Free versions of security products can help non-profits with small budgets, and the companies that provide the free products

Providing Cybersecurity to the Underserved, and Building a Business by Doing So

Just about every business provides charitable contributions, from the local insurance broker that buys the uniforms for the Little League team to Fortune 50 companies that contribute millions to their chosen causes. The donations can be in the form of cash, or goods and services (think the local pizzeria that donates the pizza for the volunteer firehouse coat drive workers). Companies benefit from these contributions primarily from positive PR, and sometimes via orchestrated Cause Marketing, but generally charitable donations negatively impact business bottom lines, albeit modestly in most cases.

But what if donating a service were tangibly good for the bottom line? What if it actually helped build the business beyond a press release or picture of a check presentation to a homeless shelter on Linkedin? What if providing that service gratis was part of the company’s growth strategy, a core element of its go-to-market approach? 

Pardon the cliche’, but talk about a win-win.

And, of course, just like a comedian wouldn’t deliver a two-paragraph set-up without a joke (at least not a paid comedian), we wouldn’t do so either without providing examples of precisely what we just described. And it’s good news:  the cybersecurity community is finding ways to protect underserved organizations while simultaneously growing their bottom lines.

Perhaps the most notable example of this is Cloudflare. Founded in 2010, the company generates $1.2B in annual revenue as of this writing, and provides a cloud-based web application firewall (WAF – software that identifies and blocks likely nefarious web traffic), web traffic load balancing and other security solutions to organizations of all sizes globally. Cloudflare built its business on a go-to-market strategy known as “Product Led Growth”, or PLG, a fancy marketing term for self-serve access to the product; those interested in their solution can create an account and use it without the typical, and often maddening, enterprise software sales process. What’s most relevant to this discussion, however, is that a PLG motion often includes an indefinitely free version of the product designed to entice users to upgrade to the paid version (another fancy marketing term here is “Freemium” model). But users are under no obligation to upgrade to the paid version with its advanced features, so it can be quite sufficient for hobbyists, small businesses…and non-profits like churches, synagogues, volunteer fire departments, homeless shelters, etc. Moreover, the use of the product by these organizations, even if they never upgrade to the paid version, can provide tangible benefits to the software manufacturer

Cloudflare leveraged this growth strategy not out of the goodness of its collective heart, but because it helped accelerate their growth. The IT expert that volunteered as the technology manager at their church or for their sister-in-law’s town council campaign, also had day jobs with for-profit enterprises. They’d use the free version of Cloudflare for their side gigs, find it valuable, then effectively be Cloudflare’s internal advocate at their primary places of employment. Cloudflare benefited not only from this unofficial sales force, but also from the feedback and data provided by countless small organizations that it used to improve the product.

At trackd, we’re using a similar strategy to build our customer base, but are even more dependent on our growing body of free users for our product’s development. Indeed, our free users are essential to our business plan; we literally can’t deliver the unique solution we’ve designed without them. 

Here’s why. 

With our platform, users find all the vulnerabilities on their devices (endpoints, servers, cloud VMs, etc.), and apply patches to fix them. Every time a user applies a patch with our solution, we record whether or not that patch caused a disruption. We then anonymize that information and share it with all other trackd users. So, with trackd, everyone has some insight into how disruptive a patch has been (or not been) before applying it. The catch, however, is we need many users to apply patches so we can build a meaningful dataset of applied patches. Thus, the more our free users use the platform, the more everyone benefits. Our solution doesn’t care if a patch is applied on the network of a Fortune 500 client, or a laptop at the local synagogue; that datapoint, and thousands like it, are what make our platform uniquely valuable to our customers. In short, we wouldn’t have a business without free users.

Certainly, we’re delighted to be able to help secure organizations that don’t have the resources to purchase cutting edge cybersecurity solutions, but in reality, we wouldn’t be able to do that if it didn’t benefit our business, irrespective of our commitment to the greater good. But we confess that it is gratifying to be able to help underserved organizations as part of our objective to modernize vulnerability management.