Your Smartphone is Showing: The Mobile Threat Exposure

Phones - They're What Hackers Crave

We love our phones. We stare deeply into glowing rectangles at every opportunity. We love messenger apps. We love free Wi-Fi and expect businesses to offer it. We might love a friendly P2P game, or playing Internet radio over the Bluetooth system in a rental car. We love the idea of paying for just about anything from an app rather than fumbling for money.

Don’t think this love affair has gone unnoticed. Cybercriminals increasingly want to come between us and our phones. And who can blame them? With as much as 75% of US Internet traffic coming from mobile devices, that is where the most valuable data -- and the money -- is moving. Why would they stick to hacking standard computers?

You might think your mobile device is rather secure. Indeed, it does have some design advantages over PCs and servers, where most of the security and antivirus activity has focused to date. Unlike conventional computers, smartphones have much of their operation handled at the hardware and firmware level, they have memory but not hard drives, they have a leaner OS … but they are still fully functional, powerful computing devices on their own, with enough sophistication and constant change happening to leave doors open for hackers. 

Looking at the most recent Symantec ISTR report (Dec 2016) which is rich in security stats, while most forms of email phishing and web attacks show rather stagnant growth or decline, new mobile malware variants jumped by 214%. Expect this growth trend to continue, as mobile devices have become the new cyber attack surface of choice.

MDM, EMM and BYOD

Around 2011 as smartphones were joining the mainstream, we started seeing huge investments driving a new class of vendors supporting secure mobility -- companies like Airwatch (now vmware airwatch) and MobileIron. Citrix, CA and Blackberry began expanding their corporate security and mobility initiatives to include BYOD (bring-your-own-device) management.

The main thrust of these MDM (Mobile Device Management) or EMM (Enterprise Mobility Management) solutions was the ability to manage multiple employee devices and the apps on them to improve compliance with corporate standards, which should lead to safer usage behaviors and lower mobile data costs.

For instance, the MDM system can require you to set or reset a phone password before you can access company email. It might put all of the required “corporate” apps in a controlled folder, and prevent a user from installing non-approved apps, playing huge media files over the air, or pop up a warning if they connect to an unknown network. It could remotely wipe the data from a phone if it gets compromised, lost or stolen.

Not all control and security functions are available to MDM software, especially in a BYOD scenario. Several countries have regulations against companies accessing private data on an employee’s personal device. Even if a privacy mandate doesn’t apply in your region, you run the risk of ticking off your entire workforce if the corporate HQ imposes heavy-handed demands on their phones. More than half of employees surveyed by Bitglass said they would refuse a corporate MDM install on their personal devices because of privacy concerns. (Kind of easy to say if your current job isn’t riding on such a requirement though!)

Through the glass: The mobile attack surface

Note that while all of the above capabilities contribute to device security, they are not specifically addressing all of the exploits that can happen on smartphones at a device, network and application layer. 

These exploits can be stupidly simple - sending an email or text message with a bad link to ask the user to enter their password or account number -- yes, it still works occasionally. Or quite beautifully sophisticated, for instance loading an SMS image in the preview window that executes remote code and quietly establishes root control of the device without alerting the user in any way -- see the infamous Stagefright exploit discovered on Android (now patched but the hole is still there on many phones).

Some adware and malware providers have taken to creating realistic, but unsanctioned third-party app stores outside of Google Play and Apple App Store. Popular game titles like Pokemon Go and retail apps on these sites look like the real thing, but they might be sending more of your personal data to unknown locations than you’d like.  

The quantity of new threats to mobile devices is increasing at a rate of more than 2x every six months. If you read the latest TrendLabs 2016 Mobile Threat Report, you get an immediate picture of how fast-moving these exploits can be. Once hackers have used a novel Day 0 exploit and it is identified and patched, they are moving on to the next one. Right now, ransomware is one of the hottest growth areas -- attackers remotely encrypt or “lock up” the data on your device, then demand a payment to restore it. Hopefully you backed it up! No guarantees you’ll ever see your data again if you do pay.

Exploits delivered to your door by MTD

You need to have something on the device that can protect against these advanced new threats, and that’s where a new class of Mobile Threat Defense (MTD) tools come in. Some of the bigger players in security such as Symantec, Trend Micro and Intel have recently bought or delivered new solutions geared for endpoint security, but a lot of the excitement in this space is around newer, more MTD-specialized firms such as Zimperium, Lookout and Skycure.

Basically an MTD solution has three components: 

1. Some kind of app running on the device that should detect a possible threat.

2. Some kind of cloud-based service for gathering alerts and threat data for reporting, and updating devices with the latest exploit definitions. 

3. Some way of taking action to remediate the threat and reduce its impact.

For threat detection, some tools employ a technique called “sandboxing” which is basically a way to maintain surveillance of the device from a cloud based service, then have the application step in if an offending message or potential malware is detected to remediate the threat.  Another way is to have an on-device detection and self-service remediation app installed, which uses the cloud service only for reporting and updates of threat definitions back to the phone. This approach offers some user data privacy advantages and still works without an Internet connection.

You know how a Trojan horse or worm can “weaponize” a computer or device and use it to spread itself across a network? What’s cool about today’s MTD solutions is how the detection capability can turn millions of immunized devices into early warning defense beacons and sources of data on mobile attack vectors. If a known or unknown cyber attack starts becoming detected in a certain region or exploiting a specific device/OS/app/network combination, that gets filtered back to the lab, where security researchers can define the exploit, determine workarounds, and even alert OS and device manufacturers and the global security community, if necessary.

You can’t patch mobile security complacency

Despite software innovation and collaboration among mobile network operators (MNOs), device manufacturers and international standards groups, don’t get your hopes up that we’re about to become threat-free anytime soon. A recent Ponemon Institute study on mobile cyberattacks says 60% of respondents have already experienced some kind of security breach due to mobile attacks. Enterprises know they are vulnerable to mobile attacks, but many seem to lack the wherewithal to do much to prevent them.

To make the problem more confounding, that recent Symantec report mentions that as many as 85 percent of corporate data breaches go unreported, a rapid increase from just 2014 when more than half were reported. Less costly to sweep embarrassing security lapses under the rug and hope they aren’t noticed for a couple quarters?

You would think CIOs and CISOs would be looking beyond the standard network security perimeter, firewalls, anti-virus and email filtering stuff and investing to get ahead of this attack vector, but no: the latest Gartner Predicts 2017 report on Endpoint Mobile Security estimated that by 2019, only 25% of mobile-ready enterprises will deploy mobile threat defense capabilities on enterprise-issued mobile devices. That's company equipment, not bring-your-own.

Clearly, complacency is the greatest threat to mobile security, and it will likely require a few more high profile mobile attacks in the headlines to change that. Until then, watch your phones.

Digital Discrimination Automation: Avoiding Legal and Ethical Barriers

Today we are seeing virtually every industry being transformed by new digital business models, but in some instances this transformation can include an unwelcome side effect: digital discrimination

It’s just targeted advertising… 

A former colleague recently shared a Slashdot article that caught my attention about targeted advertising on Facebook that allows advertisements to be filtered based on “race preference.” The sheer volume and volatility of comments on this post attest to how controversial this topic is.

From the point of view of a marketer, of course, I always want any advertisement I pay for to reach the ideal audience with maximum efficiency. There is not an inherent problem with advertising a product tailored to meet the needs of a specific ethnicity, or religion, or gender or sexual preference. Nor is it a problem to advertise in a publication or site that caters to a niche audience.

This practice breaks down when you are targeting ads across a broader public network (i.e. Facebook, Google, LinkedIn, Twitter, etc.) and you somehow exclude individuals based on the above demographics for things like mortgages, housing or jobs that would likely have very strong equal access protections in these United States and elsewhere.

The Atlanta Black Star news site did a great job demonstrating how Facebook advertisements targeting on race can create a clear path for discrimination in practice. Can the consequences for inappropriate advertisement targeting be left up to the ad buyer alone? Maybe for specific business categories where equal opportunity laws are in place, Facebook should put in the guard rails and disallow some of these advertising controls.

Update as of Nov 11: Facebook will disable race-based targeting for specific industries - housing, employment, credit (via the Verge).

We’re just focusing on selecting the right customers …

A practice known as “redlining” is not uncommon in the financial and insurance business. Basically, an institution can assess the suitability of a customer for a loan by looking at the location of current and past residences, job and credit references, and other factors. Though the applicants that don't make the cut may not specifically defined by race, a level of discrimination can result.

The increased prevalence of social media and public data sources is a two-edged sword for redlining practices. Powerful big data analytics tools can be applied to better monitor and guard against discriminatory practices, but they can also encourage discrimination through certain types of filtering. 

In a 2013 study in the Proceedings of the National Academy of Sciences (PNAS), “Private Traits and Attributes Are Predictable from Digital Records of Human Behavior,” scientists from the University of Cambridge and Microsoft Research were able to combine data on Facebook “Likes” and limited survey information to determine the following: They could accurately predict a user’s sexual orientation 88% of the time for men and 75% for women; predict a user’s ethnic origin (95%) and gender (93%) with a high degree of accuracy; and predict whether a user was Christian or Muslim (82%), a Democrat or Republican (85%), or used alcohol, drugs or cigarettes (between 65% and 75%), or was in a relationship (67%).

If I’m selling a big-ticket item like jumbo jets, that’s handled by sales professionals who directly call on a handful of named, qualified buyers out there. The customer selection process is still 99% manual, and deals are closed face-to-face.

Now look at any digital marketing model worth its salt and you will find it includes a much higher degree of targeted advertising, personalization and 1-on-1 nurturing to cultivate exactly the right customers.  Especially when it comes to B2C business models, a laser focus is too expensive to sustain on a personal basis – you need the assistance of a lot of data and automation at every step of the customer journey to capture and service demand at scale. Advanced marketing and sales systems are a frontier where the ethical and legal aspects of discrimination will be debated.

The Sharing Economy, or the Selfish one?

When it comes to the economy of ride-sharing and home-sharing, the presence of personal bias can get played out on a platform-wide level.

Big city taxi drivers have long been famous for not picking up riders based on race (the Lenny Kravitz tune “Mister Cab Driver”  comes to mind here). With ride sharing systems like Uber or Lyft, a driver can either refuse or cancel a ride – perhaps based on the rider’s profile picture, or name. Even if the platform does not promote discrimination, it can make it a lot easier for a seller or sharer to do so.

A recent study of 1,500 rides in Boston and Seattle on the services showed that African American males were three times as likely to have their rides canceled, and on average wait for rides 30% longer than white males. 

For their part, Uber has responded by saying they are always looking for ways to improve their performance and implement features to reduce it. In the long run, there could be less discrimination than the analog version of having a taxi pass someone by on the street, because the platform can monitor usage patterns to discipline the “bad actors” who unfairly drop rides.

On the house-sharing side, Airbnb has made strides to get ahead of selection bias issues. Their response to fair housing complaints, even if considered a little late by some, was well thought out and sent to all users. They are putting more training and agreements in place for hosts, encouraging more instant booking units, and proactively following up on guest discrimination complaints with assistance finding alternative accommodations.

“…  We are all committed to doing everything we can to help eliminate all forms of unlawful bias, discrimination, and intolerance from our platform. We want to promote a culture within the Airbnb community—hosts, guests and people just considering whether to use our platform—that goes above and beyond mere compliance."
 -- Excerpt from Airbnb’s Non-Discrimination Policy as of November 2016 

I travel a lot, and especially on family trips, I probably use peer-based rentals slightly more than conventional hotels by now. I have noticed far fewer Airbnb properties in less populated or remote areas, where the demand for temporary quarters is much less elastic. Since a vacation destination is usually booked well in advance, most of these guys stick to systems like VRBO/HomeAway. While these sites also have policies, your booking request is often just that: a request, waiting for seller approval – and the property owner may have stricter cancellation policies, and settle an advance prepayment off-system.

An off-site approval and transaction process seems to push the liability for discrimination out to the property owner rather than having selection bias played out in the platform itself. I can’t say that this approach is any less discriminatory, in fact it also forgoes the instant gratification everyone expects of a digital customer experience.

blueFug Net: What should you do about it?

I believe the issue of digital discrimination is just starting to get the attention it deserves, and it will likely grow in importance for any business that sells or brokers goods and services to the public. Here’s three ways to get ahead of it for starters:

  1. Conduct a discriminatory audit. Examine the end-to-end customer journey in your company. Where are you left open to discrimination issues? Are you in compliance for the communities/countries you do business in? If such a group exists, make this a regular part of a risk management or security group’s purview. Consult a civil rights oriented attorney for advice if you do not have such a specialist on retainer.
  2. Look for biased usage patterns in your solution, and address potential discrimination issues at both the platform and the execution level. Simply changing some wording or selection buttons in a user interface will not eliminate discrimination in practice. Examine the outcomes of customer interactions over time to ensure they are not trending in a direction that suggests discrimination.
  3. Align your digital transformation toward inclusion, not exclusion. Everyone in your organization, as well as your business partners and vendors, has the potential to be a model citizen, or a bad actor as a representative of your company. Get broad agreement to this alignment, perhaps conduct anti-bias training. Everyone can make an impact on bringing diversity and fairness to the overall digital customer experience, even if they operate behind the scenes.

Communities and governments develop and enact laws to limit discrimination for good reason. Just because a Silicon Valley-style industry disruption is under way in your neck of the woods doesn’t mean you can ignore the scrutiny a conventional business would face in the communities it operates in.

Indeed, the posted sign saying “We reserve the right to refuse service to anyone” you might see in a restaurant or bar won’t take you far in the digital realm, especially if you leverage a platform that automates or facilitates discrimination at scale. Outrage travels fast – and bad publicity, legal problems, lost business and forced resignations can quickly follow. Best to get ahead of digital discrimination before it gets ahead of you.


Need on-point technology marketing strategy and messaging that clarifies value and cuts through the fog of competitor claims? Contact blueFug Ventures today and find out how we can partner with you.


Podcast: How to Build a Content Marketing Strategy

You can now say you knew me when I appeared in the first season of @thescottking's "The Scott King Show" which is a podcast for CMOs and technology marketers. Scott and I had a great run at ITKO LISA for 5 years before we were acquired by CA in 2011 where we became part of the Service Virtualization/Application Delivery group. Largely operating as a two-man attack team, we had to find ways to create awareness and leads with very limited resources and budget in those days. I believe we executed phenomenally and took down some seemingly indestructible giant robots.

Take a listen here on Scott's site, or play the feed below, it won't cost you anything:

The Scott King Show - How to Build a Content Marketing Strategy - Jason English


If there's one thing I forgot to mention in here, it was "Use Every Part of the Content Buffalo" to paraphrase a Native American saying about not being wasteful. I kind of touched on this idea, but one of the best practices of content marketing is writing down impressions and observations before, during and after any kind of campaign, program, event or news.  I guess I'll write my own separate blog on that aspect, now that I think of it.

Any case this series must be a great idea, because I kind of wish I did it first. Scott's show has an all-star lineup of technology marketing thought leaders lined up for his episodes -- and a few more interesting guests from other fields.

Scott's podcast is also a subscription on Apple Podcasts so that means I'm really big time now for being a featured guest. 


What I Learned From My Survey About Surveys

You might have seen my very serious invitation about taking a marketing survey about marketing surveys recently. Since I have a lot of connections and friends involved in some form of technology marketing or analysis, I figured the results might be of interest to my audience. Here’s what I learned.

Most people are sick and tired of surveys. But that doesn’t mean they aren’t useful.

I shared the survey invite ONLY through social media – if you average out my number of friends on Facebook, contacts on LinkedIn, and followers of @bluefug on Twitter, removing duplicates that’s about 1600 unique individuals. I didn’t want to trouble my immediate contacts with the survey with an email in this case, though it would be the best practice for a survey if it served a business or research purpose.

Out of all that social media I got … drumroll … 10 survey responses. 

That said, on Twitter I saw 25 retweets and likes, and dozens more likes and shares on LinkedIn and Facebook, just because a Survey of Surveys is kind of funny. I even heard from voke analyst and proper research survey guru Theresa Lanowitz that this idea was “very Seinfeldesque, like a coffee table book about coffee table books.”

So it wasn't taken seriously, but from an attention perspective, not bad. Let’s get into the results…

Go ahead and thumb through the slides above. Here's some of my takeaways from this exercise:

  1. Marketers large and small are still running a lot of surveys. I was surprised that 80% of the subjects reported running 2 or more surveys in a given year. Now, about half of these might be customer satisfaction surveys, which is a little more indirect but still an outcome often supported by marketing.
  2. We are cheapskates. We prefer free promotion of a survey over paid advertising and rewards. The leading methods of inviting people to take surveys are a simple blog post (70%), followed by social media and direct emails from the company's reps at (60%). And the leading incentive  to participate is a free copy of the report (at 60%). Also 70% of the audience said they had zero budget set aside for these activities.
  3. By far, the number one challenge with surveys is that you never seem to get enough responses (70%). I'm right there with all of you on that! You could pay for more responses rather than being a cheapskate about the survey, but what value would paid responses add in some cases? In previous gigs, if I could get sales, customer support and our own email list working, I would push for at least 100, ideally 200 responses to get a statistically relevant field.
  4. Reported response rate to invitations and especially survey completion rates are a little higher than I expected, with 80% of marketers saying they get a 5% or higher rate of response. And 60% say they get 25% or better click-to-completion. Both of those questions, I assumed they would be rated on the low side.

Maybe this is a positive note for the good old marketing survey -- it doesn't seem to be going away anytime soon. If you can craft it carefully enough to be valuable research, and promote it personally and directly to a larger sample, you can still get a lot out of it. No matter what tools and methods you use for surveys, use them right, respect everyone's time in participating, and make sure to use every part of the awareness, data and conclusions you can draw from peer and customer input throughout your campaigns.

Question #6. This result was perhaps the most accurate one of the day.

Checking in on CA’s Continuous Transformation

When I heard about the CA DevOps and Cloud Forum regional event here in Seattle, I decided this would be a great opportunity to stop by the EMP museum and hear about the state of continuous delivery from CA Technologies, their customers and Forrester analysts, and maybe catch a little of the Star Trek exhibit.

CA is continuing with its brand mantra of Digital Transformation, and advancing that on June 15 they recently announced an Open Ecosystem for Continuous Delivery that incorporates their product suite, along with containerization (Docker), CI (Jenkins, etc.) other common tools (JIRA, git, etc.), as well as cloud service providers that can host elements of the solution.

“DevOps is the new factory driving business transformation” said Kieran Taylor, CA’s product marketing head for the division. Rather than focus on known disruptors like AirBnB and Uber, Taylor presented several customer examples of more established companies like GE, Nike and Bosch that are building innovative practices such as deep analytics and IoT devices through better automation and more nimble release timelines.

The solutions map is quite broad now – encompassing their well-established CA Release Automation (formerly Nolio), Service Virtualization (ITKO LISA from my alma mater), API management (formerly Layer7) and Application Performance Management solutions, as well as the more recently named solutions of CA Test Data Manager (formerly Grid-Tools TDM), CA Agile Requirements Designer and Agile Management (formerly Rally), and a Mobile Cloud for building/testing mobile apps.

Stephen Feloney, CA’s product management VP for the unit, described how the new Continuous Delivery toolchain is not just about deploying faster, but automating testing with test data and services across every phase of the SDLC to avoid risk. “94% of executives face pressure to release faster, but you can’t claim ‘Assume the Risk’ as a badge of courage if automated testing is not built into every release.”

Forrester analyst Milan Hanson framed the current market for more agile development. “Simply driving IT costs down is no longer the top priority – 68% of companies now rate customer experience (CX) highly.” Success in CX is measured not just by satisfying customers with business technology, but through growth delivered by delighting customers.

The need for speed in delivering applications customers want can negatively impact customer experience.  “Many companies are basically doing faster releases, with QA in production, atop constantly changing environments that are hard to replicate.” Even if faster releases are done as quick canary deployments with rollback capability, that can lead to costly customer losses, and demoralizing extended-hour break-fix exercises and war room scenarios for IT teams.

Then Forrester presented some TEI (Total Economic Impact) studies they conducted with a sampling of several large deployed customers using CA’s TDM, service virtualization and release automation solutions. [Reports available lower on the release page here.]

The payback on these ranged from 3-6 months from implementation, with 3-year ROIs ranging from 292% to 389% per solution. Release automation reduced deployment times by as much as 20X, and the use of service virtualization and test data management created some equally astounding results – saving 640 developer hours per release, finding more than 150 defects in earlier phases…

Man, I have been either marketing or writing about software for a long time, and have never seen a major analyst present those kinds of numbers for me. The results make sense though, when you visit the customers who have fully embraced and championed the value of these solutions for their SDLC.

My favorite part of the program was a customer Q&A which could have used more time on the agenda, in my opinion. Practitioners from a major state healthcare payer, and the online automotive service AutoTrader.com fielded questions from CA and the audience.

Adam Mills of AutoTrader said they used to spend 2 weeks out of every 6 week test cycle waiting for environments to be ready, and now they are not only out of that game, they are doing some cool what-if testing scenarios, including something like NetFlix’s famous “Chaos Monkey” project.

“We Set up ‘Chaos as a Service’ to simulate the behavior of systems working improperly in our testing – slow performance, no response, multiple responses, garbled data,” said Mills. “We immediately found we were breaking things like error handling that you can’t test without generating that kind of data. We get a lot of benefit from testing what third parties might do. Now that we can simulate whatever we want – it’s a lot of fun.”

A post-session reception was perched in the fantastic little Blue Lounge atop the EMP theater room. Looking at some APM demos and talking to some of their current and potential customers there, I definitely felt the presence of a “chicken or the egg” dilemma for established IT shops in prioritizing which aspects of their software delivery toolchain to modernize first.

One thing is for sure. All established companies are struggling with test environments, and the time it takes to get them provisioned well at each phase. Should they start with a move to cloud-based labs or containers, or by making the assets themselves leaner and more repeatable with test data management and virtual services? Should more performance and test insight be embedded into the software itself so real-time feedback occurs and problems are found earlier? All I can say is yes – start somewhere! 


blueFug Announces 10,000X Growth in Q2 2016

Garners New Clients in Launching Technology Marketing Advisory Business

SEATTLE, Wash. – Despite an unpredictable environment for technology-related startups and venture capital, Seattle-area technology marketing advisory firm blueFug Ventures managed to increase revenues ten-thousand-fold in the second quarter of 2016.

“At this unprecedented growth rate, we are poised to dominate the market for IT services by the year 2020,” said a spokesperson for the company. The estimated global budget for IT-related services is $2.5 trillion, according to estimates1.

“10,000X? What does that even mean?” said Jason English, CXO of blueFug Ventures. “We have just removed the above spokesperson, as that kind of hyperbole is not what we are about here at blueFug.”

Seriously, however, blueFug offers software and technology companies three targeted services to augment their existing marketing efforts:

  • Thought Leadership, which promotes the client’s expertise in their own domain.
  • Customer Marketing, which promotes knowledge sharing and advances made by the client’s customers.
  • Media Awareness, which enhances the public relations and social media campaigns of the company with rich content.
  • “Technology companies with great products and smart people in place can still use a fresh perspective in getting their message simplified, targeted and heard in today’s crowded marketplace,” said English. “Our primary goal is to help clients find their voice so that marketing messages are reaching impact with the right potential customers.”

    Capacity for more select clients is still available. Due to having only one employee at this time, bottom-line expenses remain low, allowing blueFug to fly under the radar of VC and PE interest in the space and avoid IPO rumors.

    “I did pay $30 to park in downtown Seattle to visit a client, paid $8 for a special cold-brew nitro coffee, then got a $45 parking ticket just for coming back to my car 2 minutes too late,” said English. “That made a dent.”

    “You do not have permission to use a quote from us in your press release,” said someone at a leading analyst firm.

    1. IDC “Worldwide Small and Medium-Sized Business 2014–2018 Forecast"

    Marketers: Take the Ultimate Survey of All Surveys Ever

    In digital marketing, the good old market survey (or, MkSurvey™) remains one of the staples of our business. While surveys can become very useful research assets that add value for you and your customers, they can also be unproductive or a minor nuisance when overdone or improperly conducted. A survey on surveys? Let's do this.

    Take the quick 10-question survey yourself, and invite your marketing colleagues (or any peer involved in surveys like these) to join our study group.

    Take the survey survey now.

    As it turns out, I know a lot of technology marketers. And I hope you share the survey with your friends to make the results even better. By the end of the month, let's get enough response to have a useful study on surveys that answers the question:

    Are surveys useful tools for technology marketing, or have they seen better days?


    “When in doubt, run a survey.” - Fake Ben Franklin

    [Image from wikicommons: http://www.npg.si.edu/exh/brush/ben.htm {{PD-US}}]

    The Reverse Iceberg of Technology Marketing Part 1: Extreme Forces

    Marketing in support of any complex technology is an inherently unstable proposition. Competition relentlessly drives innovation, and that need for innovation will drive change in how you position and sell your solution.

    As your company evolves and adjusts to market pressures and growing expectations, it is a safe bet that your marketing strategy and message will be revisited early and often. Here’s a simple model for negotiating this level of change. 

    I’m sure you’ve seen the “tip of the iceberg” metaphor used to represent how the part you can see above the surface (i.e. your personal appearance, or the company image), is dwarfed by the underlying chunk of ice that carries a lot more weight (examples here).

    While this metaphor is fine for many purposes, I’d like to propose a reverse iceberg platform for technology marketing that is inherently unstable. In an environment where you are often only as good as your last release, marketing loses much of the inertia underpinning the business itself. Even well-established brands are subject to being “flipped” out of the market – half of the S&P 500 Index companies are likely to be replaced in the next 10 years, if estimates hold up.

    Basic Reverse Iceberg of technology marketing concept. 

    Let’s say your marketing message is a cute seal, riding on a fresh chunk of ice, broken off of the permanent shelf it once frolicked upon. If you are that seal, you should not lean your ice sheet too far forward (speculation), nor attempt to inhibit change by leaning too far back (convention).

    To survive on this platform, your message must not only be differentiated and fit your brand, it must continuously avoid the two extremes of speculation and convention as it moves forward on the current, to avoid being toppled.

    I liked comparing the surface to ice, rather than a surfboard or boat, because it takes into account the “slippery slope” effect of not being able to reverse course if you get too far out of balance. 


    How do these extreme forces play out in messaging your technology?

    Speculation. This is commonly referred to as “getting ahead of yourself” or “being out over your skis,” and chances are you’ve already seen enough high-profile examples of this in action. It is natural to want to aggressively go to market in response to perceived threats or opportunities, but leaning too far forward can accelerate a problem for a company that cannot meet demand.

    For instance, let’s say you are running a massive ad campaign to announce a product launch, without the necessary support on your site or service to handle the increase in traffic. Or, your sales teams are delivering a message – invented in PowerPoint – around product features that are not yet delivered or proven by customers.

    • Problems: High inconsistency of message, high risk of failure, poor customer experience, loss of credibility, inability to capitalize on interest or demand, fast customer churn
    • Solutions: Try evolutionary vs. revolutionary changes, soft launch or graduated release, be more selective about target customers, run advance beta or survey programs, recruit customer or expert validation, track customer value as a success metric, go deeper

    Convention. The risk in this conservative approach to messaging is often much harder to detect until it is too late, as it happens over a period of time. Even very large companies can scarcely afford to stand still, as dominant players can suffer the “death of a thousand bites” of nimbler companies that are not only doing specific work better, but targeting messages to specific customer needs more accurately.

    Overly conventional marketing focuses on message parity – what industry peers, analysts and competitors are already talking about, rather than expressing a unique point of view and direction. While it is counterproductive to attempt to forge a totally unique message every time, your message does need to demonstrate that you are evolving, thinking, and actively participating in the exchange that drives your market. 

    Don’t be jealous about allowing your experts to evangelize innovative ideas, either – if the topics are worth discussing, they are not as proprietary or as permanent as you may think. Remember that if you don’t express market-leading ideas, chances are someone else will.

    • Problems: Becoming irrelevant to the market, slow content production, undifferentiated or boring messaging, teams and customers do not resonate with the message, competition appears to be more advanced
    • Solutions: Commit to a thought leadership perspective, encourage customers and peers to join the conversation, participate in communities, focus on openness, avoid jealousy, go higher

    You might say all of the above should be common sense advice, but it is surprisingly easy for companies to fall prey to the extreme forces of speculation and convention, given the competitive nature and high rate of change inherent in marketing technology. Fortunately, these extreme forces have gentler counterparts you can use to keep your messaging in equilibrium: experimentation and evaluation. We will take a look at these balancing forces in a future installment on the reverse iceberg messaging topic.


    A love letter from Cloud to Service Virtualization

    [I originally wrote this one for a Parasoft roundup and Valentine's Day theme on Service Virtualization if you want to see the original post, but it is certainly entertaining enough to share here!]

    Dear Service Virtualization,

    Hey, I know it’s been a while since we started being “a thing.” When we met, everyone said you were just mocking, and that I wasn’t real enough to make a living, with my head in the clouds. Yet, here we are, a few years later.

    Service Virtualization, you complete me.

    As a young Dev/Test Cloud, I always wanted to try new things. And what better use for Cloud than experimenting with software for startup companies? I was flexible, I thought I had the capacity to handle anything. I’d stay up all night studying or partying, but sometimes I’d crash. So what if some college kid’s cloud-based photo-sharing site experiment goes down? It wasn’t going to impact anyone’s life.

    But when it came to serious business, there was always something missing. What was I going to make of myself? Who could trust their future to me, and develop things that really matter in the cloud? Clearly I didn’t have everything I needed – I was lacking certain critical systems and data, and it was preventing me from maturing. But you came along and together, we changed all that.

    One thing I’ve learned is that I don’t always have to handle everything by myself. A dev/test cloud environment is not just a place to store and run VMs for application work—it needs the same clustering, network settings, load balancers, security and domain/IP control as you have in production. I can handle a lot, for sure.

    But there are certain items developers and testers need that don’t image so well. Like a secure data source that should be obscured due to HIPAA regulations, or a mainframe system the app needs to talk to, but would be unwieldy to represent in a Cloud like me. That’s when I say Service Virtualization makes every day a great day.more

    We’ve come a long way since then, and we’ve handled increasingly serious challenges. Simulating some very complex interaction models between systems, and deploying those into a robust cloud environment of real VMs and virtual services that can be copied, shared and stamped out at will across teams. We work together so well, we can practically finish each other’s sentences.

    Hard to believe all this started less than 10 years ago. Here’s to us, Dev/Test Cloud and Service Virtualization standing the test of time. Now let’s go make some history together.

    Yours faithfully,

    Cloudy

    Welcome to the blueFug blog

    You know what they say about the cobbler's kids having holes in their shoes. It's hard to work on your own material when you often become busy with work for other customers.

    I do have a lot to say here.

    Hopefully, my own blueFug blog will have good shoes and keep going steady. Expect to find my latest musings on technology trends, B2B startups, customer and user engagement -- and of course, a little beer-to-beer review and music commentary here. I'll also post a few oldies but goodies from the near and distant past here for your reading enjoyment.

    Cheers, and your commentary and feedback on any topic you'd like to see me cover is welcomed.