipulating and cheating can easily occur. Online advertisers are being defrauded by click-farms: groups of people paid to click on ads. As a result, ad costs per click are artificially inflated.

And one of the newest catch phrases to threaten security is, “You’ve been friended!”  Social networking is continuing to rise and with it so do the opportunities for fraud and deception. In an IT system based on trust; the common question is: “Whom do you trust?” The answer:  “Your friends”.  With social network deployments, it’s a lot harder to know who your friends are and when you’re really connected to them.  Scammers, phishing, and transaction fraud are increasing with Facebook proliferation.

Despite these challenges, the security opportunity map is large and based on entrepreneurial deal flow; we still have plenty of high IQ risk takers working on security solutions.

But how does an entrepreneur enhance the probability of success?

Three Strategies for Startups

Let me suggest these ideas for early stage companies bringing new security products to market:

The Integrated approach beats point solution

Corporate champions and decision makers want multiple paths to realize return on investment. Too often, early stage companies focus on a single point of value rather than a broad impact to a potential user.

At the recent ASIS conference in Dallas, I was struck by how many silos exist in our approach to security.  The ASIS crowd was heavily weighted to guards, fences and scanning portals– big, beefy equipment that impressed with heavy weight packaging and imposing slogans.  Data analytics and situational awareness platforms were promoted by a few vendors, mostly as point solutions.  What was missing was a broad understanding of the need for integration of physical protection, human services, intelligence collection and information management platforms.

The recent terrorist threat involving package bombs shipped by parcel delivery provides an interesting lesson. The need for improved detection technology in transportation is widely understood.  People and packages moved in volume need to be assured safe.  In this case, the threat was identified through human intelligence (an informant) not scanner technology.  The ability to track packages and credentials of the shipper allowed rapid response before the threat potential was executed.  Integration of data across silos brings a holistic understanding and allows appropriate response.

Capitalize on being small, fast & flexible

Most startups feel under resourced and approach the market expecting their small size to be a liability.  A successful team can use the nimbleness that comes with being small to enhance market penetration.  The ability to launch, measure and iterate product features more quickly than larger competitors needs to be positioned as value for the client.

Corporate customers need rapid reaction to the changing nature of security threats.  The ability to predict user pain points, even before the user experiences the pain, add value to the corporate relationship.  Absent a crisis moment for the customer, educating the market on new pain points can take patience.  However, the reputation earned as a trusted partner will enhance the relationship in the long run.

Establish low-entry price; find addictive adoption

Today’s buyer has a low threshold for new technology affordability. Many successful startups use a SaaS based pricing approach. The characteristics of low entry price, opportunity for replication/expansion, and addictive incorporation into the infrastructure make it very attractive.  Setting price points with little or no upfront costs and billing by the seat/month are the starting point. However, the real key in my view is finding addictive adoption. Drive to make the usefulness of the application part of organizational best practices.  The daily information feed or dashboard viewing should be second nature to the client. Add to that the cost for removing & retraining and now you’ve built some real stickiness!

Startups pursuing the security market have an evolving opportunity pace. They must be nimble and skillful in building market presence.  Integrated, fast & flexible, low entry, but addictive adoption — 3 concepts for early stage companies to consider.