Eldad Chai, VP, Product and Security for the Incapsula service at Imperva recently presented the product roadmap for the company. We had several follow-up questions for him, including:
• What drives product development?
• What is the new IP Protection release all about?
• How does his team approach securing a network of this magnitude?
• How does customer feedback drive product development?
• What is the main criteria for managing often competing priorities?
Incapsula: When building our products, what main criteria do you consider?
Chai: These are the three main things I consider when defining a product roadmap:
Customer success – When I talk to new customers, one thing that surprises them the most about Incapsula is how easy it is to use our solution. I believe this is extremely important with security products; proper implementation and customer success makes all the difference between another dashboard alert and either downtime or a security breach.
Short and long-term opportunity – Take, for example, our recent IP Protection announcement. This represents a big and currently unaddressed market problem, translating into an opportunity for us to provide short and long-term value to the market.
Strategic positioning – Incapsula is leading the market on various fronts, such as DDoS, WAF and the cloud application delivery market. It is extremely important for us to maintain our leadership by continuing to invest in superior technology and outstanding services.
Keeping these key drivers in mind, we have a system for prioritizing roadmap items using a range of criteria. These include customer feedback, competition, technology advancements, company core competence and market perception.
Incapsula: You mentioned the new IP Protection release. Who is going to benefit most from it and why?
Chai: We’re very excited about IP Protection; it’s a huge win for our customers and Incapsula.
This offering grew from a market need we found at small-to-medium-size organizations. Many of these have non-HTTP applications hosted in the cloud or at a hosting provider. Their apps were frequently being attacked by layer 3, 4 DDoS attacks.
Since such customers don’t manage their own routers, previously they weren’t able to adopt BGP-based solutions and were forced to adopt inferior solutions—if those even existed—from their service providers.
Our IP Protection service is perfect for these organizations. It’s the first solution that effectively addresses the need for layer 3, 4 DDoS protection for standalone IP services, such as IoT platforms, VoIP servers, gaming servers and proprietary APIs.
One interesting use case for IP Protection is protecting an IoT app from a car manufacturer. Their app acts as a “mothership” for all cars, whereby each vehicle communicates with the main IoT app over a proprietary protocol. IP Protection offers a simple way to protect it. Since it’s delivered from our CDN (as are our other services), IP Protection provides performance and stability value beyond DDoS protection.
Incapsula: Security is our core business. How does our team go about securing a network the magnitude of an Incapsula Behemoth?
Chai: Indeed, we continually place a lot of thought as to how we secure our network. We fully understand the risk of being compromised and what that means for a SaaS entity—never mind one such as Incapsula that is a security vendor.
It starts with our production system being completely separate from any other system we have. We exercise strict controls over which assets are part of that network.
Process and technology helps us make certain that only authorized personnel have access to production systems. Only a small number of our staff has such privileged access.
Incapsula employees are trained from their first day here to treat our production network as a “sacred” entity, so to speak. This mindset and continual awareness enables us to identify any potential weak spots before they emerge.
We’re also under tight regulations, such as PCI and SSAE 16, which help keep us on our toes with regard to security. Finally, our customers and we benefit from having a dedicated team specifically assigned to keeping our production system secure.
Incapsula: How does customer feedback play into product development?
Chai: Customer feedback is a core part of our agile methodology, being fundamental to the work of our product team. By putting ourselves in our customers’ shoes, we can fine-tune features and prioritize our goals.
As part of our development cycle, we get customer feedback for almost every step we take. This is true when we have an idea, have a design, run a beta, when we roll out and then after a feature has been in use by our customers. The feedback comes in various forms, including:
• Customer calls that focus on their experience, as well as roadmap discussions
• Monitoring our application usage patterns
• Running net promoter score (NPS) surveys
• Feedback patterns collected from our application
• Support tickets analysis
• Public forum monitoring
• And many more touchpoints…
Incapsula: Tell us about the lessons we learn during our beta testing programs.
Chai: As a SaaS cloud security vendor, our goal is to release solutions that work effectively out of the box and address real problems.
Beta programs are important in reaching our goal as they validate that we’re:
• Actually solving a problem we set out to address
• Doing so in a way our customers enjoy consuming
• Packaging it in a way that makes sense
We run some form of a beta program for every significant feature. They’ve helped us produce robust solutions that are fully functional when initially released.
Incapsula: As a SaaS organization, what would you say are the main priorities for your team and how do you manage those often-competing priorities?
Chai: That’s a great question that we think about a lot. Product teams including ours are often required to make hard decisions regarding product priorities versus their own personal priorities and focus. Since our team is a hub for input and requests from many entities—our customers being the most important one—it’s sometimes a challenge making the decision regarding how best to proceed.
In order to even start tackling this challenge, there’s one important step our team must take which is to decide what not to do. Deciding not to do something is difficult; who can really determine if a specific feature or direction won’t yield value? It’s always easier to simply add it to our roadmap as a future item. To keep our focus, however, we must be able to say no to specific initiatives and then back those decisions with solid reasoning.
Another factor, even before weighing initiatives, is our ability to execute. We measure our product team and management based on execution of their initiatives. I’ve found this to be the most successful way to maintain strong and effective product leadership within the company. We require product managers to set a course for each product—both on a strategic and tactical level. We accomplish the first through outstanding planning, followed by the same degree of execution. Our entire product team always sets their sights on strong, decisive and effective execution, backed up by careful and in-depth planning.
By focusing on these two concepts for each product, the team can prioritize increasing customer value, while achieving immediate business success and sustaining its long-term growth.
Finally, we have different approaches to strategic and tactical initiatives. Priorities for strategic initiatives are governed by discussions within a management forum and with our primary stakeholders—sales, marketing and R&D. For tactical initiatives, we follow a framework that helps us prioritize and—equally important—internally communicate priorities in a transparent manner. Our framework captures and scores different aspects of the initiative, such as user value, potential revenue and marketing value. All of this gets sorted into initiates based on overall score.
Do you have other questions for Eldad Chai? Please leave us a comment or contact us.