The cybersecurity market began with long sales cycles, difficult-to-deploy solutions, and unfriendly user experiences. Then next-gen players introduced AI, automation, and cloud-native solutions. Today, a modern approach built around ease of use, open APIs and integrations, and intuitive workflows defines Gen-3 cybersecurity, says Kunal Agarwal, founder of dope.security.
Enterprise cybersecurity revolves around solutions – how can a company protect itself from attackers and solve use cases that afflict them? From detecting if malware has already taken over an endpoint, preventing web access to malicious websites or personal Gmail, to enforcing single sign-on, cybersecurity has a set of must-have controls for any organization.
One constant through the last decades is that implementing cybersecurity has been a bit of a pain – it’s labor intensive, requires tool-specific training, and always involves vendor back & forth. This is the Gen 1 of cybersecurity, with on-prem solutions requiring almost a Ph.D. in the product to get it up and running. The must-have products had to be sold with professional services as time passed. They almost always required a sales engineer to help implement and be the translator behind bad or non-existent documentation.
Much of the problem rests on the on-prem architecture and legacy mindsets of Gen 1 vendors. Over the past decade, the rise of Gen 2 occurred with Crowdstrike and SentinelOne leading the charge. The multi-month deployment process turned into a multi-tenant cloud architecture that required no dedicated hardware. Suppose there was a small bug in the admin console. In that case, customers could expect a resolution in 3 months without any effort on their part, rather than waiting one year for the release and the added customer effort to upgrade their cybersecurity software manually.
In the meantime, Gen 1 vendors have tried to lift and shift to the cloud and some catch-up innovations. However, because these are still built with that same mentality and legacy backbone, it’s still difficult to deploy, not seamlessly integrated, and have a mountain of tech debt under the hood.
Things have gotten better, but vendors still need an army of humans to sell and deploy software, and admins spent countless hours setting it up – it’s a poor customer experience.
Enter Gen 3
Gen 3 products are born in the trenches of customer issues and complaints. From simple questions on how to use a product to longstanding six-month defects, the engineering and product teams are tired of having issue-prone products. After all, how can you be proud of something that constantly breaks in a customer environment? Something that ultimately is going to be complained about by the end-user employee?
The center of gravity has shifted to user experience. And, it’s not just pretty UIs; it comes down to thinking at every step of the way about ensuring the customer won’t have to reach out to support, and there won’t be any manual work someone has to do.
Take a simple example: logging into an admin console.
All Gen 1 & 2 cybersecurity products have login and tenant creation processes. This presents issues such as:
- What if an admin forgets their password?
- What if the initial email was incorrect in provisioning?
- What about 2FA?
These are *manual* resolutions at large “enterprise” cybersecurity companies. You might have to contact another admin at your company or submit a support request to the vendor. It’s possible that 2FA isn’t implemented in the product by default, so now you have to decide your onboarding process. Trying to implement SAML? Wait, that costs extra…
How much easier could we make this if you could instantly log in using your Microsoft 365 or Google Workspace account? No extra fees and no hassle.
This example shows how a Gen 1/2 cybersecurity company can still have an awful UX to achieve something as simple as getting secure access to the console. As you move deeper into the product, such areas seep into all aspects of the end-to-end effort to use technology.
See More: Top 7 Cybersecurity Trends CISOs Must Watch Closely
Ease of Use and Deployment
The difference in focus here has to start at the very beginning when choosing to try the product. Acquiring a typical legacy cybersecurity system would involve a web form request to sales, discovery calls, multiple demos, and meetings before you can evaluate the technology. It’s easily a 4-6 week process.
In contrast, the refocus of Gen 3 to fix customer issues aims to remove any barrier to entry. This method is similar to Product-Led Growth (PLG), enabling the end user to trial your product to help establish the value proposition instantly. The fact is that most security professionals can handle an administration console just fine.
PLG enables the customer to access the real-time POC through a self-serve model, allowing a frictionless way to engage with the product. It’s not necessarily a bottoms-up approach: you would never expect an employee to self-install the technology. However, at the minimum, a CISO or Security Architect can gain confidence and familiarity without involving a sales or PM.
By removing the month to access a product, trust in the product and company increases, all while putting the customers’ needs at the forefront.
The First Class Experience
Much of this is easier said than done. As one can imagine, every team member must have experience at the ground level on what can go wrong and where the time churn occurs with customer issues. But, the most important component of building a Gen 3 cybersecurity is the mentality.
It’s common to see defects and support issues sit for months in the ether, never to be fixed, especially at big companies. They’re difficult but not impossible to fix, and it comes down to the PM and Engineering Leader’s willingness to get the customer issues resolved. It’s never at the executive level.
This constitutes a natural progression to Gen 3: the focus on the experience. Whether a customer is worth hundreds of thousands a year or has 10-15 users, the key is ensuring a seamless experience. When they have an issue, help get it resolved! The team is putting their signature on the product that it is of high quality and defect-free (as far as we have seen).
That pride in what’s been built, combined with humility to ensure customer issues are fixed, is the basis for a better first-class experience overall.
How do you think Gen 3 is making cybersecurity user-friendly? Share with us on Facebook, Twitter, and LinkedIn.
