I was recently perusing data from Gartner Peer Insights on content services platforms (CSPs) when I noticed something surprising near the bottom of the priority list. “Content security” was hovering there near the bottom of the list of end-user reported priorities. It was in either #12 or #15 out of 15 priorities that could be selected depending on which time frame I looked at.
It is hard to imagine a content platform owner that would say security is not important, so why does security rate so low?
Indeed, security is a prominent feature on nearly all RFPs and is often weighted quite heavily. This finding is validated by conversations with vendors who have touted their security as a key selling point and wonder why prospective customers do not seem to engage on that topic as much as anticipated.
This seems to be an example of where a low rating means “overlooked” or “taken for granted” rather than being an explicit statement that something is bad or unnecessary.
Here is why:
- Buyers consider it a “given” or “table stakes”. Of course security is important, but it is assumed no product could exist with bad security, so the other features are much more important as differentiating vendors.
- Buyers don’t know what to ask or how to rate. This can be seen in evaluations that simply ask “tell us about your security” or list a bunch of standards that may not even be applicable.
- Buyers outsource security considerations to the security team. Buyers of CSPs are experts in how the content will be created and consumed by the business. They are not security experts. In fact, they are often happy to have specialists in security handling those issues. If the surveys were taken by security personnel I’m sure security would rate at the top, but they don’t own the CSP.
What should CSP vendors do about a feature that seems simultaneously critical and an afterthought? As with all messaging, the key is to understand your audience. And in this case there are two: the CSP buyer and their security team. Product marketers need to use the primary messaging, which will be targeted at CSP buyers, to describe security in terms that those buyers will understand. That includes how the end user is engaged with security protocols and what their user experience will be. Then you also need to prepare separate in-depth messaging for the security professional that will be brought in during the process.
And product leaders need to invest more in security than buyer interest would sometimes dictate. For security-minded buyers, content security will weigh heavily into the conversion. And even for less security-minded buyers, content security is a consideration factor – you won’t even get on the shortlist without a good security reputation.