Home > InfoSec, Manufacturers, Peak Performance, Trends > Caveat Vendor – with industry analysts, you don’t always get what you pay for

Caveat Vendor – with industry analysts, you don’t always get what you pay for

There is a problem with honesty in this security industry of ours.  Far more of a problem in the physical/homeland security indsutry than IT/cyber security.  the difference? Critics.

The IT/cyber security industry has dozens of knowledgeable, influential industry analysts constantly pushing end users, VARs and manufacturers, (vendors) to higher levels of performance, quality and customer service.

The physical security had none before I showed up on the scene when I directed my research team at Giga Information Group (later Forrester) to begin tracking trends in physical security in 2000.  I kept thinking I would spark industry improvement in physical security and homeland security by inspiring dozens of industry analysts to cover the huge industry.  Instead, vendors reacted with their panties in a bunch and most consultants I spoke to were chicken-shits, with not enough balls to tell Lenel or SoftwareHouse or Bosch when they smelled snake oil, or when product development aimed low.

So in 2005, I left my job as head of security research at Forrester and opened the first industry analyst firm in physical security – thinking for sure that THAT would start the trend.

I was partly right.  A few “analysts” popped up afterwards.  Forrester and Gartner dabbled in physical security half-heartedly for a few months after I left.  Frost & Sullivan later beefed up their particular brand of analysis combned with their trademark (and dubious) “awards.”  More on that another time.  INS also started making noise.

Finally, some “serious” critics emerged. Jeff Kessler, the long-time Lehman analyst, brought intellectual rigor to financial critique of the entire industry and specific niches.  And John Honovich carved a niche for himself becoming the preeminent critic of IP video solutions.

I am very grateful for John and Jeff.  They largely validated my belief that the physical security industry had room for and could benefit from piercing, honest criticism.  But I’m sad that there are only three of us.  John critiques vendors in the IP video arena on his website, Jeff now works for Imperial Capital and focuses is on numbers, and I focus on best practices for end users.  Three different niches, but it’s just crazy that a $170 bn industry supports only three guys doing real industry analysis.

I’ve criticized Frost & Sullivan and INS elsewhere, not to belabor the point here. The shortcomings of their analysis in this industry are obvious to any observer and I don’t need to harp on them.  In a nutshell, I’m disappointed when any analyst relies on the word (or dollars) of manufacturers.  It is an obvious conflict of interest, and the so-called analyst quickly becomes a shill for vendors, whether they intend to or not.  (Hint: they usually intend to.)

If an analyst performs paid work for a vendor, it should be with the sole purpose of helping that vendor improve its products or solve specific customer problems.  It should also be done privately.

For example, I’ll allow vendors to pay me to critique and plan their product development road map or marketing strategy – but I don’t write publically available white papers and will never publicly trade whatever I’ve discussed with vendor clients privately.  I share my end user research findings with my end user- and investor-customers only.

Analysis should be derived from the analyst’s professional experience with the subject he is analyzing, or by analyzing the experiences of end users.  I believe John touches or in some way directly interacts with with every product he writes about, and then bases what he writes on his highly technical knowledge.  Jeff is similar.  He performs primary research, writes his own analysis of his research based on his extensive knowledge and experience with financial and market analysis, and critiques secondary research.  I talk to hundreds of end users each year and systematically analyze best practices (and worst practices) among the users of just about every kind of security technology.

I still think there is plenty of room for honest critique in the physical security industry.  If only someone else with the guts would step up.

About these ads
  1. February 25, 2011 at 11:52 am

    Steve,

    I share your pain with respect to the physical security analyst world. Having been an analyst virtually my entire adult life, I’ve seen the good, bad and the ugly. Previous few organizations realize that physical and cyber/information security are two sides of the same coin. Also buyers don’t seem to feel that they need as much ‘advice’ with respect to physical security that they do in the IT world. So, part of the issue is simply that there doesn’t seem to be a market for analyst services on the physical side of the house for one reason or another.

    As for transparency, I believe that they guys at Securosis got it right.

    I look forward to your thoughts.

    Larry

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: