By: Corey White
In case you missed it, we’re losing the battle against hacks and breaches. Even though more security tools come online every year, personal information and other sensitive data don’t get better protected.
We buy more products. We get breached. We adhere to compliance standards. We get breached. We hire managed services providers, and we still get breached.
Why can’t we do better?
Many of the IT pros we talk to have upwards of 250 security tools in their arsenals; the average is 108. That’s 108 tools designed and built to stop cyber criminals, but the hacks keep coming.
Increasingly sophisticated and relentless attacks and high-profile breaches like the one at Solarwinds spur the purchase of more and more tools, but companies rarely have the right people and processes in place to ensure the tools they purchase are installed—and configured—correctly, to say nothing of the ongoing assessments, remediation, and maintenance needed to achieve a solid return on their cybersecurity investments.
The industry’s response has long been to build newer, shinier products, knowing that buyers will come. When the technology fails to defend against a breach, managed services providers step in to remediate after the fact and “manage” the customer’s environment against future incursions.
Then a Solarwinds, or an Equifax, or a Marriott happens.
And then we buy more tools.
Then we get breached again.
It’s a vicious cycle, one that companies can break by stepping away from traditional notions of ownership (as in buying or “owning” a security tool, platform, or solution) and embracing the Membership Economy.
The Membership Economy, a term coined by Robbie Kellman Baxter in her 2015 book, includes any organization whose members—what another company might call customers or clients—have an “ongoing and formal stake” in that organization. The human desire to belong, to be part of a community or affiliated with an exclusive organization, is fulfilled in the Membership Economy, and Netflix is one of its best-known acolytes.
Importantly, the Membership Economy moves organizations away from transactional sales that are cost-based and require conversions, cross-sells, and other additional transactions toward what Baxter calls the forever sale. This is a lifetime of customer value in which retention and delight are the outcomes. The relationship ends only when the member formally leaves or cancels a subscription; otherwise, that first transaction lasts forever.
Key components of the Membership Economy include:
Cybersecurity companies, like many technology organizations, still focus on transactional sales. Customers buy a software or services package for a period of time, typically two to three years, and are largely left to fend for themselves until their contract comes up for renewal. Like other technology deployments, security installations can be complex, costly, and time-consuming, often making it difficult for customers to change or add products in their production environments. Even when a customer is unhappy with a product, swapping it out for something new may be more trouble than the customer thinks it’s worth, which leaves little incentive for transaction-driven security companies to foster meaningful innovation in their offerings.
In other words, ownership in cybersecurity is a liability. The thousands—even millions—of dollars organizations spend on tools and platforms tied to those multiyear licensing agreements effectively hold them hostage regardless of product efficacy. In the event of a breach, they're still stuck in their contract and may even feel the need to