PGP Blogs

Regular readers of this blog know that I rarely use this space to directly promote PGP Corporation, preferring instead to focus on issues relating to public policy and individual privacy. Recently, though, I’ve started to notice a disconcerting trend in the way vendors, particularly in the security space, discuss their accomplishments. I have to admit that I’m grateful I’m not an IT executive these days trying separate the wheat from the chaff.
 
Following are just two of the claims I’ve seen lately in both our sector and others that really puzzle me:
 
“The fastest-growing email encryption solution.” Fastest-growing based on what metric? Users? Customers? Messages sent? Size of the code base?

“We now have the largest email encryption directory in the world.” That’s nice, but I wonder if anyone is using it on a regular basis. It’s not really much of a challenge to collect a large number of email addresses or even keys and put them in a big database. The challenge is in getting a large number of enterprises to use those keys for their intended purpose and protect their confidential information. Without that level of usage, a large directory is no more useful than a phonebook is to someone who doesn’t have phone service.

I’ve always believed that in evaluating enterprise software vendors, there are only a few metrics that really matter:

1.  How many companies have installed their products? Note the emphasis on “install.”  Purchasing a product is one key step, but we all know cases of companies that have built sizable businesses selling what became shelf-ware. You just can’t build a sustainable business that way. 
   
2. Are any of those companies in similar businesses or have a similar business model to yours? It’s great if every airline in the world is using a certain product…unless you’re a bank, in which case the users can tell you very little about how the product might work for you.
3. Continued usage? This metric gets at two issues. The first is whether or not the product met the business goal for which it was purchased. The second, equally important, is whether the vendor provided the needed training, support, and documentation to ensure its customers are successful with its products. Well-run enterprise software companies understand that you aren’t selling commodities and that the post-sale relationship is at least as important as the pre-sale relationship.

If you can’t get satisfactory answers to these three questions, I’d think twice before committing to any software vendor. Most vendors don’t actively publicize their answers to these questions; however, vendors with integrity (and a track record) will generally answer them candidly if you ask as a part of a product evaluation process.

- Phil