Netflix Hack: Key Lessons In The Economics Of Ransomware And Managing 3rd Party Risk

Renee Murphy

Netflix recently experienced a third-party breach. The data lost is Season 5 of Orange is the New Black, which is original Netflix content. Many are calling it the largest entertainment industry hack since Sony. I guess that is right, but how bad is it really?

First, here is what happened. Netflix transferred season five to their post-production third party in Los Angeles, Larson Studios, for sound mixing and editing. Larson does the post work for at least 25 episodics that run on Fox, ABC, IFC and Netflix. It was Larson Studios that was hacked and, according to thedarkoverlord (TDO), they made off with not just Netflix content but network content as well, putting at risk the release of Documentary Now, Portlandia, Fargo and many others.  TDO contacted Netflix and asked for a bitcoin ransom or it would dump their content for download. Netflix refused to be extorted and TDO made good on its threat.

That got me thinking…was Netflix right to not pay the ransom? What was the real impact of that decision? Can networks and studios do the same thing? Are they inoculated from third party damage because of their industry or their product? Let’s find out.

1.     Was Netflix right to not pay the ransom? Yes. If I have learned anything from the state department it’s that we don't negotiate with terrorists. For Netflix, there is no reason to overreact or go to great lengths to explain the impacts. If you do an impact analysis, you see that it has a medium reputational risk, a low financial risk and no regulatory risk. With that kind of risk analysis, you don’t pay a ransom.

Read more

What Do You Mean When You Call A Supplier A “Strategic Partner”?

Duncan Jones

I handle many inquiry calls from clients asking for help negotiating with large suppliers, and often they claim the supplier is a strategic partner. I’ve noticed that many clients use that term, but when I ask them what it actually means in practice, I get varying responses. So Forrester recently surveyed over 150 sourcing and vendor management (SVM) professionals to ask them what they expect to get from strategic partners, and what they offer in return. I was bit disappointed with the results. For instance, while 68% said they would always expect partners to give them the best possible discount, only 6% said they would always make the partner their sole source for specific technology categories.

What’s wrong with this picture? Well, to quote Godfather 2, when explaining Hyman Roth’s longevity, Johnnie Ola says, “He always made money for his partners.” That concept doesn’t seem to apply in the technology world. On the one hand, buyers complain about vendors’ unfair policies (see my recent report Buyers Should Reject Unfair Licensing Rules) and transactional sales approach. Yet OTOH they want to squeeze their partners’ margins while still expecting them to sell their wares site-by-site and product-by-product around their enterprise. As one senior software executive told me the other day, “Sure, I’ll waive my usual policies for partners, but only if they let me off the huge cost of supporting individual, small product buying decisions.”

Read more

Cisco Makes The Charts – Now No. 3 In Blades

Richard Fichera

When Cisco began shipping UCS slightly over two years ago, competitor reaction ranged the gamut from concerned to gleefully dismissive of their chances at success in the server market. The reasons given for their guaranteed lack of success were a combination of technical (the product won’t really work), the economics (Cisco can’t live on server margins) to cultural (Cisco doesn’t know servers and can’t succeed in a market where they are not the quasi-monopolistic dominating player). Some ignored them, and some attempted to preemptively introduce products that delivered similar functionality, and in the two years following introduction, competitive reaction was very similar – yes they are selling, but we don’t think they are a significant threat.

Any lingering doubt about whether Cisco can become a credible supplier has been laid to rest with Cisco’s recent quarterly financial disclosures and IDC’s revelation that Cisco is now the No. 3 worldwide blade vendor, with slightly over 10% of worldwide (and close to 20% in North America) blade server shipments. In their quarterly call, Cisco revealed Q1 revenues of $171 million, for a $684 million revenue run rate, and claimed a booking run rate of $900 million annually. In addition, they placed their total customer count at 5,400. While actual customer count is hard to verify, Cisco has been reporting a steady and impressive growth in customers since initial shipment, and Forrester’s anecdotal data confirms both the significant interest and installed UCS systems among Forrester’s clients.

Read more

Governing Large Implementation Projects: Execution Is Key -- Findings From Forrester's Recent Sourcing Forum

Liz Herbert

We met with 30 Sourcing & Vendor Management Professionals during an action session at Forrester’s Sourcing & Vendor Management Forum in Chicago to discuss how to improve governance for large implementation projects. Clients were looking for help across the sourcing life cycle – from determining who manages the RFP process, to determining scope with internal stakeholders, to driving governance after the contract is signed.

What tactics are Sourcing & Vendor Management Professionals using to tackle these challenges?

1. Renegotiate rates with current players. Forrester’s recent survey found that 68% of organizations are renegotiating with their existing suppliers. One attendee said, “This has always been a priority, now we are bringing more efficiency and innovation to the process.”

2. Drive innovation from vendors. Everyone wants innovation from their suppliers but few receive it.  Attendees shared tips for how they overcome major hurdles to achieving this in their supplier relationships:

a. Define what you mean by innovation. Many struggle to get innovation from their providers because they haven’t defined what that means — are you looking for idea-sharing or process improvements? Determine which type of innovation you need and communicate that to your vendor.

b. Identify metrics. “It’s not just how you measure innovation; it’s how you measure successful innovation.” Clients shared a variety of metrics such as:

i. Requiring the vendor to submit continuous improvement ideas they agree are impactful to your organization

ii. Number of ideas submitted for approval

iii. Number approved

iv.  ROI of implemented idea

Read more

What Makes A True Research Partnership?

Reineke Reitsma

On two occasions in the past few months, I’ve given a speech to members of Forrester’s Market Research Forrester Leadership Board about vendor management best practices, a topic I’m writing a report on.[i] With market research budgets increasingly shrinking and research expectations growing, we see that market researchers need to select, manage, and measure their vendors more efficiently.

The key to success here is to develop partnerships with your key vendors. Why? Because conversations with Market Research professionals at a variety of organizations show that partnering with research vendors leads to better projects, deeper insights, and lower costs. As one of my interviewees said: “It’s about intellectual ROI: You need to invest less time for each project. You build a lot of equity. You also get more of a team thing going — to me, this is very important. You work with these people on a daily basis, so finding the right vendor and contact is critical, as we see them as colleagues.”

To understand how Market Research professionals currently collaborate with their research vendors, we surveyed our Market Research Panel earlier this year. The majority of our panelists feel that they already have established partnerships with most vendors, and two-thirds state that price is less important than quality.

Read more