In case you missed it, we’re losing the battle against hacks and breaches. Even though more security tools come online every year, personal information and other sensitive data don’t get better protected.
We buy more products. We get breached. We adhere to compliance standards. We get breached. We hire managed services providers, and we still get breached.
Many of the IT pros we talk to have upwards of 250 security tools in their arsenals; the average is 108. That’s 108 tools designed and built to stop cyber criminals, but the hacks keep coming.
Increasingly sophisticated and relentless attacks and high-profile breaches like the one at Solarwinds spur the purchase of more and more tools, but companies rarely have the right people and processes in place to ensure the tools they purchase are installed—and configured—correctly, to say nothing of the ongoing assessments, remediation, and maintenance needed to achieve a solid return on their cybersecurity investments.
The industry’s response has long been to build newer, shinier products, knowing that buyers will come. When the technology fails to defend against a breach, managed services providers step in to remediate after the fact and “manage” the customer’s environment against future incursions.
Then a Solarwinds, or an Equifax, or a Marriott happens.
And then we buy more tools.
Then we get breached again.
It’s a vicious cycle, one that companies can break by stepping away from traditional notions of ownership (as in buying or “owning” a security tool, platform, or solution) and embracing the Membership Economy.
The Membership Economy, a term coined by Robbie Kellman Baxter in her 2015 book, includes any organization whose members—what another company might call customers or clients—have an “ongoing and formal stake” in that organization. The human desire to belong, to be part of a community or affiliated with an exclusive organization, is fulfilled in the Membership Economy, and Netflix is one of its best-known acolytes.
Importantly, the Membership Economy moves organizations away from transactional sales that are cost-based and require conversions, cross-sells, and other additional transactions toward what Baxter calls the forever sale. This is a lifetime of customer value in which retention and delight are the outcomes. The relationship ends only when the member formally leaves or cancels a subscription; otherwise, that first transaction lasts forever.
Key components of the Membership Economy include:
Cybersecurity companies, like many technology organizations, still focus on transactional sales. Customers buy a software or services package for a period of time, typically two to three years, and are largely left to fend for themselves until their contract comes up for renewal. Like other technology deployments, security installations can be complex, costly, and time-consuming, often making it difficult for customers to change or add products in their production environments. Even when a customer is unhappy with a product, swapping it out for something new may be more trouble than the customer thinks it’s worth, which leaves little incentive for transaction-driven security companies to foster meaningful innovation in their offerings.
In other words, ownership in cybersecurity is a liability. The thousands—even millions—of dollars organizations spend on tools and platforms tied to those multiyear licensing agreements effectively hold them hostage regardless of product efficacy. In the event of a breach, they’re still stuck in their contract and may even feel the need to buy more tools to bolster their security posture. Security product companies are hamstrung by the model, too: once they create products to deliver their solutions, they become limited by the scope of their own design, for good or ill, and innovation remains stalled.
Groundbreaking innovation through experimentation, development, and even dumb luck has enabled significant economic growth—and has toppled entire organizations that were upended by the thoughtful and rapid advancement of others, as Blockbuster was by Netflix. As the pace of technological change continues to accelerate with force, so too does the cyber-attack surface. Transactional organizations cannot hope to keep pace with the growing costs of breaches and the ease with which they can be executed without foundationally changing the way new defenses are designed, built, and adopted.
Membership, or the Netflix model, is just such a foundational change. It can be every bit as disruptive and transformational to the cybersecurity industry as Netflix itself was to the movie rental and streaming industries. Here’s how.
Subscriptions are a good first step. Subscriptions make it easy for members to select the pricing and options that are best for them, and consistent and predictable revenue streams benefit shareholders and users alike. But subscriptions alone do not a Membership Economy make. It’s important that security companies understand the need behind each package they develop so they can grow members into new offerings and ensure value is continuously delivered.
Loyalty programs are another great addition. As American Express famously said, membership has its privileges. In cybersecurity, privileges can include freemium pricing models, discounted upgrades, free services engagements, and more.
Additionally, the Membership Economy can’t work without high levels of member engagement, which is why Baxter recommends that a good membership program be beneficial for members as well as the company that serves them. Benefits stemming from loyalty create bonds, even emotional connections, between members and the companies they associate with, which in turn create vibrant communities of influencers and evangelists that become a continual source of innovation for Membership Economy organizations. By staying close to your members and active in the communities you share with them, you’re always a part of the feedback loop, enabling you to continue to evolve your offerings to meet member needs.
Ongoing feedback ultimately becomes a source of competitive differentiation too, because traditional security organizations selling through transactions are less able to tap into widespread customer sentiment—whether positive or negative—and therefore are less likely to be able to turn the information they do get into meaningful innovation.
Cybersecurity-as-a-service, or CSaaS, brings all of these concepts to life. CSaaS is inherently a member-driven model, allowing providers to focus on access rather than ownership. Instead of selling transactional point solutions or fee-for-services to create what we used to call customer “stickiness,” security companies can use the membership model to level the playing field and democratize cybersecurity, making the best protection accessible and affordable for every size organization, even those with no cybersecurity expertise in house.
The CSaaS membership model offers a new, innovative paradigm for successful protection from today’s advanced cyber attacks by pairing skilled security advisors with proven processes and best-of-breed technologies to deliver guaranteed business outcomes. Importantly, CSaaS handles the heavy lifting associated with evaluating and recommending solutions from more than 4,500 security vendors so that members can focus on scaling their businesses without worrying about securing the sensitive data and information that make those businesses successful.
CSaaS also ensures that recommended solutions are installed and configured completely and correctly in addition to providing ongoing remediation of cyber threats and vulnerabilities and regular maintenance of security tools, thus walling off the majority of entry points for cyber criminals and ensuring members get value from all of their security investments, from conception and strategy to implementation and maintenance.
By selling membership rather than ownership in the CSaaS model, members can achieve faster compliance to standards like NIST CSF, SOC 2, PCI, and HIPAA; they can also receive better cyber-attack protection from threats like the OWASP Top 10 and the CWE Top 25, giving them true resilience, lower costs, less stress, and the ability to implement the very best technologies available at any time, all the time.
The CSaaS membership model is Netflix for cybersecurity: inherent innovation and bespoke solutions at scale. Begin your free CSaaS membership and start your journey to cybersecurity confidence today.
Circa Las Vegas
Thurs. Aug 5th
Cybersecurity Reunion Pool Party at BlackHat 2021