May 25, 2012

Posts Comments

CRM Idol: We’re through being cool

We're through being cool.

Brick Street was a contestant in CRM Idol and the judges said we are “uncool.” They are exactly right. We are not cool. We are an enterprise software company.

The company was “founded” in 2008 when we acquired our products and customer base from KANA. This is the reverse of how most companies get started. Since we had to focus initially on building an organization to satisfy existing customers, we couldn’t worry about our value proposition for new customers.

CRM Idol changed all that. The process of preparing for the judging panel gave us an opportunity to evaluate our position, and to clarify our strategy and messaging. In taking a critical look at the company in 2011, we saw:

  • A massively scalable messaging platform that supports email, SMS, mobile push notifications, and emerging social platforms.
  • An organization and product architecture optimized for enterprise
    customers and enterprise deployments.
  • A marquee customer base in financial services and
    telecommunications.

Once we saw that, our strategy and messaging became clear: laser focus on enterprise customers. With a product and organization optimized for large enterprises, we would be crazy to compete with the hundreds of companies chasing the SMB market. Since we’re privately held, we can focus on long-term partnerships with our customers, and we’ll generally do anything that is not illegal or immoral to make our customers happy and successful. If we sound like a vendor you can work with, I hope you will give us a call or send us an email. If you buy our software, we’ll throw in a copy of Devo’s Greatest Hits and I’ll sing one of the songs into your voice mail.

Alternatives to Low Security ESPs

If you cannot accept the occasional security breach, what is the alternative to ESPs?

On 1 April 2011, Epsilon disclosed that they had suffered a security breach and that a “subset” of their clients’ customer data had been exposed.

  • Several experts observed that this breach will lead to a rash of targeted spear phishing attacks: since the attackers got customer databases from several brands, they should now be able correlate your behavior across these databases.
  • People within the email marketing industry are generally calling for restraint. Email Service Providers (ESPs) are all vulnerable to these attacks and the Epsilon breach is just the latest in a series of data security breaches at SaaS vendors.

If you start looking, you quickly find that these breaches occur with depressing regularity. As Laura Atkins points out, the problem is systemic in the ESP industry:

“ESPs do not have sufficient security in place to prevent hackers from getting into their systems and stealing their customers’ data.”

If you compare ESPs with banks, the approach to security is night and day. Banks generally don’t have these kinds of security breaches, while they are all too common among SaaS vendors. The ESPs might claim that their security is comparable to a bank, but that is empty posturing because they could never afford it.

So if you cannot accept the occasional security breach, what is the alternative to ESPs? The main alternative is to bring email marketing in-house, so that your data never leaves your premises. On-premise applications generally do not suffer from the security problems that seem to plague SaaS vendors. A case in point is that our Connect application has been running in-house at large B2C marketers for nearly 10 years and has never suffered a security breach.

There are two reasons for this track record.

  • One reason is the Connect architecture. In Connect, the customer database is kept in a secure subnet and is never exposed to the public internet. The work of sending messages and handling results is done by workers deployed in an exposed subnet. ESPs typically cannot use this kind of architecture because they have to provide access to their clients on the public internet.
  • However, the main reason for Connect’s security track record is our customers: they care deeply about data security and don’t trust anyone but themselves to do it right.

Our prediction is that the top brands will re-evaluate their decision to do business with ESPs and many will decide to move the function in house, especially in financial services. If you decide to outsource and compete with a brand that has an in-house ESP, you may eventually be stuck with damage control after the next breach, while your competitor takes market share.