Problem solve Get help with specific problems with your technologies, process and projects.

What value do research firms provide to their subscribing enterprises?

What benefit do research firms provide to their subscribers, and how can subscribers get the most benefit from the research firm's analysis? Security management expert Mike Rothman weighs in.

Mike, I know you're an independent analyst so you may have a bias, but what do you think about the value that research firms provide to enterprises that subscribe to their services? Generally speaking, is it worth the money, and are there top-of-mind things we should be looking for or asking when we interview research firms?
Yes, I absolutely have a bias about the value that research firms bring to the table. To be clear, however, much of the burden on end users is in utilizing the research to help make better decisions. In my travels, I've seen three general categories of research customers:
  • The first is the "CYA" crowd. These are people looking to cover their backsides for decisions they want to make. They've done their homework, they know what they want to do, and they are looking for the name-brand research firm to validate their decisions so senior management will let them move forward.
  • The second group is lazy. These people don't want to do any work, so they look to the research firm to tell them exactly what to do. They look at the quadrant reports and call the vendors in the top-right corner. To be clear, the research firms definitely frown upon this use of their research, but it happens every day.
  • The third category includes those that are looking to get smarter and use the research firm as a broad and long educational process on a certain topic. Clearly every company is different, but most published research tends to be generic.

Depending on which category an organization falls into, what it needs out of a research company will differ. As a CYA, the big brand name is important. For someone in group two, i.e. looking to get out of work, then the brand name usually suffices, but there are a number of smaller specialists that do deep technical and architectural work.

For someone in the third group, most of the research firms will do a decent job because the process is run by the enterprise. The enterprise security officer can direct the analysts to give the needed information and then verify decisions as he or she learns more about the topic.

And yes, I think it's worth the money -- as long as the buyers are educated and actually use the information they purchase to make good decisions and take positive action toward building a better security program.

More information:

This was last published in September 2008

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.