« Why understanding your customer's pain points is important | Main | Defining the base features of Anvil v1.0 »

Feeling out my customer's pain

So I have already talked about WHY its important to understand your customer's pain points. Now I am going to talk directly about my customers, and the pain they have.

At Scorpion Software our latest product that is currently going through final beta testing is RWW-Guard. RWW-Guard protects our customers and enhances their remote access security with the addition of two-factor authentication directly into Remote Web Workplace, a web based portal which gives businesses who run Microsoft's Small Business Server 2003 (SBS) web based access to their email, the corporate intranet, and even to their workstations and other servers at the office. Combining the standard RWW domain credentials with the use of one time password (OTP) from software and hardware tokens, we provide new assurance levels of who can access our customer's corporate resources remotely.

Its a feature may small business owners with sensitive information assets that run SBS have always wanted. I even wanted it myself. In our office, we spent around $1000 implementing an extra layer of security with a Sonicwall firewall and the CryptoCard strong authentication server to get something that works similarly to RWW-Guard, but with extra technical hurdles that were sometimes cumbersome, and definitely not intuitive to my employees.

With RWW-Guard, you can use any strong authentication server that supports RADIUS to offer two-factor auth. That includes players like CryptoCard, RSA, Verisign, SecureComputing and Authenex. When personally asked which strong auth server we prefer for the RWW-Guard beta, we normally recommend CryptoCard or a dedicated RSA SecurID appliance. And here lies some problems. MOST strong auth solutions are just too expensive for small business. If you have the need for only a few remote users with strong auth, you STILL have to spend thousands of dollars to implement the solution, with wasted tokens sitting at the office that aren't used. An RSA appliance runs anywhere between $2500 and $5000, depending on the number of tokens needed and the implementation costs. CryptoCard's CryptoServer is much less expensive, but has the drawback that it is UNSUPPORTED on SBS 2003. I have it working in our office, but MOST of my beta testers couldn't get it to work. The combination of TomCat, a Java server and a MySQL database with ISA was just too resource demanding and complex for most SBS environments.

This quickly became a problem for both our customers and us. We have all these people WANTING RWW-Guard but who are having some difficulties deciding on what strong auth server to purchase. These customers are in extreme pain in trying to find an inexpensive solution that just works in their Windows environment, and we saw this as an opportunity.

So I contacted CryptoCard and explained the problem. And together, our companies decided that it would be more effective to build a strong authentication server for small business. Walla... Anvil is born. After deciding we COULD build the solution, I went and interviewed 25 potential customers directly. The idea was to make sure they would actually spend money on such a solution. I now have 5 pre-orders, and another 15 potential sales in the pipeline if I actually pull it off and show it to them. Only 5 of the people I interviewed said they wouldn't pay for the solution. When pressured to find out why, it ends up they just don't feel the risks to their business are worth the investment. I will note that a majority of those businesses are barely getting anything out of their SBS investment yet. I will go revisit them around Christmas and see if their attitudes change.

So with the cooperation and support from Cryptocard, Anvil will be a strong authentication server for small business. It is being built directly on the Windows stack, and will be built to natively support SBS 2003. We have an agreement with Cryptocard to purchase their KT1 key fob tokens and have gained access to their authentication engine, which means we don't even have to build our own. We can focus on building the right strong authentication solution for OUR customers, to solve THEIR pain point. And that is an inexpensive strong authentication server that "just works" on the Windows platform natively. No complex and cumbersome settings. Oh, did I mention it will "just work" with RWW-Guard at the same time? And scale up to larger businesses who are running Windows Server 2003?

So whats next? Well now that we know what pain points Anvil will solve, we need to decide on the scope and feature set of version 1. During my interview with the potential customers, I asked them what they would want. Tomorrow, I will talk about that as we brainstorm the features and start putting it together in a mindmap.

Posted by Dana Epp on August 1, 2006 01:14 PM |