Ever see a product and think “wow, that is a great idea.” You buy it, set it up, and then realize that the product cannot work without other products, processes, or people.
You bought a froduct, a product that is really a feature or collection of features. Froducts are everywhere, but they are particularly pervasive in cloud and security market. Free flowing funds has fostered fertile field for founders flaunting froducts.
What is a Froduct?
For something to be a froduct, it must meet two criteria:
- Limited Use. Security and cloud froducts target specific needs, such as compliance, data replication, or incident response.
- Dependencies. Froducts depend on other technologies, systems, or people to work properly.
Froducts are not necessarily a bad thing. In fact, many innovative technologies begin their life as a foduct.
One example of a successful froduct was Portshift. This Israeli company made a Kubernetes security product. Their product, like many container security products, was really a collection of existing Kubernetes and cloud capabilities. You could do almost everything Portshift did with existing open source tools. You also had to have a containerized application environment — limited uses, critical dependencies.
Portshift brought these features together into a product, racked up some wins, and got acquired. Investors put in $5 million and Cisco paid approximately $100 million for the company (the actual amounts remain undisclosed.) That is a 20x return on capital. A fabulous froduct finish.
While froducts are great for founders and investors (when they work), they are not always so good for customers. Froducts can create as many issues as they solve. Yes, you have security mesh on your containers, but who is going to define, manage, and monitor that? Container security mesh, like many other security froducts, is a great idea that is difficult to implement successfully. Froducts often make lofty promises of efficiency, security, and reliability, that are difficult to fully realize.
So where do all these froducts go?
Cloud Eat Froduct
In my recent analysis article, Cloud Eats Security, I described how the Cloud Service Providers (CSPs) such as AWS or Azure, are gobbling up security capabilities.
For example, consider Web Application Firewalls (WAF). A decade ago, WAF was a thriving market, with multiple big players like Imperva and F5. Now, WAF is a few clicks on your AWS, Azure, or Cloudflare console. There is really no reason to buy a WAF anymore.
Cloud providers are slowly gobbling up froducts. Bundling them up into their offerings and making them easier to implement. While their versions of these technologies may not be as good as the stand-alone ones, it does not matter. They are good enough. Like it or not, that is all most buyers want.
Go to Froduct Market
For every froduct that clocks in a 20x return, there are hundreds that merely burn investor cash. The core problem with these places is they have their go-to-market efforts completely wrong.
Security and cloud froduct companies keep struggling to solve security or cloud problems. They put out endless marketing fluff about hacking, peace of mind, and attack surface areas but fail to address the real question that buyers want to know: what business problem do you solve?
Security problems are small, nuanced, esoteric pixies that require lengthy explanation, education, and endurance to comprehend. In contrast business problems are lumbering leviathans that even the most clueless investor can understand. For example…
Business problem: we need money.
Security problem: we need to restrict access to specific users, with approved session tokens.
A security froduct might be innovative and effective, but if it creates any kind of impediment to revenue, then who cares. Startups with froducts need to look way beyond the cool thing they do and think about what those cloud service providers are doing.
Froduct Packaging
The reason AWS can get away with a subpar WAF is because the totality of AWS is more valuable than the individual components. AWS’s value is not in their security or compute capabilities, it is in the platform.
Or another way to say this, AWS does not solve compute problems (or security ones for that matter), they solve business problems with computing products.
Startups can use this same technique to make their languishing froduct more useful and valuable.
For example, which one of these product pitches do you think work better on a C-level executive with limited budget?
Our cloud deployed IAM product integrates with your on-premise Active Directory to synchronize user identities across cloud environments. It can reduce unauthorized access and protect data.
Our product keeps your people working earning revenue.
Do not sell the froduct, sell the better future the froduct (on some big platform) delivers. Froducts, packaged together, to solve large scale problems are irresistible to leaders who want to contain costs. Moreover, they alleviate pain.
So, what are some of these large, business problems? There are only a few of them.
- People: expensive, fickle, smelly, hungry
- Money: never enough of it
- Time: never enough of it
If your froduct platform can replace people, save money, and/or reduce time to success, then you have a winner. If your froduct requires a company to hire more people, pay more money, or consumes more time, you have an uphill battle ahead of you.
Conclusion
When you go shopping for new security products, take the time to consider the dependencies. You may be buying a froduct. Likewise, products that integrate with existing platforms, like AWS or Azure, are naturally more effective since they can work on existing environments.
If you are a product company, then you must be able to place your product into the context of a customer’s environment. Stop talking about the security challenges you address, and start talking about how you will improve the customer’s experience. You can still talk about those security benefits, but only after you and the customer are clear on the business problems you solve.