Content Cookbook #2: Selling Security Response

(One in an ongoing series of sample IT drip content marketing campaigns. Feel free to steal this sequence or, if you’d like Content marketing security response sequence help customizing one for your needs, email or call at 781 599-3262.)

Antivirus products are “doomed to failure.” So says, of all people, Symantec, even though it gets 40% of its revenue from AV.

What’s up? For one thing, AV not a huge money maker. Second, hackers have moved on from endpoint attacks using viruses. The most serious threats now come from “zero day” network intrusion and denial of service attacks that target the core of the IT infrastructure and are too new to be caught by AV scans. As a result, Symantec and other vendors are trying to sell software and services that help customers limit the damage from attack.

If you’re selling security response services what sequence of marketing content can help you to identify and rate prospects for those services?

Story One: This captures prospects early in the sales cycle by clearly explaining the limits of AV, the nature of the new threats AV cannot stop and how security response, rather than prevention, can help limit the damage. Be honest about whether antivirus is really “dead” or is just not sufficient, in and of itself, to provide security. Get specific with recommendations without touting your product. Should customers, for example, just get basic free AV for end points and focus the rest of their efforts on hardening the core and on security response? If they shift more security spending to the network, specifically where should they invest? And what is the ROI of security response versus prevention?

Offer this content free and promote the heck out of it via emails and social networks. Repurpose it for videos, ebooks, blog posts, contributed op-ed pieces and Webinars. This is your chance to become the trusted voice of reason on this topic. The call to action (CTA) is a link to the more detailed stories 2 and 3 which are aimed at more specific market segments.

Story 2: Focuses on one subset of your target market with specialized content. To find SMB prospects, for example, produce a checklist they can use to determine whether this shift from prevention to response is true for them as well as for large companies. If basic AV is still necessary, what are the “must-have” features an SMB in particular should focus on? And if SMBs should start thinking “response” rather than just prevention, what are the basic “response” steps an SMB should take themselves, given their limited budgets, and what can best be done by an outside vendor?

Gate this content with two to three basic contact/qualification questions, such as name, business email and top security challenge they are facing. The CTA is a link to story three, pulling prospects further through the sales funnel to the product/vendor evaluation.

Story 3: To capture prospects that are in the “consideration” stage of the purchase process, offer tips for evaluating the security response services that are flooding the marketplace. Which of the services they are selling, such as centralized real-time monitoring or documentation and forensics of past attacks are most valuable? What of the incident response workflows they are offering will help limit the damage from each type of attack most effectively? What security response steps should a customer take themselves, and which should they leave to a service provider? What are some of the “gotchas” that could hurt a customer by choosing the wrong provider, and how can they avoid these mistakes?

Gate this content with two or three further progressive profiling questions, such as whether they have (or plan to) create a security response plan and their time frame for action. If you can combine this with third-party data to further qualify them, all the better. If they plan to act soon, the call to action could be a sales call to further discuss their response needs. If they’re months away from action, offer them a subscription to your email newsletter of security response tips, tracking their readership to determine if and when they might be open to a call.

Note: In place of each “story” in this sequence feel free to replace with “webinar”, “video”, “podcast”, “white paper”, or other format.) And if you have a product or service for which you’d like to see a sample, drop me a line or call at 781 599-3262.

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.

Seven and a half years after virtualization went “mainstream” with EMC’s purchase of VMware, you would think it would be pretty mature  – at least on the server side, where it hit first before moving on to storage and networks.

But many customers (especially smaller ones) are still having trouble getting the cost and scalability benefits they hoped to get from server virtualization. And performance tuning, security, and assuring cost savings are continuing concerns for all customers as they move beyond servers to virtualizing storage as well as applications such as databases, email and ERP in the next year.

Those are among the main findings of the 2011 Virtualization and Evolution to the Cloud Survey done by Symantec, which of course has a dog in this fight as a provider of virtualization, storage and security management tools. Nearly 60% of the 3,700 tactical, strategic and C-level respondents it surveyed worldwide are still using outside providers “quite a bit” or “completely” for help with server virtualization. When it comes to newer areas such as hybrid public/private clouds or private storage as a service, the figures rises closer to 70%.

Service providers are in demand because virtualization often isn’t delivering the benefits customers expected. Customers with less mature server virtualization skills still need third-party help with sever virtualization, while those with higher levels of skills need help providing functions such as disaster recovery and high availability, said John Magee, vice president of visualization and cloud solutions for the storage and security software vendor.

Respondents were most pleased with server virtualization, pegging the gap between expectations and reality at only four percent, and the greatest shortfalls in delivering reduced capital and operational costs, and greater scalability.

They cited a 33% gap between expectation and reality for storage virtualization, with the biggest disappointments in the scalability of virtualized storage, its agility and the operational expense savings.

Private/hybrid cloud computing, in which companies seamlessly move applications and data between their own virtual environments and those of outside providers such as Amazon, was another problem area. Respondents saw an average 32% gap between expectations and reality, with the time to provision new resources, scalability and security the main shortfalls. Nearly three-quarters of organizations that had hybrid/private clouds cited performance as a significant or extreme challenge.

Storage as a service (providing provide virtualized storage to users and applications on demand) was the most severe underperformer, with a 37% gap between expectation and reality. The biggest shortfalls were its failure to reduce complexity (40%), its efficiency (37%) and its scalability (34%.)

Slightly more than half of respondents said storage costs had “somewhat or significantly increased with server virtualization.” One reason, said Magee, is the complexity of virtual environments, and the fact that unused space can be “orphaned” as the virtual server to which it was originally assigned is moved or decommissioned. Some customers also quickly buy a large amount of expensive SAN storage to support a virtual environment, he said, while they could save money with a “tiered” environment in which less critical information is stored on less expensive storage.

Just over six out of ten listed security as a “significant/extreme,” a concern Magee said is increasing as organizations virtualize more mission-critical applications. As they do so, he is seeing more concern around compliance and configuration tracking, and a focus on securing not just physical servers but the  virtual machines running on them.

Despite the disappointments, interest in virtualization remains strong, with about 80% of all respondents at least discussing cloud adoption. Among organizations planning to virtualize servers for business-critical applications in the next 12 months, focus areas included database applications (59%), email (47%) and ERP applications (41%.)

So virtualization isn’t a bust, and customers still trust its potential. But, like a lot of ballyhooed new technologies, getting to paradise isn’t as easy as promised.

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.