Saturday, September 18, 2021

The regrettable features you have to do

Sometimes as a product manager you get a feature request that’s fun and challenging and moves your company forward. Then there’s requests that just make you feel like a sad clown: stuff that doesn’t fit your plan at all. It’s hard work to ignore the nay-sayers and make a new thing. The product team and engineering have worked together to create a different and better approach to a class of problems… Congratulations! But there’s features you may need to build even though you don’t want to.

Compromise between your product differentiation and market fit comes in three flavors: legitimate needs that you hadn’t recognized or accounted for, design culture that you’re hoping to change, and technology designs that you don’t address.

A legit need might be regulatory compliance that your design doesn’t account for well, or a use case where you were too optimistic about your solution’s fit. This feature request is legitimate, and the regrettable part is wholly on you and your team. You have to find a way to solve it or accept a limit on who you can sell to. That story is beyond the scope of this post.

But design culture… here you’re trying to change behavior. You think your product has a better answer, and you need customers to take a leap of faith. If you have an interesting idea you’ll probably be able to find early adopters, but these customer have a lot on the line. It’s only natural that they want the safety of familiarity or a backup plan, and you may need to offer a bridge feature

Lastly, technology design choices are anything but simple: some design domains just aren’t good fits, or aren’t within your company’s scope. Another source of compromise is design fashion. Ideas cycle in and out of fashion as the memory of failure fades. This can mean surges of industry excitement about concepts that you don’t personally agree with. Always begin with questioning your own assumptions, because conditions do change. Sometimes the idea that fizzled last time or the time before succeeds in the next iteration.

No matter what you think of design fashion, it’s not likely that you’ll be able to refuse to play the game. Your company is on the competitive field, and you have to have a response, or else your response is going to be whatever your sales people think of. So, research the problem space and ask what has changed. If there is new opportunity and you can capitalize on it, this isn’t a regrettable feature. That story is also beyond the scope of this post. But if you do your research and you don’t see how this time is any different, then you need to find an answer which minimizes investment while maximizing information return. 

That is the same regrettable feature answer as when the idea in question is not new fashion at all, but just not a good fit: a concept that your company doesn’t and/or won’t play in. If it’s not a good fit, then you shouldn’t build it, but you can’t ignore everything that isn’t a good fit.

So, regrettable features: bridges from old patterns to new, fashionable experiments, and requirements you don’t want to or can’t satisfy. What can be done by partnering, adding content, or remarketing what you already have?

Partnership can take a couple of flavors:  total outsource of the problem to a chosen vendor, or meeting the community at an interface. The total outsource is least effort on your part, but it only works if the partner is a de facto winner in the space. You don’t make success by stacking failures together. So if that obvious winner hasn’t taken all, you need to make a clear interface that treats them all the same. Set your terms, define your boundaries, pick a couple of partners to go to market with, and see what happens. You’ve got a feature, but it’s stripped to the minimum.

Adding content is another option for vendors who have a strong enough boundary between platform and content. If you have a community of customers, field engineers, and pro service partners building content, then you can solve problems without engineering and support contracts. This approach arguably has a limited shelf life because some customers will push back on the unsupported nature of roll-your-own or second party content. That point can be far in the future though, and you’ll certainly get some real world data about what customers want.

Remarketing is the toughest option, saved for last; only the very lucky vendors can shake the puzzle box and get a better picture. But if you can package your components differently to resolve a problem, it's a lot faster to do that work with legal and sales ops now instead of after engineering is done.

Saturday, September 4, 2021

Capitalizing and Operating a Software Business

“As I have noted in the past, this is why the venture capital model that was developed to support silicon so seamlessly switched to supporting software: both entail huge up-front costs to produce zero marginal cost goods, which means capped downside and theoretically infinite upside.” That Ben Thompson quote is from a non-public newsletter, but here's a similar public post.

"The most common high level concepts associated with lean product development are: 1, Creation of re-usable knowledge. Knowledge is created and maintained so that it can be leveraged for successive products or iterations." Lean product development - Wikipedia 

I particularly like the table on that page which, breaks products into needed, wanted, and wished for.

  1. A needed product has a broad requirement which is stable and commoditized
  2. A wanted product has a specialist requirement with future potential for a wider range of markets
  3. A wished for product has an unrealized requirement, needing to be introduced to market 

The concept of a modern, lean software business is to iterate development and improve product market fit until you have satisficed every market you can reach. 

Customers are trained to expect this as well. When you buy subscription model access to a software thing, you expect that thing to evolve and improve, right? Even if it’s commoditized, if you’re paying monthly you expect benefit for that recurring bite. Even if your vendor seems to follow a model closer to that of a car lease, there are still new models every couple of quarters and strong pressures to upgrade into those releases.

With the possible exception of accidental outcomes from failed acquisitions or private equity conversions, there are few places where enterprise software truly reaches “finished” and stops development. If people are still assigned to the product and people are still using it, which is to say if the product matters at all: then developers are receiving customer input and itching to fix things. Even if feature development does completely stop, bugs are impossible to prevent or detect perfectly. Additionally, the complexity of real world usage makes bug discovery and resulting impacts unpredictable. Therefore, any software thing a vendor is still taking support subscription money for has some level of ongoing maintenance requirement. A vendor that ignores this requirement is taking a risk.

This means the pivot from value creation to value extraction which the VC driven portion of the software industry (e.g. all of it) expects is sort of broken, right? Well, not exactly... but the model is not perfect either. The key is to think about that chip factory. It isn’t actually free to operate: regardless of the mystic processes that go into making sand into computational power, there are all the obvious inputs of any physical plant. Electricity, water, materials, people and their safety and comfort requirements, not to mention salaries. So there are ongoing costs, of course, it’s just that those costs are dwarfed by the profits of providing in-demand chips. Cost-benefit ratio is so good that it might as well be zero once the plant’s spin up costs are recovered. Similarly, the cost of keeping Milton in the basement working on product maintenance is negligible if the recurring revenue is high enough.

The goal is to keep costs linear while making revenues exponential. If you can do that, you fit the VC model and are a good bet. If you look like you can do that for a while, but can’t, you may still fit the bubble economy model because there’s a sucker born every minute. If you can’t do either, you probably won’t get funded by a VC.

Event Suppression Sucks

I’ve always hated the concept of event suppression in security products.

Let’s start with some definitions of suppression, and where better than product documentation?

There’s two common reasons for this feature:

The first: “I don't want to see this thing in my console of actionable items because I don't have the time, knowledge, perspective, or priority to do anything with it right now.” There is nothing inaccurate in this behavior, but suppressed alerts are a mismatched solution to this problem. A better answer is multi-level event generation. The system should recognize that some events are not worthy of human attention. Low importance events should go into a statistical model or an audit log, not an analyst’s workbench. The further left (earlier) in the event creation and processing pipeline this happens, the better. This design results in better performance and scalability, which means more signal, less noise per dollar spent. Suppressing generated events at the end of the pipeline is wasteful design that throttles the system’s capacity.

The second is “This rule is wrong and I can't edit it, but I need to get rid of its alerts.” This situation is tougher because it’s where internal or external regulations are driving behaviors. The rule book says to generate alerts no one is going to look at, so we do. The proper answer is still multi level alerts. “Proper” in this case means most efficiently using human and compute time. However, vendor and customer will also need to explain and negotiate with the rule-quoting gatekeepers in order to demonstrate that the rules are not broken. Sending less important events into a separate channel is functionally no different than suppression, but the effect is far more efficient because the separate channel isn’t indexed for rapid and continuous human access. Instrument that channel and monitor it as a production service and you’re good to disable event generation from incorrect or non-actionable rules.

There is a sub-form of that second reason: the analysts don’t have permission to edit rules to fix them or change event generation. “I don’t want to look at this but I can’t stop it so suppression is the answer.”  Maybe this is product immaturity, maybe it’s organizational failure, but it’s still a problem to fix. As a vendor, if your product supports a better option that your customers won’t use, you’ve got a customer input collection tour to do. This is a case where technology can’t solve a people problem (Edwards’ Law), so it needs person to person communication and possibly a professional services engagement. Customers who can adjust to the better model will be more effective and efficient than those who don’t, but you may still need to offer support to those who can’t. The design job therefore is to discourage suppression without preventing it.

Security is full of whataboutism, but most of the desired data  is really low value — so pass it into a low value, low cost pipeline. Don’t leave it clogging up your SOC.