What value do research firms provide to their subscribing enterprises?

What value do research firms provide to their subscribing enterprises?

Mike, I know you're an independent analyst so you may have a bias, but what do you think about the value that research firms provide to enterprises that subscribe to their services? Generally speaking, is it worth the money, and are there top-of-mind things we should be looking for or asking when we interview research firms?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Yes, I absolutely have a bias about the value that research firms bring to the table. To be clear, however, much of the burden on end users is in utilizing the research to help make better decisions. In my travels, I've seen three general categories of research customers:
  • The first is the "CYA" crowd. These are people looking to cover their backsides for decisions they want to make. They've done their homework, they know what they want to do, and they are looking for the name-brand research firm to validate their decisions so senior management will let them move forward.
  • The second group is lazy. These people don't want to do any work, so they look to the research firm to tell them exactly what to do. They look at the quadrant reports and call the vendors in the top-right corner. To be clear, the research firms definitely frown upon this use of their research, but it happens every day.
  • The third category includes those that are looking to get smarter and use the research firm as a broad and long educational process on a certain topic. Clearly every company is different, but most published research tends to be generic.

Depending on which category an organization falls into, what it needs out of a research company will differ. As a CYA, the big brand name is important. For someone in group two, i.e. looking to get out of work, then the brand name usually suffices, but there are a number of smaller specialists that do deep technical and architectural work.

For someone in the third group, most of the research firms will do a decent job because the process is run by the enterprise. The enterprise security officer can direct the analysts to give the needed information and then verify decisions as he or she learns more about the topic.

And yes, I think it's worth the money -- as long as the buyers are educated and actually use the information they purchase to make good decisions and take positive action toward building a better security program.

More information:

This was first published in September 2008