Courion Corporation

Forget about available budget dollars…customers don’t have an IT budget! (And maybe that is a good thing)

Many years ago when Courion introduced self-service to the identity management market, I used the Automated Teller Machine as an analogy to explain the concept and value.  The ATM, I explained, succeeded so dramatically because it embedded security policy in a business process - enabling that business process to move faster and at a lower cost.  Security was improved, yes - but under the covers (by removing people from the process).  The ATM succeeded in changing the nature of banking because it delivered service that was faster and easier for customers at a lower cost to banks.

In today's economy, the business lesson of the ATM is more relevant than ever.  Last week Courion held its 7^th Annual Customer Conference, CONVERGE 09, at which we brought together over 110 CIO's, CISO's, security managers and IAM experts to discuss how to turn today's challenges into opportunities.  During my keynote I commented that Courion was seeing that customers weren't just challenged by having fewer budget dollars, many essentially had no IT budget at all.  As I looked out at the audience, I saw a sea of vigorously nodding heads.

Now, I don't mean that there isn't IT spending.  Courion has been fortunate to see continued growth in this difficult time, so we know that there is spending.  The issue is that organizations' financial executives have their fingers so directly on spending that it doesn't matter whether there was a plan or an IT budget approved at an earlier date.  The IT budget is in essence approved piecemeal when the financial executives feel confident to spend money based on a combination of the organization's and the general market's performance.  One Fortune 1000 CISO told me that his organization re-forecasts the entire company's budget monthly!

The implication of this trend is that customers are fighting every day to get spending approved.  Customers are reporting that they have to get confirmation of approval for a project repeatedly- at conception, prior to RFP, prior to Proof of Concept, prior to negotiating contracts, and prior to signing those negotiated contracts.

It is unclear how long this will last, however security executives are beginning to understand and adapt to this fundamental change in financial management process.  For example, some customers have asked Courion to fully negotiate a contract even though funding has not been approved.  This way, the documents can be signed the day funding is approved without letting even one day of the market's performance impact confirmation of approval to spend.

Perhaps the most important adaptation is that customers are laser-focused on how to deliver measurable business value, not just security value, by automating access governance, provisioning and compliance (what we now call Access Assurance).  They are coming back to the lesson of the ATM and focusing on how to help their businesses move faster at a lower operational cost - not just deliver improved security.  They aren't selling security insurance.  Instead they realize, as the CIO of a global 2000 manufacturer told me recently, "the business has no patience for us unless we tell them what we are going to do for them."

As a result, customers are looking for security software vendors who are willing to engage them to build a plan to deliver real business value.  They are willing to open up their financial and accounting processes to trusted business partners to build business cases that detail improved business agility and cost savings that are both comprehensive and believable.  Business cases to which they and the trusted partner are willing to be held accountable.  Some customers have even built - and delivered on - self-funding projects.

If this trend is the outcome of today's challenges, perhaps not having an IT budget is a good thing after all.