SecureStore: A Bundle By Any Other Name Still Smells Of Marketing
Written by Evan SchumanWhy do vendors—including some top-notch vendors—insist on taking something very good and trying to make it into something it’s not? Why bother? It’s as though the need to hype was some prenatal attribute their genes absorbed when their mothers saw too many used car commercials.
We’re used to these sorts of stunts from Oracle and SAP, but this week it was IBM with its SecureStore rollout. IBM has for years done excellent work with security products and consulting. And product bundling—especially when part of the bundle is services such as consulting and custom integration—is a perfectly respectable strategy that can be quite useful to end-users.
But IBM on Wednesday (Oct. 1) announced a very nice bundle of its security offerings while going out of its way to deny that it was a bundle, as though a bundle was somehow tainted and beneath the company. An E-mail blast sent to reporters said: "IBM this week is announcing an ambitious new technology offering called ‘SecureStore,’ which is designed to protect consumers and retailers from these crime groups this holiday season and beyond. This first-of-a-kind offering marries physical and electronic security technology—everything from surveillance cameras to product-tracking technology to database protection systems—to lock down all aspects of the retail ecosystem."
*Sigh.* As Sahir Anand, a senior retail analyst with the Aberdeen Group, said bluntly: "There’s nothing new there. They already have a complete security package."
Josh Corman, the principle security strategist at IBM ISS, said SecureStore was more than a bundle, but he couldn’t name any element of it that couldn’t have been purchased from IBM many months ago. He also said that a key advantage was lower cost for retailers, but he declined to give any pricing or even pricing ranges. It’s hard to make a compelling argument on price if you won’t talk dollars.
That all said, someone at IBM has got the right idea. Despite this silly hype that marketing has imposed on it, IBM is right in trying to combine its tons of disconnected security elements—from protection, assessment, compliance and repairs—into one package.
But as Oracle is discovering with Fusion, a bundle is little more than a convenience until programming can truly get all of the pieces to talk to each so efficiently that true new functionality and capabilities emerge. This is what I was hoping IBM would argue for SecureStore; alas, it didn’t happen.
Multiple systems—especially in security—that sit next to each other but share little other than a billing address are recipes for creating security cracks, where forbidden data can slip in and so too can a crafty cyberthief.
But generating a seamless tapestry with no gaps is not merely more secure. Sometimes creative combinations can yield new capabilities. One major retailer, for example, has fully integrated its video surveillance system with its POS.
What’s the point? The retailer can now search POS transactions and see synched security video of that transaction. It can search, for example, for all transactions of fewer than $5 and see if the video shows a customer buying a lot of merchandise and apparently giving the cashier a lot more than $5. (For this particular chain, many of the items are not barcoded.) It also works in reverse, with someone scanning video always seeing—low on the screen—the associated POS transaction details, where such a transaction happened.
That chain isn’t alone, but it illustrates how creativity can move integration from a mere convenience to a true advantage. It’s sort of like moving from a mere product bundle to something truly different.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
