Collaborating with customers is key - a timely reminder from Splunk

Profile picture for user mbanks By Martin Banks May 1, 2020
Learning from customers what it is that you need to learn as a vendor - Splunk customers make the point.

(via Pixabay)

Technology vendors have to truly learn to start working with customers to understand and meet their needs, rather than just deliver technology to their doorstep.  This was the view of the future set out by Jim Hanlon, Splunk’s  Director of Security Strategy, speaking at the company’s pre-lockdown London conference:

We have talked about it for a few years, I think we forgot about it. As most salespeople and finance people decided that profit was king, and we would just have to squeeze margins, squeeze your team's, squeeze the customers in the legacy world, people would sign contracts. But now the customer has access to all sorts of data on the internet so they can find things out for themselves. They can shop around, they can work out where a better deal would be available in the subscription economy.

What Hanlon sees now in customers is their flexibility, and the ability to use it. All power has shifted and vendors need to learn that customers can simply walk away. As a result it is time that vendors learn that they really do have to look after their customers long past the time they have made a sale:

What I really hope is that this means we will start moving business towards caring about people and individuals. Customers are people you're connecting with, individuals you're working and collaborating with. And you need to do that internally with your teams as well. I think the power of the customer will ultimately drive us towards a much more people-oriented environment, inside and outside of business.

Speaking during one of the events panel sessions, Hanlon went on to stress that tech businesses should not see customers as just assets of the company. Instead, staff should work to ensure that senior management understand the need to build community and collaboration between technology vendors and their customers, with everyone working together towards a common goal.

The new monarchy of the customer

This theme was taken further by Kellie Lucas, author of the book `The Customer Success Pioneer’, who suggested an elevation to the status of monarchy. It is time to understand that the customers are the Kings and Queens of the business relationship now:

We talked about it a few years ago, but I think we forgot about it, as most sales people and finance people decided that profit was king and we just had to squeeze margins, squeeze your teams, squeeze the customers. But now customers have access to all sorts of data on the internet so they can shop around and work out where a better deal would be available in the subscription economy.

That economy is now giving customers both flexibility and choice, and these in turn give them the power to simply walk away.

So you really have to look after customers. She also stressed that this need to work ‘with’ extends internally ‘within’ a business as well. There is a need to take the same approach with teams inside the business, and indeed a need to build a far more people-oriented environment both inside an outside every business.

Lucas was asked how, within the strictures of an organization, does that organization empower those individuals and make them feel liberated enough to take more direct action themselves:

It shouldn't be about seeing the customer being an asset to the company. Actually be honest with your executive level, or any of your other teams for that matter; Everything should be about community and collaboration, everybody working together towards a common cause. That's to go back to the origin of the organisation's definition. It is bringing together people working towards a common cause. And I think that's what we should do. We've been creating silos.

What the users are doing

The event also featured a number of potted case studies to give the delegates a taster of what might be possible for them.

For example Mitchell Nova, the Head of Digital Operation at Lloyds Bank, outlined what must be a common problem for many large businesses – achieving the scale needed to cover all the Bank’s operations. This includes 21,000 logins per minute as the typical start point, with customers visiting the site online 288 times a year on average, whereas they now visit branches only four times a year.

The operations structure is now changing, he said, with the need to add in open banking services and greater use of the cloud. Splunk, he said, plays an important part in all areas of the business, particularly as it moves from the old centralised and spoke and hub models it has traditionally used to an open, multiple units model.

Nova also contributed to the customers-as-driver mantra that was the underlying conference theme. A particular issue for Lloyds Bank is when customers expect too much from the technology available and seek services that would cost too much to provide for them. His example was customers using very old iPhones, running equally old copies of i/OS, and not realising that as such they are expecting a lot to be able to work with the latest services from the bank. While the bank has to work out where the point of compromise is when it comes to the investment required to provide new services that work on old kit. As Nova put it:

We have learned that it is customers that define what it is the bank needs to learn.

The Bank of England’s Head of its Security Operations Centre, Jonathan Pagett, may well be already familiar to diginomica readers, having talked with us before about the Banks’ use of Splunk in  the building of its SOC 2.0 Security Operations Centre  (SOC) back in 2018. Since then things have moved on, and the Centre is now transmogrifying into SOC 3.0.

This development is allowing the Centre to divide its resources into five threat-related areas: intelligence, Splunk search, test criteria, triage actions, and response actions. It also provides four levels of defence that can be used. These are: human triage and response, human response, human oversight, and fully automated defence and remediation.

Pagett’s next target is to work out how to identify and predict the precursors of an attack through analysis of the many years’ worth of data  that the bank has available, with the objective of being able to intervene before an attack takes place, using automated services.

During the move from SOC 2.0 to SOC 3.0 he said that the Centre had learned some important lessons:

Think about the operating model first, not the technology. You must not be driven by technology. And aim for continual improvement – if you are not developing new ways of detecting attacks, your monitoring is getting worse. So build a proportionate SOC based on what the business needs the SOC to achieve.

Craig Gilliver, the Head of Security Operations at Johnson Matthey, a long-established manufacturing company, with a long list of brands and businesses to its name, took delegates through the company’s need to create a security environment that could be managed from a single pane of glass, while at the same providing good security service across one of the most diverse environments around, with a mixture ranging from recent cloud environments through a diverse legacy systems. They went with a SaaS solution, mainly because of the amount of data that needed to be ingested across the different environments.

Phase one was to build out a small foundational layer to cover the different environments and put in a vulnerability management programme. This also included implementing a small number of use cases. Phase two, which is being built out now, will see the number of use cases both expanded and prioritised, and mapped back into the attack framework.

Gilliver sees the key value of the new implementation is a people-related aspect - transparency:

Things that we found in our environment, incidences we've dealt with every part of basis, we're aware of it. We've even enabled some of our senior leadership team to have access to this portal, not to do searches or have the ability to do anything that could get them into trouble, but certainly, given them the ability to see what we're seeing in the SOC. It's not about scaring, but I think it's about being transparent. And I think that's really helped them understand the investment has been worthwhile.

My take 

The customer is king or queen - an old message that can't be repeated too often.