So, ‘tis the season for all things
Pumpkin-Spiced; from coffee, to pet shampoo, to Cheerio’s, to well, you get the
picture. It has become one of the many jokes of the internet and it getting
more prevalent every year. In thinking about this phenomenon, I immediately
thought about how this could apply to cyber security and it didn’t really take
very long to make the correlation.
The Pumpkin-Spiced phenomenon was born out of
the seasonal events of Halloween and Thanksgiving in an attempt to “spice
things up” a bit in order to boost sales of various products. And while there
really aren’t too many seasonal event’s in cyber security (not including the
increased malspam campaigns around Christmas and Tax season), the general principle
of let’s “spices things up” still applies. After all, take the Pumpkin-Spiced
away and the coffee is still just coffee, likewise, if you take away all of the
blinky lights, buzzwords and the snazzy dashboards, security products are still
just security products. So if the coffee was bad before it was “spiced up”, then
you just have flavored bad coffee and the same goes for security products. In
other words, if your product is not good at the core, then no matter what you
add to it to make it more appealing, you still just have a bad product.
I believe that in the security industry, we
understand this better than others as we have to deal with security products every
day, usually the choice of these products being well beyond our control, so we
end up with Pumpkin-Spiced tools that might look great in presentation, but
normally fall well short in actual functionality. Thus when we see the next new
Pumpkin-Spiced whatever, palms immediately go to faces.
This is the real world of marketing that we all
face every day, in every aspects of our lives. It might be fine for coffee and various
other personal products, because we have a choice in those matters, but in the
marketing of security products, this could mean the difference between better
security with a solid product or less security with a mediocre product that
looks impressive to management.
So as much as this is a mild hit-piece on the
marketing of Pumpkin-Spiced everything to the masses, it’s more of a call for rational
marketing when it comes to security products. I know marketing will never go
away, but I implore security vendors to concentrate on making strong products
first and let the marketing come second. You’ll be surprised at the difference
this will make, as the marketing of a really great product will come much
easier, without the need for the meaningless splash of Pumpkin-Spice.
