First up, an apology in advance to the unnamed company whose PR firm sent me this release. I'm not trying to crucify its PR agency or marketing team, and it is far from the worst offender in the "PR which says little" space. But for whatever reason, its release caught my attention and I wanted to use it to write a quick lesson in how to craft a company and/or product launch for maximum effect.
For a bit of background this company was founded this year, and this release marks its coming-out-of-stealth party. For those not in the marketing world, a company launch is a big deal and is a chance to really hit it out of the park in terms of stating the direction and importance of what a particular company is doing.
For its part, the company is in the security space. But I get equally bad releases and briefing materials from a range of other sectors as well. This press release's headline states, breathlessly, that the company "Exits Stealth and Launches First Cloud-Based Security as a Service Platform For Global and Mobile Enterprises."
Hmmm. I'm not really sure what that means since there are many, many cloud-based security vendors these days. indeed, most security vendors are using cloud as their delivery and/or scaling mechanism.
In terms of the "security as a service platform" piece -- essentially what said company is saying (I think) is that, like every other cloud company on the planet, it's moving to a service-based model where it charges per user, per month or by some other subscription based measure.
Finally, that "global and mobile enterprises" thing -- I'm not sure if this is meant to read as two different classes of organization, since most organizations I know are mobile (regardless of their globality or otherwise) and, to be honest, by definition a global organization must be mobile, right? Curiouser and curiouser.
And so, in a new format, I'm going to excerpt parts of this release, and give my take on what they mean (if, indeed, they mean anything).
The only cloud-based security platform with best-of-breed security options to address customers' global remote, mobile and cloud computing users with guaranteed compliance . . . Leveraging the full elasticity of any cloud, combined with its dynamic, global, scalable and redundant platform, [redacted vendor that I'm trying hard not to crucify] is able to bring enterprise customers the highest level of security and compliance regardless of location, size and workload.
"Only" is a strong word. And a startup created only this year has a fair amount of chutzpah to suggest it is doing something that none of the more-established security vendors are doing. As for leveraging the elasticity of the cloud, sorry, but scalability and redundancy shouldn't be a special feature -- it should be baked into every solution that a technology vendor sells.
A paragraph ensues which actually is somewhat substantive: It seems that the company's primary focus area is on large enterprises requiring remote and mobile access to worldwide distributed offices and users. The service offering allows enterprises to extend their security and compliance technology stacks to their remote/branch offices and partners/contractors, offering them the security standards as if they were connected to the enterprise's corporate data center. The product is always 1:1 dedicated to customers and can be run in any cloud environment or any cloud account.
This is actually pretty interesting since, if it works, it allows larger organizations to deliver a more consistent and centralized approach toward security, which should drive outcomes in terms of economics and compliance.
It is somewhat unclear, but it seems that what we have here is a platform that is an aggregator for third-party security components -- the company suggests that its platform differs from other offerings by allowing users to choose the way security solutions like NG-Firewalls, UTM, IPS, URL filtering and ATP chain and work together. That raises a whole bunch of questions around interoperability, third-party vendors' willingness to be aggregated in this way, API integrations and the like. But without any proof one way or the other, we'll have to let it slide.
The company then goes on to roll out pretty much every buzzword known to the security industry today and to offer something that is almost an Aladdin's cave of features:
[Our] solution manages the control plane, guaranteeing reliability, scalability, distribution and simplicity, while its dedicated best-of-breed approach guarantees that customer's traffic, in the data plane, is always flowing through and being protected by the top products the industry has to offer. The services within the solution are always up-to-date and offer the highest level of protection available and downtime due to frequent upgrades, patches and failures is eliminated by our advanced cloud traffic dispatcher. Our platform optimizes solution management by integrating with existing enterprise tools, as well as others available on the market today. All of this means that with the service, enterprises can secure hundreds of branches and thousands of users worldwide in seconds, bringing everyone into compliance and eliminating concerns about scalability and downtime, all with a single mouse click.
Unicorns and rainbows would seem to emanate from this particular company's headquarters. Finally, the team behind the product is given a shout-out with the suggestion that they have expertise growing billion-dollar companies in the cloud, networking and security markets.
Unfortunately, neither the team nor these billion-dollar organizations they've worked for are mentioned in the release. The only named person is the CEO, who has "over 20 years of technical and management leadership in these areas, and understands the market." I'm not so sure I agree.
Don't get me wrong, it's hard to craft a good press release, especially for a very early-stage company with no real traction to speak of. But maybe, if it's that hard, you're better off not even trying. All that the company did here was to spout a bunch of buzzwords, promise that a few security practitioners' dreams would come true and limit its chance to be taken seriously in the future.