Craig Roth, VP Analyst, Gartner.
News & Events

Why is security low for content services platforms

I was recently perusing data from Gartner Peer Insights on content services platforms, when I noticed something surprising near the bottom of the priority list. Content security was hovering there near the bottom of the list of end-users reported priorities. It was in either #12 or #15 out of 15 priorities that could be selected depending on which time frame I looked at.

It is hard to imagine a content platform owner that would say security is not important, so why does security rate so low?

Buyers do not know what to ask or how to rate

Indeed, security is a prominent feature on nearly all RFPs and is often weighted quite heavily. This finding is validated by conversations with vendors who have touted their security as a key selling point and wonder why prospective customers do not seem to engage on that topic as much as anticipated.

This seems to be an example of where a low rating means overlooked or taken for granted rather than being an explicit statement that something is bad or unnecessary.

Here is why:

  • Buyers consider it a given or table stakes. Of course, security is important, but it is assumed no product could exist with bad security, so the other features are much more important as differentiating vendors.
  • Buyers do not know what to ask or how to rate. This can be seen in evaluations that simply tell us about security or list a bunch of standards that may not even be applicable.
  • Buyers outsource security considerations to the security team. Buyers of content service providers are experts in how the content will be created and consumed by the business. They are not security experts. In fact, they are often happy to have specialists in security handling those issues. If the surveys were taken by security personnel, I am sure security would rate at the top, but they do not own the content services platform.

What should content services platform vendors do about a feature that seems simultaneously critical and an afterthought? As with all messaging, the key is to understand your audience. And in this case, there are two: the content services platform buyer and their security team.

Buyers outsource security considerations to the security team

Product marketers need to use the primary messaging, which will be targeted at content services platform buyers, to describe security in terms that those buyers will understand. That includes how the end user is engaged with security protocols and what their user experience will be. Then you also need to prepare separate in-depth messaging for the security professional that will be brought in during the process.

Product leaders need to invest more in security than buyer interest would dictate

And product leaders need to invest more in security than buyer interest would sometimes dictate. For security-minded buyers, content security will weigh heavily into the conversion. And even for less security-minded buyers, content security is a consideration factor – you won’t even get on the shortlist without a good security reputation.


Vendors have touted security as a key selling point and wonder why prospective customers do not seem to engage on that topic as much as anticipated.

Craig Roth, VP Analyst, Gartner.
Craig Roth, VP Analyst, Gartner.