Sage Conversations: 'My Customers are Not Interested in Strategy or Business'

June 19, 2012
Get involved early in client discussions to avoid losing out on a specification

I’ve heard this from many integrators attempting to elevate client conversations. It suggests one or more of the following:

  1. The Wrong Time (Their client is in execution mode): They need to deliver on projects with pre-defined schedules and the integrator is attempting a higher-level discussion at the wrong time
  2. The Wrong Person (Their client’s role is not strategic): The integrator is dealing with a manager focused solely on operational execution.
  3. The Wrong Organization (The security leader and the organization are not aligned with the business): Security is not part of the strategic and operational fabric of the organization.
  4. The Wrong Integrator (The integrator is not seen as strategic): They have not earned the right to join in a strategic discussion with senior executives.

Let me address each one of these.

  1. The Wrong Time: Many integrators are brought in when specifications are already written. It is difficult for them to challenge the assumptions made in the spec. Challenges to ‘assumptions’ may lead to the integrator being eliminated from future discussions or the project. The pat answer is getting the integrator involved at the beginning.
  2. The Wrong Person: Many integrators establish a relationship with the ‘user’; the security manager responsible for day-to-day operations. These professionals, either due to performance metrics or inability to understand their organization’s business, can’t engage at the strategic level.
  3. The Wrong Organization: Some organizations don’t understand how to use security to drive value or mitigate risk. It takes a unique integrator to help them leverage and exploit the value of security.
  4. The Wrong Integrator: Integrators rarely take time or incur the investment needed to truly understand the market and business risk factors that drive value and create inefficiencies. Because of this, they become a disconnected agent in the security value stream.

What is your process for overcoming these obstacles? I’ll offer some approaches in the next column.