Saturday, 29 September 2012

Providing licenses to security consultants

I still find amazing that companies who create security products don't easily provide licenses to security consultants.

It should be obvious that security consultants are one of the target markets since they are the ones who are able to make the most use of the product and can show the clients how to get value from those products.

What should happen is that we should be pushing away companies saying 'not now ... maybe later'. Instead we have to beg for licenses so we can create PoCs or test their products.

Some companies even ask you to sign NDAs to test/evaluate their products, its crazy.

The key concept is that it should be as easy as possible to access their technology and products , and of course, if the product is used in a commercial environment/engagement the correct license should be paid.

The problem is the most (Sales team) know that they will only get one sale! So they play the scarcity game and (almost) prevent full access to the technology.

What they should do is to play the Productivity/Empowerment game where the customer cannot live without it.

And a good example of the side effects of this strategy, is the 'Product Engine Rules'. Most vendors threat their rules as this as massive proprietary 'thing', that is not easy to share ,maintained, customised or published.

But what the customers really want, is what we did with TeamMentor: easy access to the application+content+source-code and an environment that is easy to install, deploy, duplicate and change

And I'm very happy to say that the feedback we're getting from customers on this level of openness is really good