Smarts, timing and chutzpah

When it comes to security products, Jon Oltsik says sophisticated tools are being dumbed down for a reason.

Jon Oltsik
Jon Oltsik is a senior analyst at the Enterprise Strategy Group. He is not an employee of CNET.
Jon Oltsik
3 min read
Back in the dawn of business computing, programming was done at the machine level, where ones and zeros spoke directly to the hardware.

In essence, no two computers were exactly alike, and that limited the business computing club to an extremely knowledgeable few.

IBM theorized that system flexibility and customization actually limited the size of the overall computing market. In the early 1960s, the company launched an ambitious and extremely risky project in an effort to reduce limited programming options into a standard program that supported the most common types of operations.

The result was the introduction of the IBM 360 in 1964. Needless to say, the payoff on this gamble is still being felt. The 360 is the great-great grandfather of today's mainframes that still bring in billions of dollars in revenue to IBM annually. This system also kicked off the modern era of operating systems and software development.

The wrong design assumptions kill tons of high-tech wares.

I use this historical success story as an analogue to a relatively new phenomenon in the security market. A number of sophisticated security tools are being retooled to offer limited feature functionality. Like the System 360, many of these new products are just what is needed to help advanced security tools proliferate.

A few product examples will help illustrate this point.

Though RSA has been extremely successful in the enterprise market, its products were always deemed too sophisticated for smaller organizations. Last year, RSA introduced its RSA SecureID Appliance--a canned solution of hardware and software that can be plugged into a typical Microsoft Active Directory infrastructure. It's early, but according to RSA, these boxes are selling like hotcakes.

IBM looked to its past strategy earlier this month by introducing its Tivoli Identity Manager Express product. Same deal: IBM stripped out some of the product complexity, integrated all the supporting pieces (i.e., Web application server, database, etc.) into a bundled product, and made the product drop-dead easy to install and operate. IBM channel partners are doing backflips over this one, as it has the potential to greatly expand their market with a proven product.

Some people say these products are simply dumbed-down versions, but I believe that the 80/20 rule is a more apt description. Think about it: We all use Microsoft Word, but how many of us need advanced capabilities for desktop publishing?

Studies consistently demonstrate that 80 percent of us use about 20 percent of the functionality at our disposal. The 80/20 product model simply makes it easier for the masses to deploy sophisticated stuff. So why isn't every enterprise vendor stripping the enterprise-only bells and whistles from their products?

VC-backed start-ups tend to focus on the enterprise market to compete on seven-figure deals and deliver returns to investors. However, by the time they figure out what they are doing, they often wind up challenged to add new enterprise functionality so they can support their existing customers while hunting down new business. In other words, these guys start with a complex product that becomes even more complex over time.

Enterprise-focused vendors also tend to invest in high-priced field sales and engineering. That's fine for expensive software, but 80/20 products need a channel model for distribution. It's tough to do both.

Finally, it's hard to learn what Joe Average needs when you're spending all your time with Richie Rich. The wrong design assumptions kill tons of high-tech wares.

IBM and RSA Security have the size and resources necessary to pull off this quick-change act, but this will definitely take some doing. Will the rest of the industry follow their lead? Hard to say at this point. A lot of tech vendors have smart coders and decent business models, but few have the necessary combination of smarts, timing and chutzpah to pull it off successfully.