If your product fits neatly into a magical chart comprised of 4 equal areas made by dividing a plane by an x and y axis, odds are it is commoditized and indistinguishable from the vendors beside you. As a result to drive differentiation, organizations are beginning to form their own research groups as a vehicle to establish thought leadership, create sales opportunities, and, of course, differentiate the company and its products from the competition.
I’ve worked as a vendor, an industry analyst, and as an end consumer of security products. I’ve seen my share of commoditized products artificially inflated with buzzwords and the latest security breach news in the press. I’ve also sat through more than a few presentations (or panels) where the presenter communicates how hard they thought about a particular problem – and that is the extent of their research.
What continues to impress me, however, is when a vendor (or a presenter writing/speaking on behalf of a vendor) can provide concrete data to reinforce a hypothesis or position on a particular issue or problem. I don’t care how creative you are with your marketing language or how hard you think about a particular problem, it’s not going to mitigate or prevent the problem from reoccurring – unless, of course, you’re Michael Ironside’s character from the movie Scanners.
In the security field, there are really two types of research: Pure and Applied. According to Wikipedia(http://en.wikipedia.org) pure (sometimes called basic) science is the “development and establishment of information to aid understanding of the world, whereas applied science uses portions of basic science to develop technology or technique establishing interventions to alter events or outcomes as desired.” (source – http://en.wikipedia.org/wiki/Basic_science#Versus_applied_science)
Applied science, on the other hand, is a “discipline of science that applies existing scientific knowledge to develop more practical applications, such as technology or inventions.” (source – http://en.wikipedia.org/wiki/Applied_science)
As an alternative, I offer the following differentiation:
Now, before people get upset, I’m not saying that pure research isn’t valuable, it is. Without pure research, there would be no applied research. Big ideas influence those who can execute and turn the pure research into applied research.
In my opinion, a vendor should have a research group that operates on a 30/70 split of pure to applied research. This lets researchers be creative and express themselves with a greater emphasis of implementing quantifiable research into portfolio features, tools, or products.
As this series evolves I’ll touch on how to structure your research group, how to staff, how to create a business case to justify its existence, and how marketing, sales, and product teams can utilize the findings of your team. If you have any questions, please put them in the comments section below or reach out to me on Twitter via @andrewsmhay.