A few things this week got me thinking about customer service. For whatever reason, I have always thought the best business decision is to put the needs of the customer first, then build your business model around that. I’m enough of a realist to know that isn’t always possible, but combine that with “don’t make it hard for people to give you money” and you sure tilt the odds in your favor.
First is the obvious negative example of Oracle’s CISO’s blog post. It was a thinly-veiled legal threat to customers performing code assessments of Oracle, arguing this is a violation of Oracle’s EULA and Oracle can sue them.
I get it. That is well within their legal rights. And really, the threat was likely more directed towards Veracode, via mutual customers as a proxy. Why do customers assess Oracle’s code? Because they don’t trust Oracle – why else? It isn’t like these assessments are free. That is a pretty good indicator of a problem – at least customers perceiving a problem. Threatening independent security researchers? Okay, dumb move, but nothing new there. Threatening, sorry ‘reminding’, your customers in an open blog post (since removed)? I suppose that’s technically putting the customer first, but not quite what I meant.
On the other side is a company like Slack. I get periodic emails from them saying they detected our usage dropped, and they are reducing our bill. That’s right – they have an automated system to determine stale accounts and not bill you for them. Or Amazon Web Services, where my sales team (yes, they exist) sends me a periodic report on usage and how to reduce my costs through different techniques or services.
We’re getting warmer.
Fitbit replaces lost trackers for free. The Apple Genius Bar. The free group runs, training programs, yoga, and discounts at our local Fleet Feet running store. There are plenty of examples, but let’s be honest – the enterprise tech industry isn’t usually on the list.
I had two calls today with a client I have been doing project work with. I didn’t bill them for it, and those calls themselves aren’t tied to any prospective projects. But the client needs help, the cost to me is relatively low, and I know it will come back later when the sign up for another big project. Trust me, we still have our lines (sorry, investment firms, no more freebies if we have never worked together), but in every business I’ve ever run those little helpful moments add up and pay off in the end.
Want some practical examples in the security industry? Adjusting pricing models for elastic clouds. Using soft service limits so when you accidentally scan that one extra server on the network, you don’t lock down the product, and you get a warning and an opportunity to up your license. Putting people on the support desk who know what the hell they are talking about. Paying attention to the product’s user experience – not merely focusing on one pretty dashboard to impress the CIO in the sales meeting. Improving provisioning so your product is actually relatively easy to install, instead of hacking together a bunch of scripts and crappy documentation.
We make security a lot harder on customers than it needs to be. That makes exceptions all the more magical.
(In other news, go watch Mr. Robot. If you work in this industry, it’s like a documentary).
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Rich quoted at PC World on Dropbox adding FIDO key support.
- Mike over at CSO Online on security spending focus.
- Rich in the Wall St. Journal on Apple and Google taking different approaches to smart agents like Siri and Google Now.
- Yep, Rich keeps press whoring with comments on Black Hat.
- It never ends. You know who on some Apple vulnerabilities at the Guardian.
- And lastly, one Rich actually wrote for TidBITS about that crappy Wired article on the Thunderstrike 2 worm.
Favorite Securosis Posts
- Mike Rothman: Firestarter: Karma – You M.A.D., bro? It seems the entire security industry is, and justifiably so. Oracle = tone deaf.
- Rich: Incite 8/12/2015: Transitions. My kids are about a decade behind Mike’s, just entering kindergarten and first grade, but it’s all the same.
Other Securosis Posts
- Incite 7/29/2015: Finding My Cause.
- Building a Threat Intelligence Program: Gathering TI.
- EMV and the Changing Payment Space: Mobile Payment.
- EMV and the Changing Payment Space: Systemic Tokenization.
- EMV and the Changing Payment Space: The Liability Shift.
- Building a Threat Intelligence Program [New Series].
- EMV and the Changing Payment Space: Migration.
Favorite Outside Posts
- Mike: Gossip to Grown Up: How Intelligence Sharing Developed – Awesome post on the RSAC blog by Wendy about the history and future of TI. The key issue is “getting trust to scale”.
- Rich: How Hackers Steal Data From Websites. Oh, my. The Onion has us dead to rights.
Research Reports and Presentations
- Endpoint Defense: Essential Practices.
- Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers, and Applications.
- Security and Privacy on the Encrypted Network.
- Monitoring the Hybrid Cloud: Evolving to the CloudSOC.
- Security Best Practices for Amazon Web Services.
- Securing Enterprise Applications.
- Secure Agile Development.
- Trends in Data Centric Security White Paper.
- Leveraging Threat Intelligence in Incident Response/Management.
- Pragmatic WAF Management: Giving Web Apps a Fighting Chance.
Top News and Posts
- No, You Really Can’t (Mary Ann Davidson Blog). In case you missed it, here’s the archive. Fun, eh?
- Oracle’s security chief made a big gaffe in a now-deleted blog post. More on the story.
- Software Security: On the Wrong Side of History. Chris Wysopal of Veracode responds. Guess who used to be one of their advisors? Popcorn ensues.
- Cisco Warns Customers About Attacks Installing Malicious IOS Bootstrap Images.
- Researchers reveal electronic car lock hack after 2-year injunction by Volkswagen.
- Stagefright: new Android vulnerability dubbed ‘heartbleed for mobile’.
- Stagefright Patch Incomplete Leaving Android Devices Still Exposed. Friends don’t let friends…
- Hack-Fueled ‘Unprecedented’ Insider Trading Ring Nets $100M.