Product Blogs and Social Media Presence

Google has a lot of official blogs. Here is the main one, and at the bottom, you can see links to several other blogs, including corporate, product and developer blogs. (The complete directory is available here. So does your company follow this trend and also host several blogs? And what is the value of such blogs and blog posts.

Almost eight years ago, I tracked a blog post on a large software company's product line blog. That line is a specialized category with limited consumer interest. At that time, they got 50k page views and over 10k visitors.[ Note: this is a top level number and does not delve into much detail on accuracy, visitor segmentation etc] And this is a well maintained blog, with articles on product usage, updates from engineers and product managers and information on industry events.

Recently, I looked at the blogs on Adobe website's.  For a post from last week, there are 6 likes and 6 forwards visible on the website. If you scroll down, these numbers are about average for every blog post. If these are an indication of deeper engagement, then the product blog as a medium to engage people seems to be in trouble. And this excludes the number of people who may potentially post comments on the blog posts.

Interestingly, you can compare those numbers with those for a product management blog, such as the one called Mind the Product. I am sure that a blog like this, that comes on top of google search results for "product management blogs" must get at least 5k page views a month. [I know it's like comparing apples and oranges, however, the value of a blog should be analyzed independent of other factors]

Widen your official product presence

For a niche product, it may not be cost-effective to just maintain a product blog. Instead, a social presence on multiple channels, such as on Facebook, Twitter, Pinterest might be a far better mechanism to engage the audience.  

Any challenges to shutting down your blog and starting a Facebook presence? A few come to mind.
  1. Accessibility: If your audience is business users, they may not be comfortable surfing Facebook from work. And from home, they may use personal accounts, which may hide true audience demographics.
  2. Search: Facebook search is good, but for general search terms, Google search is better
  3. Privacy: You may not want to publish information about your followers, as your competitors could also be lurking there
In the end, your leadership team's vision will decide how you approach social media, and how your product gets the benefits. But if you want to make a case for a Facebook presence, or a broader social media presence for your products or product line, do think about the above factors.

User Identity Management for Websites/Apps

Background

Identity and access management (IAM) is a very big segment of cybersecurity. Gartner, the research giant, has a conference for security professionals and a Magic Quadrant covering this segment and the key vendors, use cases and technologies. This market has grown rapidly, and it continues to grow, with vendors offering solutions that can scale up to millions of cloud users. Today, on-premise solutions do exist, however they have limitations that can be overcome with cloud based offerings.

Traditionally, IAM was focused on employees and their access rights and privileges. Later it expanded to include vendor and partner access, privileged user access and securing API access, commonly through a key-vault type of solution.

Consumer Identity Management

With the explosion of smartphones and internet browsing speeds, there are millions of users registering on websites and apps through various devices everyday. One way to simplify the registration process is through social login, a form of single sign-on, that let's you use a single username and password across websites. However, this is not the only solution or even an optimum solution, and thus we have a new segment of cybersecurity that covers Consumer Identity and Access Management (CIAM).

For any startup or enterprise capturing user data, there are always regulations covering user privacy & security to comply with. In addition, as identity theft remains a big concern, user data must be kept secure beyond regulatory compliance, as any data leak can cause damage to both reputation and the share price.

Beyond, data leaks, the concerns are also about data usage. Where inappropriate use of customer data (possibly through machine learning algorithms), can again breach ethics or regulations. A classic case reported recently was of Apple Cards offer cards with different credit limits to spouses, including the Apple co-founder.

Preparing for the Future

Here are four things that all website and app owners must remember, when registering consumers:
  • Get up to speed on privacy regulations that cover your website or business
  • Secure financial transactions much more, and regularly audit that coverage
  • Be aware of inadvertent side effects of using machine learning on collected data
  • Continue trying out new security techniques to simplify user experience (UX) for consumers

Bottomline

For successful businesses, registering millions of users, or handling millions of transactions can be a great reward. To continue this success, properly attention must be paid to consumer identity and access management as well.

Feature - Allow User Authentication without Passwords

As "reset password" requests eat up IT service desk dollars, and most passwords remain insecure, it is time for authentication protocols that do not depend on passwords for user login.
Many such methods are available today, these include Apple Touch ID, Multi-factor authentication and authentication using TOTP.

Microsoft security blog  has a post describing their goals and different techniques to ensure users are able to use devices and software without worrying about passwords. However, all these techniques have two things in common:
  1. They either need your biometrics (fingerprint, face, eye etc.) or 
  2. They validate the token or security key generated by an app on a mobile device

Imagine a typical use case

A user likes to browse the web, and shop at different e-commerce sites, check his account balance, join forums and personalize his browsing experience.
For her, the vast majority of login screens will still ask for a password. 

There are some secure websites that send a TOTP (time based one time password) instead of asking you to enter a password, however they are not widely adopted.
Social login (e.g. login using Facebook) has major privacy issues, so that is a solution with limited use.
And if you use a solution like LastPass, then all you are doing is moving your passwords from your mind, to another app on your mobile.

The only solution appears to be with the website owner, or the enterprise providing the service. If they start offering secure authentication without passwords, and allow other secure websites to confirm the user identity, then the process of login will become easier and more secure.

For this, a key factor is to eliminate passwords from registration forms. With this approach, and using techniques such as adaptive risk based authentication, the user experience at registration and login can be vastly improved, without compromising on security.

Identity & Access Management for Cloud Applications

If you have a SaaS offering, fundamentally, you need to adopt a security posture that is much more stringent than that for on-premise applications. This includes user life cycle management, identity and authentication services, authorization to use key features and log management for audit and compliance.
Here is a conceptual cloud security architecture from the Cloud Security Alliance.


This gives a great overview of the potential points of concern for any CISO.
To read more about how to secure your applications or design secure applications in the cloud, head over to their website, and take a look at the research resources they offer.

Calculating TAM (Total Addressable Market) for a SaaS firm

If your firm or start-up does not have a full time strategy team, then the founders will use different resources to calculate the potential market size for their firm. Here are some key methods to calculate the TAM, and create a product launch and marketing strategy.
  1. Use Data from Research Reports

    Many research firms put out their estimates about the TAM for different products and services. For example, there is a category of products called Next Generation Firewall (NGFW)
    Research reports such as this and this, indicate that the NGFW market size is about $7.4 billion in 2017, growing to $12.5 billion by 2022. 

    Using such numbers, from a creditable source, can give a good estimate of the market size, as well as the sub-segments within the market. Adding to this data, you can make some projections on your own, to identify which verticals, geographies and customer profiles will be a good fit for your products and solutions. Add to this the range of growth rates expected, and you can have a very good range of TAM, for planning and budgeting.
  2. Create a "Bottom up" Estimate

    This is a more accurate method, however, it takes more effort, and requires expert level skills to make good projects. In this method, you first identify the total number target firms per vertical, geography and revenue/employee size. This data is available from public sources and databases. For example, if you want to target only firms with a firewall spend of over USD $1 million, then you are probably looking at an annual IT budget in the range of  $15-50 million. Which indicates that the firm size is over $1.5 billion (estimating IT investment budget range from 1%-3%). 

    The next step is to select 10-20 priority verticals (healthcare, government, retail, manufacturing, mining etc.) where you see a good fit for your product over the next 2-3 years. In these verticals, you then identify the firms with a size above the cut-off. Let's say that you come up with a list of 250 firms. Making projections of their IT spend, you can estimate the size of your addressable market for the first 2 years. The key advantage of this estimation method is that it incorporates your corporate constraints and is customized to your current capabilities.

    There is another way to estimate TAM, which is based on the current ticket size per sale of competitors and come up with an estimate for your firm. Ticket size multiplied by potential buyers can be another estimate of the theoretical TAM. Unless you are a marketing guru, this is not recommended.

    Bottom Line

    Estimation is a necessary activity, when you want to make a business case for new investment. Using either of these methods, any product manager can project the TAM for his products and services. And as always, you must document your assumptions behind these estimates.

TM Forum Digital Maturity Model for Tracking Digital Transformation

According to their website, TM Forum is
"
is the global industry association that drives collaboration and collective problem-solving to maximize the business success of communication and digital service providers and their ecosystem of suppliers.
"

They have worked extensively on creating a digital maturity model, defining the digital transformation journey and working with CSPs (Communication Services Providers) looking to become DSPs. In their model, there are 5 dimensions covering:
  • Customer
  • Strategy
  • Technology
  • Operations
  • Culture
Across these dimensions, 110 criteria are identified, along with sub-dimensions, to assess how far along a CSP has come in its digital transformation journey, and how to assess its target objectives.

TM Forum Digital Maturity Model


The full model is members only, but there are a lot of additional resources for telecom professionals on their website, including videos and case studies. For people looking to understand digital transformation in the telecom industry, this is a good starting point.

Telecom Trends and Opportunities

A while back, I was engaged for a study on the opportunities for CSPs (communication service providers) to transform into DSPs (Digital service providers). Depending on the market maturity, the size of the opportunity, the geography and economy and some other factors, I prepared a slide about the key trends and opportunities in 2018-20.


From the slide, you can infer some points yourself, and see what makes most sense for a CSP in its business evolution. There is a complete presentation about this topic which I created, I will upload it some time in the future. Meanwhile, you can read about the latest research on this transformation at GSMA Intelligence and at telecoms.com.


Product Manager or Product Owner

For people looking to move into product management, the product owner role is often a stepping stone. In fact, many advisors do consider the product owner role as a subset of the product manager's role. That is a misguided view of the roles, especially given how the software industry is transforming. To be clear, both are different roles which require different skills and have different objectives, stakeholders and success metrics.

To summarize, the Product Owner works in an agile team, with a specific set of tasks and objectives.
The Product Manager is a business role, that has a wide range of responsibilities and objectives, depending on the 
  • Organization (centralized vs. product driven pricing, planning and budgeting)
  • Industry (B2B, B2C, e-commerce, networking etc.)
  • Software development processes (agile, waterfall, hybrid)
  • Seniority in the organization
  • and whether there are also product owners or an architect team in the organization
 Both roles have some overlap as well, however that is often because the company is undergoing a transformation and the roles have shared responsibilities.

Below is a slide that shows the possible growth path in this role.
https://www.slideshare.net/dhirenjani/product-manager-vs-product-owner


I have uploaded a brief presentation on SlideShare that talks about the product manager and product owner roles. This will be useful for people looking to explore either role as a career opportunity. 

As the scope of the presentation is very large, it has been split into two parts. The first part is currently available on Slideshare. Feel free to view that and direct any questions at me.

Product Management Skills Benchmark Report

The 280 Group is a Silicon Valley based training, research and consulting organization focusing on product management training and consulting for a long time.Their training and consulting staff are available for online, virtual or in-person training sessions. Best of all, their product management framework and process can be adapted by any organization, using Agile, Waterfall or a Hybrid methodology.

In late 2018, they did a survey of practicing product managers across the globe. The objective was to understand the definition of the role in different regions and industries, the key skills and responsibilities of the PM, and the skill gaps that product managers mentioned in the survey. For this survey, they identified 15 key skills (skill set) that a PM will use over the course of their career. They also include a skills assessment survey, which you can use to benchmark yourself against other respondents.
With more than 1,500 responses, there are a ton of insights from their Skills Benchmark Report. If you want a greater understanding of this role, or want to benchmark yourself against other product managers then you can download this report for free.

Few Points

  • Customer and domain knowledge was the strongest skill among PMs
  • Competitive Analysis, End of Life & Pricing were among the weakest

If you want to move into product management, or want to grow further, then this is a great resource to understand what is actually needed in the role. I hope you get as much value from this report as I did.

5 Reasons Why Scrum Teams May Not Deliver the Backlog

[This is a post from 6 years ago, but I came across this situation recently with a client, hence re-posting it here]

As a Product Manager, you should be used to hearing "NO" from every stakeholder, including the engineering teams. And then comes the hard part of persuading people to listen to you, even when they do not report to you. Of course, if you are talking to a vendor, or an IT services firm, you occasionally face the other challenge, of hearing a "YES", for every product initiative. With engineering teams, sometimes there is a hidden reason behind their "no" for a product/feature concept. Here are 5 reasons why PMs I know were not able to push through product requirements.

It's not cool enough

In the web world, certain technologies and features are considered cool. Others are not. So if you have a strong engineering team, they may simply nix the basic features such as logging, event viewer etc. in favor of features such as cross-domain APIs, "social" features etc. The trick is to keep a judicious balance in every feature review. And in case that's not possible, just promise them that the "cool" features are coming down the road. And be careful about the ever-present "code conversion" projects where they want to migrate the code from JavaScript to TypeScript or to use node.js and introduce SVG viewer and other features. Unless there is a business need or a strong performance reason, the "coolness factor" could be lurking about.

It's too tough

This is what I heard from an intern who joined the engineering team. They had worked on a matrix based hierarchical organization of real-time data for a year, and then they gave the same project to the intern to take analyze. Additionally, this was always the project that got de-prioritized over other initiatives. By sitting with the intern for an hour, it was easy to understand that this was an NP-complete problem, and optimizations were simply too tough for our data dictionary. (Here is a description of NP-complete).

It's too easy

I have been in teams that often said "no" to easy fixes. After developing the core feature, however badly, nobody wants to simply fix all the bugs or add the security requirements. Again, one workaround is to offer a bundle of features to the product team, where they cannot pick and choose specific features. 
In normal circumstances, these are the features that will slip the most in an early release, as they are deemed "non-core" features. For instance, the web-based admin GUI for a SaaS app often falls in this category.

We don't have expertise in that

No true engineering team will admit this, but this is also another hidden reason why teams say "no". In one instance, the team had no idea of the internals of Oracle's 11g release, so they simply delayed releasing a plug-in based on that. After several weeks of waiting and testing alternates, and with shipping of the core product getting delayed, this is the actual reason that came out during a hallway discussion with an engineer. The product management solution was to drop the plug-in and release the product.

If I agree, I will look weak

This is one of my favorites. Engineering managers in world-class organizations have a top educational background, have often won awards for their work and are viewed as stars. So if a great PM comes along with a perfect PRD, and has all the right features dictated by competitive needs, market analysis and user requirements, the engineering manager will simply say "no" to many features to satisfy his ego. (I do not know of any way to solve this problem, except to avoid entering such situations.) And going Agile, and becoming the Product Owner and backlog owner still does not always solve this situation.

SaaS Product Managers - Get your Data Processing Agreement in place

The European Union General Data Protection Regulation (EU GDPR) has come into effect on 25th May 2018. This is a landmark regulation to protect consumer data for SAAS companies that want to do business in the EU.
In essence, data collection requires informed consent of users, a data governance policy and data management tools, which includes the “right to be forgotten”. Actually, a more detailed e-privacy regulation is also in the works within the EU, but is yet to become law. Here is a brief description of how this impacts cross-border SaaS.

Impact on your SaaS website

For marketing and tracking user activities, websites often use cookies. These are either
  • essential cookies (login, session etc.)
  • preference cookies (remember password, language, time zone etc.)
  • statistical cookies (analytics, user activities)
  • marketing cookies (advertising, 3rd party data)
For engaging website visitors in EU countries, you need to allow users to understand what these cookies do and how they are used. Users must be able to opt out of the last 2 categories, or else they must be allowed to exit the site. And your privacy policy must explain clearly how individual user data is being used or anonymized.

Impact on your SaaS marketing

For marketing and advertising on 3rd part websites, or via social media or email, you need explicit consent of users. This consent must be captured, stored and deleted based on the user preference at that time. And there must be an easy way (email or website) to allow the user to change their preferences. Not only this, there should be adequate controls in place for protecting user data, whether it remains with you, or is shared with a 3rd party or vendor.

Data Processing Agreement

Unless you are a multi-billion SaaS business that is completely siloed, with its own data centres, you will rely on vendors for cloud storage, web analytics, email marketing and several other activities. The GDPR specifies that when you share user data, a written DPA is required with these vendors and 3rd parties.

The DPA is a legally binding contract that states the rights and obligations of each party concerning the protection of user data. A Data Processing Agreement identifies the data controller and data processor roles. The data processor must have controls in place, that can be audited, to ensure that user data is not leaked, lost or stolen. The GDPR also specifies hefty fines in case of non-compliance.
More details on this topic are available on the official website.

Typical Use Cases

  • A SaaS marketing team that wants to use an external email marketing service needs a DPA
  • A SaaS product manager who wants to display 3rd party advertising on the website needs a DPA
  • A SaaS product manager wishing to integrate with another SaaS or on-premise service may also need a DPA
 The last use case is often overlooked by integration teams; I will post more about this in the future.

Bottom Line

If you want to engage consumers in the EU region, and are sharing their data with vendors, get a DPA created and processes properly audited. Going forward, such regulations are likely to impact your international reach and expansion, not just in the EU, but in many other regions and countries.

SaaS APIs – Retain Customers and Expand Engagement

Customer retention increases when they find reasons to continue using the software, and they do not have reasons to look at alternatives or substitutes. There is a good economic definition of these substitute goods on Wikipedia. In addition, easy to track retention metrics and churn models simplify the efforts to predict whether a customer will churn or stay. (There is a good blog post on churn measurements here).

Additionally, to expand engagement, every SaaS vendor needs to identify different user personas and their usage patterns. Based on usage or non-usage of the software, new methods of user engagement can be identified. These can either be:
•    departmental (new roles within a department),
•    geographical (users in other countries in a MNC),
•    hierarchical (increase usage in head office vs. branch offices, stores vs. warehouses etc.) or
•    cross-functional (new processes created during organizational transformation that lead to cross-functional teams)

Here are two use cases that indicate how user engagement can be expanded via judicious introduction of APIs for new personas.

Use Case - Feature addition to retain personas

A large Canadian firm is merging with another company in Singapore. The new company has different processes, departments and hierarchy and is undergoing a long term merger/transformation program. Clearly, the existing processes, business rules and personas supported by existing features will not suffice. APIs are the easy way to make sure that existing users and business logic of the Singapore firm are retained and later integrated with your overall solution (Corollary: This will also lead to increase in subscription users).

Use Case - Feature addition to support new personas

A company is transforming its supply chain, and wants to make sure that all vendors are on-boarded into their new SaaS procurement platform. Not only is this an opportunity to sell more subscription to vendor users, but by properly integrating with the existing (potentially siloed) solution, many more customer employees can be on-boarded onto this solution, again leading to sale of configuration services and subscription licenses.

Retention and expansion of engagement are two ways to increase revenues without a large cost of sales. If your product team is not focusing on that, but on chasing new revenues only, then your roadmap is tilted towards short term features. This will harm you in the long run, when the competition’s retention rates increase, and your burn rate causes you to reduce your feature release velocity.

SaaS Revenue APIs – Increase Sale Per Customer

So what happens once a customer registers for your SaaS services?

The next step is to monetize your APIs. As the business owner, you should consider the following:
  • Registration or setup charges for the customer (This is also to deter casual customers who are only experimenting with the business model)
  • Usage charges (~$.02 per 1000 API calls)
  • API category charges (~$.05 per 1000 API calls for bulk APIs, advanced APIs etc.)
  • Consulting or support charges (per hour or per incident is the common model)
Looking at these monetization options, it is evident that the largest opportunity to increase revenue per customer is from usage of your APIs. Incidentally, this is also the model followed by many large platforms or aggregators.

The following is a use case from the online travel industry, of how API consumption and revenue generation occurs. With the right APIs, it is easy to allow more customers to sign up, and offer them differentiated data per API, thus increasing API consumption.

Travel industry API monetization use case

An online ticketing website such as booking.com wants to pull data about flights to satisfy a user query. This data is provided by Global Distribution System (GDS) such as Sabre, Amadeus and Travelport, who aggregate the data from different airlines, platforms etc. The user query must return data to allow him to view options, select an option, complete a booking, make a payment and get details of the booking on email, SMS and the site. 
The diagram below shows the high-level communication, and the APIs in red indicate the monetization possibilities.


For API usage, key fields to retrieve data from GDS:
•    Location of passenger
•    Source and destination of travel
•    Date of travel
•    Number of passengers
Key data points to retrieve:
•    Fields input by user (source, destination, date)
•    Airport codes
•    Airline codes
•    Combination of flights that offer the travel option
•    Price per combination
•    Data validity

 Unless the API or set of API support these data fields, the end to end transaction may fail, leading to a lost opportunity for the GDS to monetize the use case. And similar to this ticket booking use case, monetization opportunities also exist for many online platforms.