SSE: What They Won’t Tell You (But I Will)

Welcome to my latest blog series where I provide an insider's perspective on SSE (security service edge) adoption in the enterprise and commercial segments. Why? Glad you asked.

The algorithm of a popular professional networking site (I’ll let you guess which one) recently served up a prompt, asking me for my thoughts. "A vendor's software demo falls short of your enterprise needs. How do you respond?" 

I responded—even though I'm a vendor (take that, AI).

The demo is just the beginning. Now say it back.

For as many commonalities as enterprises share, they have just as many differences, so deployments will always require customizations. It’s a learning process for both SSE vendors and potential buyers. The demo is just the beginning of that process, where both parties have the opportunity to learn more about each other and begin to understand what success could look like. 

All that to say, a demo with gaps or even some misses is not the end of the world. In fact, it’s the first chance to improve the product—and the outcome. 

So here’s my totally biased but very experienced advice for SSE buyers in the demo stage of their buying cycle.

Uh oh—you haven’t identified all your requirements

In many ways, the demo stage is almost more work for buyers. You must effectively communicate your needs, goals and expectations, and ask all the right questions. Easy, right? (Points deducted from anyone nodding.) 

But too many arrive at demo day with a fledgling understanding of their actual must-haves, limitations or desired outcomes. Identifying these requirements beforehand can tip the scales and define a positive trajectory for the relationship. 

A few key factors will make it a whole lot easier.

Embrace the mess

The truth is, cloud transformation is messy—and the bigger you are, the messier it is. My top tip? Embrace the mess (and make sure your SSE vendor is a willing participant).

Your journey to the cloud will be a collaboration with your vendor, whether you want it to be or not. Along the way, you will discover new problems that will require engineering problem solving, and your ability to succeed depends on this collaboration extending past the point that your check clears. And if your vendor is not up to this task, you will be one of the many organizations who end their journey with a different vendor than the one they started with.

Get everyone on board

Integral to this collaboration is your stakeholders. Preparing stakeholders to embrace a messy, fail-forward approach is paramount to your success. Hey, I never said this was easy. But nothing worth doing is ever easy. 

Anticipate the need for, and acquire, top-down support for your transformation. You may be the driver, but everyone will contribute. The compliance team is likely needed to offer up some exceptions, and the endpoint team may be helping with a few more agent deployments than they would prefer. But get their buy-in and support (you'll need it).

Sprint to your MVP with blinders on

This might sound obvious, but I can’t tell you how many relationships have withered on the vine because of it. Make sure you have clearly defined the MVP (minimum viable product), and that everyone is driving towards it. Be careful not to scope creep yourself into blowing past your deadline for frivolous pursuits. There's always a shiny roadmap item just around the corner. Don't chase it if it’s not necessary to achieve the MVP. 

My advice: Sprint to your MVP with blinders on. Get the transformation win against the MVP definition of success. Your board of directors probably doesn’t care about a few oopsies, but they definitely care about avoiding a seven-figure renewal of the incumbent technology that you are about to throw away. 

Take the win, then iterate your way to the shiny objects. Say it with me: Decide, adopt, optimize. In that order. 

Vendors, listen up

Vendors, this one’s for you. That first demo is a chance to display your willingness to really listen to customer needs and execute the SDLC (or “software development lifecycle” for anyone without brain space left to untangle acronyms). And this ongoing cycle of listening and improving continues through deployment and beyond, because of course, not all requirements will be fully understood on Day 1. You're the other half of this collaboration and have to give just as much as you're getting for long-term success.

Part 2 is coming your way

I’m just getting started, so stay tuned for the second installment of this three-part series! In the meantime, check out the Roadmap to Security Service Edge infographic which offers a look into the kind of protections you might need in your journey to SSE. 

Register to our accompanying webinar 'SSE: What They Won’t Tell You (But We Will)'