Houston, we have a (product acronym) problem

And a 3-step solution to the problem | Reading time: 4 minutes

Have you ever been confused by a security vendor marketing themselves as “a {insert acronym} solution” and you didn’t understand what that meant, what their product does, or how they’re different from another solution?

If you have, you’re definitely not alone. Allow me to explain.

A sea of product acronyms…

Background

Last month, a personal friend and practice director at Enterprise Strategy Group, Melinda Marks, wrote a blog post regarding how product acronyms are causing confusion in cybersecurity¹.

Her blog post resonated with me because recently I have spoken to numerous security product co-founders and product professionals over the last few months and that exact problem continues to be a topic of conversation - and frustration.

So that begs the question, if product folks who are developing security solutions are confused by product acronyms, what about customers and prospects?

So how did we get here?

Simply stated, product acronyms represent market categories (or sub-categories).

New market categories evolve out of innovation, commonly (but not exclusively) by new startups. Frequently early-stage security startups create alternative products to solve new or existing problems - essentially attempting to build a better mousetrap.

From a market category standpoint, the new products from these startups don’t always accurately fit into an existing market category, thus a new market category (and associated acronym) gets created; either by the product vendors themselves trying to differentiate themselves from other vendors or by analyst firms such as ESG, Gartner, Forrester, etc... attempting to more accurately categorize products. Over the last decade the pace of innovation has increased and, as a result, many additional new market categories have been created over time leading to significant category sprawl - thus more new product acronyms to keep up with.

Below is an example of the evolution of application security related vulnerability aggregation/remediation market categories: AVC -> ASOC -> ASPM over the past few years. Besides three different acronyms in the diagram to keep up with, what’s more confusing is that each of the market categories represent different and increasingly more sophisticated product capabilities.

That explains the creation of new market categories, but what happens to older market categories? Answer: Not much. In most cases, older market categories continue to exist for products that haven’t evolved and transitioned into newer market categories.

So to summarize, new market categories continue to be created over time and older categories remain. That explains why there are so many acronyms in the market with varying capabilities.

A potential solution in 3 steps

Vendors and industry analyst firms alike are contributing to the acronym sprawl problem, but if they both adopt the following 3 steps, they can also help make this problem easier on everyone.

What problem or challenge does the product solve? If you can understand the problem or pain point, it’s far easier and faster to understand the solution. Most security vendors do a good job of connecting the dots between a product acronym, the problem and how their solution addresses the problem, but it’s surprising how many vendors don’t connect those dots and “over rotate” on marketing.

I’m looking at you- security vendors that market themselves as “the best” {insert acronym} on their product data sheets or emblazoned on their booths at conferences.

Objective example: “Our Cloud Native Application Protection Platform (CNAPP) solution protects cloud-hosted workloads in a running state with visibility of infrastructure configuration and application composition with near-realtime awareness of associated vulnerabilities.”

A picture speaks a thousand words and providing visual context greatly helps with understanding what acronym does and the solution fit.

Example:

Acknowledging that technology matures, it’s understandable and expected that market categories will change and evolve as well. That said, not every person is fully aware and up-to-date of this continuous market evolution. To help combat potential confusion, vendors and industry analysts should adopt and include an acronym evolution chart. A few security vendors currently do this (a great example below from Orca Security), but not many vendors do and it’s far from being common practice.

Example:

Credit: Orca Security

---

If you liked this post, please subscribe and share it with others.

If you think my insight would add value to your organization, please email or DM me on LinkedIn to engage. Thank you!

1

Marks, M. (2023, October 27). Cloud-native app security? Ignore acronyms, solve problems. TechTarget. https://www.techtarget.com/searchsecurity/opinion/Cloud-native-app-security-Ignore-acronyms-solve-problems