Marketing collateral can leverage a trend in the wrong way. When this happens, buyers often tune out and go somewhere else. These people are subject experts, so their response makes it more important than ever for collateral to responsibly associate your product or service with words of a trend.

A word keeping many hi-tech vendors alive of late is compliance. It’s a word of requirement to obey laws and regulations and is a force selling lots of IT hardware, software and services.  As one vice president of marketing told me last week, “We’d be dead without it.”

Another in-word is policy. This C-level word appears in compliance collateral because it is superior to everything and sets the rules of compliance. Policy is a power word that spawns images of mahogany desks, skyscrapers, tanks and Air Force One. There actually are people in marketing departments who hope that using the word will make executives want to read their data sheets and sign up for a free webinar.

Collateral can proudly wear these monikers if the products and services tackle compliance in a big way. Question is, how big does that way have to be to join the winner’s circle?

As a marketing person ponders a blank computer screen awaiting ideas for new collateral, it is important to resist temptation and not succumb to the credo of an impure journalist, “Don’t let the facts get in the way of a good story.” Unfortunately, some fall, and even the biggest companies commit this sin – sometimes to the point of provoking buyer cynicism.

For example, Google just paid $625 million for Postini, a “communications security and compliance” company. The purchase underscores Google’s plan to expand beyond consumer products into on-demand enterprise business applications. With bravado, Google said the Postini purchase will resolve enterprise “issues with security and corporate compliance.” The press release oozed compliance. Quotes by Google executives said that with the acquisition of Postini, users can “streamline the complex information security mandates within these organizations.” And: “By adding Postini products to Google’s technology … the [large user] company achieves the security and assurance it needs.” Just like that.

Compliance with laws and regulations is more complicated than these assertions imply. For example, consider compliance by the U.S. federal government, which is required to obey many laws and regulations. Keeping this simple, we will restrict the illustration to information security compliance. “Policy” starts with the Federal Information Security Management Act (FISMA), which is Title III of the E-Government Act of 2002 (P.L. 107-337). FISMA delegates technology directives for compliance to the National Institute of Standards and Technology (NIST). Its Computer Security Division issues detailed directives for FISMA compliance, a key one being Special Publication 800-53. This document specifies security controls in three classes: management, operational and technical, which corresponds to major sections of a comprehensive security plan. SP 800-53 assigns 17 families of controls to these classes. It contains a lot of detail and references many kinds of security products.

In a way, every security product fits somewhere into compliance frameworks like FISMA, CobiT and others because, by definition, frameworks attempt to cover every area of security. There are certainly hundreds if not thousands of products that can be used for compliance. Given that Postini addresses just a few aspects of compliance (message encryption and archiving electronic communications), a cynic could say the press release is more fodder for the marketing stereotype of exaggerating facts to sell stuff.

For now, the software industry will discount these marketing assertions as “irrational exGooberance,” but given the business position and vast resources of GOOG, and its obvious requirement for acquiring many more companies to fill in an enterprise-class portfolio of compliance capabilities, what the marketing people say today may happen in years to come. Could it be that we’ll all eventually work for Google?

Meanwhile, consider what compliance is really all about. Vendors often think of compliance in terms of features delivered by their products. Business executives think of compliance in terms of avoiding prison. To this point, laws and regulations rarely mention detailed requirements for using particular information technology. But you may be sure that if some non-compliance is egregious, lawyers and judges will definitely consult specifications in Chapter 8 of the United States Sentencing Commission’s Federal Sentencing Guidelines.

People who were rock stars of business were or are in prison for non-compliance with laws like 75-word Section 404 of Sarbanes-Oxley. On the other hand, have you ever heard of a conviction for non-compliance with FISMA? That one has no teeth, which may be a clue why 21 of 24 federal agencies have “significant weaknesses in information security controls,” according to the U.S. Government Accountability Office who is the FISMA auditor.

The risk of prison apparently motivates executives more than the Ten Commandments so the ideal marketing campaign will focus on laws and regulations that have the most severe penalties. People at risk of prison for non-compliance will be more motivated to sign the P.O.

Whatever type of compliance is in your campaign, be sure to aim collateral at the right readers. Technology gurus are not into compliance the way that a CEO or Chief Compliance Officer might be. This behavior may relate to the low risk of techies going to prison compared to the kill rate of guilty executives. Yet it’s amazing how compliance pitches quickly devolve into tech talk.

The issue of properly targeting compliance collateral is not clear cut – even to end user organizations. The org chart for compliance is still a matter of dispute because theories differ as to who should own responsibility. Again, risk of prison is the culprit behind this hot potato, so consider who among your primary prospects are most likely to welcome a message of fear. Heavily regulated companies such as healthcare and financial services usually have a Chief Compliance Officer (CCO) who reports to the Chief Executive Officer (CEO). Some organizations have a Chief Security Officer (CSO), often reporting to the Chief Information Officer (CIO). The latter situation can be dicey from a risk standpoint if the CIO wants to push the envelope with innovation while her CSO employee wants to lick the envelope to limit risk. For this reason, some organizations give the CCO/CSO audit power and perhaps make him or her an officer of the company – maybe reporting to the Board of Directors. Politically, this stirs a perception that the CCO/CSO is higher than a CIO, and equal to or even higher than the CEO. And that’s a no no.

Some organizations have the CCO report to the Chief Counsel. This makes sense because laws and regulations are written by lawyers, which ostensibly gives them a leg up on knowing how to keep clients out of prison. The involvement of lawyers on anything related to compliance also means that compliance collateral should relate products more explicitly to respective laws and regulations.

So how much should your collateral push a compliance story? The answer is simple. Push it as much as you validly can, but no more. If your product or services cover many compliance requirements, your story will impress lawyers and IT people alike because the scope of assurance is real. If your reach covers just one or two requirements, make the most of it but don’t pretend to do more. For most vendors, it’s likely that their solution will solve just a small piece of the compliance pie.

Compliance is a huge, important trend in marketing that requires responsible association of your product with the respective laws and regulations. Every vendor wants strong collateral that persuades readers of comprehensive capability for compliance. But skeptical CCOs and lawyers will buy your compliance pitch only if data backs the claim. Here are some guidelines for creating compliance collateral:

Clarify who you are talking to and use language appropriate for their world view. Reserve tech talk for techies and keep it to a minimum in collateral aimed at compliance officers, lawyers and business executives.

Be realistic with your compliance story. If your offering helps comply with many aspects of a law or regulation, play up the comprehensive angle. If you address just one or two aspects, describe those well without pretending to be a total compliance solution. People who know

what the laws require will see through attempts to be more than you are.

Be brief; don’t drag it out. Complex convincing may need a white paper but due to short attention spans, try to make your compliance story as simple as possible.  Often you can get the point across on two to four pages.  State the legal or regulatory situation, position your solution in terms of compliance requirements, then describe how your offering satisfies compliance. Illustrate your story with a concise matrix. Put requirements of the law or regulation on one side of the matrix and how your product provides compliance on the other – point by point. If you don’t connect the dots for the CCO and lawyers, you won’t get the P.O.

Segregate your story by treating each law or regulation on its own. Make a series of collateral pieces to show how you address each compliance situation. Technology used for compliance may be applied in different ways according to unique requirements of each rule. Your collateral can also serve prospects by helping them evaluate technology providers with a clear picture of what they need to buy to address overall compliance. They’ll appreciate that and be more likely to buy your solution.

Want to tune up your compliance collateral?  Call me and let's discuss how to make your collateral turn compliance into sales.

Contact: ghostwriter@pacific.net

Website: www.davebuerger.com

Listen to the PODCAST of this webletter: When_selling_compliance_implies_too_much.mp3

If you want to be perceived as a leader, act like a leader.  Sounds too simple?  You'd be surprised how often even big companies overlook this golden rule of communication.

For example, Cisco, Juniper, McAfee and Microsoft -- four name brands in their own right -- are jostling for leadership on a crucial but tempestuous young topic called Network Access Control.  NAC is a way to automatically govern access to networks based on security policies.  Identity management experts argue that NAC focuses too much on authorizing devices instead of people, but let's stay with how these companies are positioning themselves as the True Answer to NAC.

The first place to check on a company’s story is the corporate website, so while the nation watched a rain delay at the Indy 500, I did a litmus test on NAC messaging at websites for Juniper, McAfee, Microsoft and Cisco.

Juniper alludes to NAC once on its home page in a press release about working with Microsoft on “unified access control.”  Using Juniper's internal search function, the first item on the first page of results for NAC is an analyst white paper on NAC deployment.  The second result is a landing page on LAN access control, but it does not provide comprehensive links to all Juniper resources on NAC such as the press release cited on the home page.  You have to click through other links to get the full story.  Many companies scatter information on their website.  The remedy is judicious use of landing pages that unify your vision and resources in one location for each important technology or business issue.

Another point about Juniper’s landing page is familiar elsewhere: titles of supplemental resources such as white papers, a buyer's guide and brochure show in a sidebar and then disappear when you print the page.  Accurate, efficient printing is useful for people who want to capture everything they see on screen onto paper format.  As a “green” consideration, website print formats for each page should conserve paper when possible.

McAfee's home page does not mention NAC.  The first item on the first page of search results goes straight to McAfee's landing page for its NAC product.  Features and benefits are well-arranged, including handy resource links displayed to the right -- however none of the link titles appear when you print the page.  Despite the ease of getting there, McAfee's packaging and treatment of NAC appears mostly product-focused, which is what one might expect of a company with a strong consumer heritage.

Microsoft's home page does not mention NAC.  The first item on the first page of search results for NAC is a press release that's almost eight months old.  Many items on the first few pages of search results are several years old.   These results give the impression that NAC is not an important topic for Microsoft. Well – it’s not: Microsoft chose to define NAC with a different term that’s called Network Access Protection (NAP). The first item in the first bunch of search hits retrieved for NAP is a decent landing page including overviews, webcasts and live meeting recordings, step-by-step guides, white papers and partner information.  This landing page also shows up as the second hit when searching for NAC.  It’s all good stuff – provided you know what term to search for.  The danger is one tends to skip search hit hotlinks that seem off-target no matter how early they appear in search results.

Cisco also defines this topic differently, but its label called Network Admissions Control is still NAC.  Cisco’s home page does not mention NAC but the first result of search is clearly the best landing page of all.  It provides an introduction to NAC, links to two featured content pieces, business benefits, NAC-enabled products, and 4 brochures, 1 Q&A, 7 white papers, 4 design guides, 2 presentations, 3 release notes, and 1 documentation roadmap.  Additional links point to Cisco's NAC Partner Program and Cisco NAC-compatible vendors.  Unlike competitors' websites, all these references are included in a printout of the landing page.

Ironically, Cisco is the only vendor here that has not forged an alliance with the Trusted Computing Group and its forthcoming almost-universal NAC framework.  Cisco says it prefers to focus standardization efforts on the Internet Engineering Task Force (IETF).  Rivals Juniper, Microsoft and McAfee cite this as a negative for Cisco, but on the surface it does not seem to mar the giant networking company's presentation of NAC leadership.

On the other hand, leadership as measured by how many use NAC today doesn’t have much weight because of limited adoption.  These are early days for NAC so leadership is up for grabs.

Obviously there is much more to technology leadership than using the right words and images on a website.  But there are lessons here for every technology company that competes for perceived leadership in their business.

First, you must clearly prove that what you are doing makes you a leader.  If there's just one issue, focus on that and provide an integrated package of backup collateral to show that you know your stuff.  Smaller companies may find it easier to direct readers to key messages because their petite product portfolios allow for devoting more of the home page to important ideas.  Likewise, their websites will feel less cluttered than sites for companies selling many products and services.

But even big players with huge portfolios can and should get straight to important content.  Make your top entry points to collateral easy to find.  The website search engine should always point first to an issue’s main landing page.  The idea is to ensure full presentation of your key messages and resources.  Do not assume outsiders will wade through vague hits and decipher messaging on their own.  You must control presentation of your story or Google will do it for you.

Finally, make key landing pages speak clearly to the right target audience.  If your collateral is compelled to speak both to business and technical people, group information so readers from each audience can easily find what they need.

Want to make your company look like a leader?  Call me and let's discuss how your collateral can show that you are the leader!

Contact: ghostwriter@pacific.net

Website: www.davebuerger.com

Download the PODCAST of this webletter act_like_a_leader.mp3 ]]>If you want to be perceived as a leader, act like a leader. Sounds too simple? You'd be surprised how often even big companies overlook this golden rule of communication. For example, Cisco, Juniper, McAfee and Microsoft -- four name...If you want to be perceived as a leader, act like a leader. Sounds too simple? You'd be surprised how often even big companies overlook this golden rule of communication. For example, Cisco, Juniper, McAfee and Microsoft -- four name...If you want to be perceived as a leader, act like a leader. Sounds too simple? You'd be surprised how often even big companies overlook this golden rule of communication. For example, Cisco, Juniper, McAfee and Microsoft -- four name...Websitenonadult