Security "Bits"

Is OEM Software a Good Idea?

By Nat Kausik | May 31, 2016 at 11:01 AM

Every technology company faces the "OEM question" often - build or license technology? The answer to this question is pretty simple.  If the capability is core to your mission, OEM is a bad idea.  If the capability is not core to your mission, should you even be contemplating the question?

Take Yahoo.  It predated Google by many years, anticipating the importance of classifying all the information on the Internet.  Yet, Yahoo chose to OEM Google's search engine.   We all know how that turned out.  Google is now a behemoth with a market capitailization of over $500B, while Yahoo is on life-support enmeshed in a public auction of its core business, leaving behind a shell company with a stake in Alibaba.

Yahoo should be a strong lesson for any technology company.  Unfortunately not.   Last week, we were involved in a CASB bakeoff at an S&P 500 company.     The customer had already tested a competitor before they tried Bitglass.   We set them up in a trial and fired off a scan of the files at rest in their cloud file share application.  In a couple of days, our scan completed and reported about 500K cloud DLP events.   The customer was baffled.  The competitor had taken over two weeks to scan the same application and had only detected 300K DLP events.  

What gives?  Turns out the competitor's DLP engine is based on code OEM'ed from a third party.   That third party is Autonomy, who was acquired by HP for 10B, and is now in the peculiar situation of being sued by HP for fraud.   When you OEM code, you are at the mercy of your source to maintain it.  Unmaintained code is a blind-spot in your product with respect to performance and effectiveness.

At Bitglass, we ask ourseslves the OEM question every day.  If it's core to our mission, we build and maintain it.  If it's not core to our mission we walk away.    



see all