What Do a Security Trade Show and a Poorly Designed Website Have in Common?
I just came home from the annual RSA Conference and am still nursing the hangover of sensory overload. As always, there were several interesting sessions and there is a ton of value in having a large percentage of security professionals in one place. Like any experience where I am the customer, there were a number of things I wish had been done differently to enhance my experience. As I organized my thoughts for a team debrief, I realized that many of my issues were similar to the issues I felt the last time I tried to order discount parts for the outdoor kitchen. I wanted to good or service they were selling, but it was so painful and sketchy, I ended up buying for full price elsewhere. If there was a rival trade show that was using CIAM ideals appropriately, I would have gotten in a cab and moved there.
I am afraid of clowns
The expo hall was HUGE. Both north and south halls jam-packed with solution providers barking their wares into the throngs of attendees. Zero-Trust this, Machine learning that - it was impossible not to shut down and ignore them all out of self-defense. This is a missed opportunity for the brands attending that spent large amounts of money to be on the expo floor, and it is likely a missed opportunity for the security buyers who may have needed to hear a message that was in direct alignment with their biggest challenge. In this environment, it would be the exception that the right solution message found the right set of eyes and ears. It would be so much better if the expo hall was arranged by solution area and that all of the information I provided upon registration could inform a suggested map of my own areas of interest. A little customer insight and segmentation would have made my experience so much better and likely increased the return on the spend of the brands on the floor.
It is very similar to the email deluge I get every day. Most of these brand senders I just ignore as spam but I can also think of a few that I have learned are truly trying to speak to me. Guess which category I buy from, again and again? Brands who leverage the power of customer insights and segmentation to ensure that I am only hearing messaging that meets my wants and desires. They likely should already know a lot about me based on prior visits, social media registrations and their own progressive profiling. This is a critical capability of CIAM and those who use it well are who I am enticed to spend with. They make me feel like I am having a personal shopper experience as opposed to avoiding eye contact with a carnival barker. Plus it greatly enhances the efficiency of the marketing spend.
Security and sock puppets do not mix
I love having conversations with other security professionals, and shows like this give you that opportunity in spades. However, I am always amazed at the difference between who someone’s badge says they are versus who they actually are. Sixty per cent of the people I had conversations with on the expo floor were wearing a badge that either misrepresented their company or misrepresented their names, sometimes both. The reasons varied from “my friend let me use his pass for a bit” to “I am doing competitive intel and don’t want company x to know who I really am”. While neither of these examples are major crimes, it does pose two major problems. First, the brands on the show floor spend real money to be there with the expectation of obtaining contact information of potential buyers. If the information on the badge is wrong, so is the value of that interaction and spend. Second, it is quite possible that information could be shared with a prospective customer on a show floor well before something is public information. Leaks like this have a real cost in the market. The organizers of this event should have absolutely leveraged some stronger validation of attendees in order to protect the IP and marketing investments of their exhibitors.
This gap can also appear in the digital marketplace. Without appropriate strong authentication and fraud detection in front of websites and applications, both the brand and the customer can lose. At best, brands can waste money marketing to ‘sock puppet’ accounts and customers will get emails about products they are not interested in. At worst, there is a significant risk of brand reputational damage as well as fraud costs. This is why continuous authentication is such a critical need in a modern CIAM approach.
Whisper to a scream
There are a lot of potential solution buyers, partners and investors roaming around RSA and everywhere you look there are lots of side conversations. I spent a good portion of my event time driving conversations like this. I also must admit I spend a good amount of time watching for who else is having side conversations with whom. Why is my competitor speaking with Company X? Why is my System Integrator spending so much time with Company Z? As a human being, I am naturally curious. I would argue that the lack of privacy in a crowded event like this reduces the value of attending. Why would I want to telegraph my every strategic conversation to the rest of the market? I would have been a happier attendee (and likely would have spent more to come) if I had been given some choices of higher privacy options like a few hours of meeting pod times or even a badge that did not show my details but was still accurate for scanners. As it is today, the only control over your privacy is to not come to the show. Self-service and transparent privacy controls are also critical in the CIAM world. Not only are these needed to satisfy GDPR and CCPA but they are increasingly important in how customers choose which web properties to engage with. A well-established trade show can afford to be slow in adopting this approach, but a website cannot. It is very easy to choose to engage with another brand that actually values your privacy.
In conclusion, RSA was the same hot mess that it always is. Every year I tell myself it will be my last visit, who knows when it will be true. I do know that I would be much less likely to search for reasons not to go if they implemented some of the basic principles of CIAM. I think the show organizers have forgotten that the people attending the show are CUSTOMERS and need to be treated as such. Don’t make the same mistake for your brand.