Total Immersion

A while back, I remember seeing a sketch by Eddie Izzard. The detail eludes me but roughly speaking it covered the cyclic nature of being cool. One could progress from totally uncool, to slightly cool, to cool, to - put one matchstick in the corner of the mouth - very cool, to - put another matchstick in the other corner - totally uncool again.

So it is with technology-related PR, and nowhere is this more starkly illustrated than in the press releases associated with IT security. I have written about how hard it can be to incite a sometimes apathetic audience into action about very real threats; equally, many IT managers will agree how difficult it can be to get funding for security-related purchases. IT security companies have a vested interest in both of these issues: they are obviously not working altruistically. However, in my experience the majority nonetheless do want to deliver value to their clients.

Such desires may be reflected in IT security PR, which often needs not only to explain what a company does, but also why it matters. Frankly, when a “bad thing” is reported in the media it can be gift for any company that offers products in that area – but what to do when there is no bad news to piggyback on? The answer is to put out awareness-raising press releases, to augment the more standard ‘customer win’, ‘expands in Europe’, ‘new partnership’ fodder. It is here, just as with Eddie Izzard’s sketch, that we find the line which should probably not be crossed.

What are the different kinds of press releases? I would grade them into four categories:

· Best practice activity. A vendor may have put together a set of guidelines explaining how to deal with an issue. While it is a fair assumption that it may reference their product or service, it may also contain some sound advice. Press releases saying that a vendor has documented some best practice are little more than treading water in PR terms, but they are innocuous enough.

· Publicising research findings. A security vendor may conduct a study to highlight the scale of a given problem. This is useful when although the area is known about, there is general complacency that the issue has already been dealt with, or that it only happens to other people. Indeed, this is often the kind of activity that we get called in to help with – anonymous surveys may be the best way to talk about an issue that nobody is supposed to have.

· General awareness raising. These tend to be more educational, to highlight that a problem or threat really does exist. A good example of this would be PR surrounding man in the middle attacks, which are a valid candidate for awareness raising. The only downside is that sometimes such press releases assume the audience knows what is being talked about, which is more than a little counterproductive.

· Publicising specific examples of where things have gone wrong. This is probably the worst kind of awareness raising press release. At best, it draws attention to an example of where the threat has been realised, or malpractice has been found in that, “I told you so,” kind of way. At worst, it can only be construed as ambulance chasing, using some unfortunate soul who has found themselves wanting, and attempting to bask in the reflected publicity.

Don’t get me wrong. In general, I like receiving press releases. I may not read all of them, end to end, but I am not embarrassed to admit that I cannot keep on top of everything that is going on, all the time. So, if I am told about a threat that I did not know existed, nor indeed, a product which in some way can resolve that threat, I can add this to my catalogue of knowledge. Equally, however, I make no bones about the fact that I detest ‘ambulance chasing’ press releases. While I concede that it can be useful to use such incidents as examples, they should be used as no more than a passing mention to support any of the other kinds of awareness raising. Consider the difference in the following two statements:

· “The HMFE were foolish, and should get their act together,” said Charlie Farley, vice president of security firm Ultrasecurix. “By using technologies such as ours, it would never have happened in the first place.”

· “Ultrasecurix would like to announce the latest iteration of our product. “It has been redesigned from the ground up to deal with the latest generation of threats,” says Charlie Farley. The many features include… which enable comprehensive protection. “Situations such as those am highlighted at the HMFE only serve to highlight how things are changing and the need to stay vigilant.”

OK, the latter requires the company to have actually done something, which should maybe be the prerequisite in the first place. If, however, you feel the need to put out awareness raising press releases, remember the first three kinds before settling on the fourth. The bottom line is, if you can’t be constructive and add value in the first few paragraphs, then please don’t bother at all.

These are indeed “interesting times” to be an influencer of any form, not least as we see the democratisation of influence - interestingly, not a term that has yet been adopted particularly widely. It is a timeless truth that every human being has an opinion, which is expressed more or less willingly; what has changed is the mode of expression, the Internet providing a voice louder even than the loudest rock band in the universe.

Whether or not this is a welcome change is a moot point, particularly for organisations who have made their money controlling the flow of such expression, such as news organisations and, indeed, industry analysts. The fact is that the guy in the bar now has global reach, and the rest of the world has to deal with that fact.

To the point - what can we learn as industry analysts? To me it’s simple - our role and privilege is to spend time learning about what is going on, and to draw insightful conclusions that can then be fed back for the common good. While many may have time to think about aspects, it is a rare luxury to be able to do this as a career, without the distractions of what many would consider to be a real job. We’re standing on the shoulders of giants - one set of insights and conclusions serve as inputs to the next level of analysis, and thus can we all move forward.

So, I don’t feel in any way threatened by these developments; rather, I revel in the fact that the number of fire hydrants to drink from is increasing. Welcome indeed, for example, to the vendor analyst relations blogs such as those from Carter and Skip; or indeed AR professionals like Jonny and David, and all the rest (I said it was like a fire hydrant!). I would love to say we have a monopoly on how things are evolving but the truth of the matter is that nobody does, so all help as we evolve our services into the future is gratefully received.

In the future, then, we shall continue in our role as aggregators of opinion and behaviour, and offer our findings back to the community in the way we do now. It’s an eminently scalable model, and for now we believe, adaptable to what the wonderful world of influence throws our way.