Monthly Archives: April 2025

Crypto agility isn’t a checkbox—it’s an operational mindset.

Leave a reply

In the early 2000s, I was responsible for a number of core security technologies in Windows, including cryptography. As part of that role, we had an organizational push to support “vanity” national algorithms in SChannel (and thus SSL/TLS) and CMS. Countries like Austria and China wanted a simple DLL‑drop mechanism that would allow any application built on the Windows crypto stack to instantly support their homegrown ciphers.

On paper, it sounded elegant: plug in a new primitive and voilà, national‑sovereignty protocols everywhere. In practice, however, implementation proved far more complex. Every new algorithm required exhaustive validation, introduced performance trade-offs, risked violating protocol specifications, and broke interoperability with other systems using those same protocols and formats.

Despite these challenges, the threat of regulation and litigation pushed us to do the work. Thankfully, adoption was limited and even then, often misused. In the few scenarios where it “worked,” some countries simply dropped in their algorithm implementations and misrepresented them as existing, protocol-supported algorithms. Needless to say, this wasn’t a fruitful path for anyone.

As the saying goes, “failing to plan is planning to fail.” In this case, the experience taught us a critical lesson: real success lies not in one-off plug-ins, but in building true cryptographic agility.

We came to realize that instead of chasing edge-case national schemes, the real goal was a framework that empowers operators to move off broken or obsolete algorithms and onto stronger ones as threats evolve. Years after I left Microsoft, I encountered governments still relying on those early plugability mechanisms—often misconfigured in closed networks, further fracturing interoperability. Since then, our collective expertise in protocol engineering has advanced so far that the idea of dynamically swapping arbitrary primitives into a live stack now feels not just naïve, but fundamentally impractical.

Since leaving Microsoft, I’ve seen very few platforms, Microsoft or otherwise, address cryptographic agility end-to-end. Most vendors focus only on the slice of the stack they control (browsers prioritize TLS agility, for instance), but true agility requires coordination across both clients and servers, which you often don’t own.

My Definition of Crypto Agility

Crypto agility isn’t about swapping out ciphers. It’s about empowering operators to manage the full lifecycle of keys, credentials, and dependent services, including:

  • Generation of new keys and credentials
  • Use under real-world constraints
  • Rotation before algorithms weaken, keys exceed their crypto period, or credentials expire
  • Compromise response, including detection, containment, and rapid remediation
  • Library & implementation updates, patching or replacing affected crypto modules and libraries when weaknesses or compromises are identified
  • Retirement of outdated materials
  • Replacement with stronger, modern algorithms

Coincidentally, NIST has since released an initial public draft titled Considerations for Achieving Crypto Agility (CSWP 39 ipd, March 5, 2025), available here. In it, they define:

“Cryptographic (crypto) agility refers to the capabilities needed to replace and adapt cryptographic algorithms in protocols, applications, software, hardware, and infrastructures without interrupting the flow of a running system in order to achieve resiliency.”

That definition aligns almost perfectly with what I’ve been advocating for years—only now it carries NIST’s authority.

Crypto Agility for the 99%

Ultimately, consumers and relying parties—the end users, application owners, cloud tenants, mobile apps, and service integrators—are the 99% who depend on seamless, invisible crypto transitions. They shouldn’t have to worry about expired credentials, lapsed crypto periods, or how to protect and rotate algorithms without anxiety, extensive break budgets or downtime.

True agility means preserving trust and control at every stage of the lifecycle.

Of course, delivering that experience requires careful work by developers and protocol designers. Your APIs and specifications must:

  • Allow operators to choose permitted algorithms
  • Enforce policy-driven deprecation

A Maturity Roadmap

To make these lifecycle stages actionable, NIST’s Crypto Agility Maturity Model (CAMM) defines four levels:

  • Level 1 – Possible: Discover and inventory all keys, credentials, algorithms, and cipher suites in use. Catalog the crypto capabilities and policies of both parties.
  • Level 2 – Prepared: Codify lifecycle processes (generation, rotation, retirement, etc.) and modularize your crypto stack so that swapping primitives doesn’t break applications.
  • Level 3 – Practiced: Conduct regular “crypto drills” (e.g., simulated deprecations or compromises) under defined governance roles and policies.
  • Level 4 – Sophisticated: Automate continuous monitoring for expired credentials, lapsed crypto-period keys, deprecated suites, and policy violations triggering remediations without human intervention.

Embedding this roadmap into your operations plan helps you prioritize inventory, modularity, drills, and automation in the right order.

My Lifecycle of Algorithm and Key Management

This operator-focused lifecycle outlines the critical phases for managing cryptographic algorithms and associated keys, credentials, and implementations, including module or library updates when vulnerabilities are discovered:

  • Generation of new keys and credentials
  • Use under real-world constraints with enforced policy
  • Rotation before degradation or expiration
  • Compromise response (detection, containment, remediation)
  • Library & Implementation Updates, to address discovered vulnerabilities
  • Retirement of outdated keys, credentials, and parameters
  • Replacement with stronger, modern algorithms and materials

Each phase builds on the one before it. Operators must do more than swap out algorithms—they must update every dependent system and implementation. That’s how we minimize exposure and maintain resilience throughout the cryptographic lifecycle.

Conclusion

What’s the message then? Well, from my perspective, cryptographic agility isn’t a feature—it’s an operational mindset. It’s about building systems that evolve gracefully, adapt quickly, and preserve trust under pressure. That’s what resilience looks like in the age of quantum uncertainty and accelerating change.

How ‘Sneakers’ Predicted Our Quantum Computing Future

Leave a reply

“The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeroes, little bits of data. It’s all just electrons.” — Martin Bishop, Sneakers (1992)

I was 16 when I first watched Sneakers on a VHS tape rented from my local video store. Between the popcorn and plot twists, I couldn’t have known that this heist caper would one day seem less like Hollywood fantasy and more like a prophetic warning about our future. Remember that totally unassuming “little black box” – just an answering machine, right? Except this one could crack any code. The device that sent Robert Redford, Sidney Poitier, and their ragtag crew on a wild adventure. Fast forward thirty years, and that movie gadget gives those of us in cybersecurity a serious case of déjà vu.

Today, as quantum computing leaves the realm of theoretical physics and enters our practical reality, that fictional black box takes on new significance. What was once movie magic now represents an approaching inflection point in security – a moment when quantum algorithms like Shor’s might render our most trusted encryption methods as vulnerable as a simple padlock to a locksmith.

When Hollywood Met Quantum Reality

I’ve always found it deliciously ironic that Leonard Adleman – the “A” in RSA encryption – served as the technical advisor on Sneakers. Here was a man who helped create the mathematical backbone of modern digital security, consulting on a film about its theoretical downfall. What’s particularly fascinating is that Adleman took on this advisory role partly so his wife could meet Robert Redford! His expertise is one reason why the movie achieves such technical excellence. It’s like having the architect of a castle advising on a movie about the perfect siege engine. For what feels like forever – three whole decades – our world has been chugging along on a few key cryptographic assumptions. We’ve built trillion-dollar industries on the belief that certain mathematical problems—factoring large numbers or solving discrete logarithms—would remain practically impossible for computers to solve. Yep, our most of security is all built on these fundamental mathematical ideas. Sneakers playfully suggested that one brilliant mathematician might find a shortcut through these “unsolvable” problems. The movie’s fictional Gunter Janek discovered a mathematical breakthrough that rendered all encryption obsolete – a cinematic prediction that seemed far-fetched in 1992.

Yet here we are in the 2020s, watching quantum computing advance toward that very capability. What was once movie magic is becoming technological reality. The castle walls we’ve relied on aren’t being scaled—they’re being rendered obsolete by a fundamentally different kind of siege engine.

The Real Horror Movie: Our Security Track Record

Hollywood movies like Sneakers imagine scenarios where a single breakthrough device threatens our digital security. But here’s the kicker, and maybe the scarier part: the real threats haven’t been some crazy math breakthrough, but the everyday stuff – those operational hiccups in the ‘last mile’ of software supply chain and security management. I remember the collective panic during the Heartbleed crisis of 2014. The security community scrambled to patch the vulnerability in OpenSSL, high-fiving when the code was fixed. But then came the sobering realization: patching the software wasn’t enough. The keys – those precious secrets exposed during the vulnerability’s window – remained unchanged in countless systems. It was like installing  a new lock for your door but having it keyed the same as the old one all the while knowing copies of the key still sitting under every mat in the neighborhood. And wouldn’t you know it, this keeps happening, which is frankly a bit depressing. In 2023, the Storm-0558 incident showed how even Microsoft – with all its resources and expertise – could fall victim to pretty similar failures. A single compromised signing key allowed attackers to forge authentication tokens and breach government email systems. The digital equivalent of a master key to countless doors was somehow exposed, copied, and exploited. Perhaps most illustrative was the Internet Archive breach. After discovering the initial compromise, they thought they’d secured their systems. What they missed was complete visibility into which keys had been compromised. The result? Attackers simply used the overlooked keys to walk right back into the system later. Our mathematical algorithms may be theoretically sound, but in practice, we keep stumbling at the most human part of the process: consistently managing the lifecycle of the software and cryptographic keys through theih entire lifecycle. We’re brilliant at building locks but surprisingly careless with the keys.

From Monochrome Security to a Quantum Technicolor 

Think back to when TVs went from black and white to glorious color. Well, cryptography’s facing a similar leap, except instead of just adding RGB, we’re talking about a whole rainbow of brand new, kinda wild frequencies. For decades, we’ve lived in a relatively simple cryptographic world. RSA and ECC have been the reliable workhorses – the vanilla and chocolate of the security ice cream shop. Nearly every secure website, VPN, or encrypted message relies on these algorithms. They’re well-studied, and deeply embedded in our digital infrastructure. But quantum computing is forcing us to expand our menu drastically. Post-quantum cryptography introduces us to new mathematical approaches with names that sound like science fiction concepts: lattice-based cryptography, hash-based signatures, multivariate cryptography, and code-based systems. Each of these new approaches is like a different musical instrument with unique strengths and limitations. Lattice-based systems offer good all-around performance but require larger keys. Hash-based signatures provide strong security guarantees but work better for certain applications than others. Code-based systems have withstood decades of analysis but come with significant size trade-offs. That nice, simple world where one crypto algorithm could handle pretty much everything? Yeah, that’s fading fast. We’re entering an era where cryptographic diversity isn’t just nice to have – it’s essential for survival. Systems will need to support multiple algorithms simultaneously, gracefully transitioning between them as new vulnerabilities are discovered. This isn’t just a technical challenge – it’s an operational one. Imagine going from managing a small garage band to conducting a full philharmonic orchestra. The complexity doesn’t increase linearly; it explodes exponentially. Each new algorithm brings its own key sizes, generation processes, security parameters, and lifecycle requirements. The conductor of this cryptographic orchestra needs perfect knowledge of every instrument and player.

The “Operational Gap” in Cryptographic Security

Having come of age in the late ’70s and ’80s, I’ve witnessed the entire evolution of security firsthand – from the early days of dial-up BBSes to today’s quantum computing era. The really wild thing is that even with all these fancy new mathematical tools, the core questions we’re asking about trust haven’t actually changed all that much. Back in 1995, when I landed my first tech job, key management meant having a physical key to the server room and maybe for the most sensitive keys a dedicated hardware device to keep them isolated. By the early 2000s, it meant managing SSL certificates for a handful of web servers – usually tracked in a spreadsheet if we were being diligent. These days, even a medium-sized company could easily have hundreds of thousands of cryptographic keys floating around across all sorts of places – desktops, on-premise service, cloud workloads, containers, those little IoT gadgets, and even some old legacy systems. The mathematical foundations have improved, but our operational practices often remain stuck in that spreadsheet era. This operational gap is where the next evolution of cryptographic risk management must focus. There are three critical capabilities that organizations need to develop before quantum threats become reality:

1. Comprehensive Cryptographic Asset Management

When a major incident hits – think Heartbleed or the discovery of a new quantum breakthrough – the first question security teams ask is: “Where are we vulnerable?” Organizations typically struggle to answer this basic question. During the Heartbleed crisis, many healthcare organizations spent weeks identifying all their vulnerable systems because they lacked a comprehensive inventory of where OpenSSL was deployed and which keys might have been exposed. What should have been a rapid response turned into an archaeological dig through their infrastructure. Modern key management must include complete visibility into:

  • Where’s encryption being used?
  • Which keys are locking down which assets?
  • When were those keys last given a fresh rotation?
  • What algorithms are they even using?
  • Who’s got the keys to the kingdom?
  • What are all the dependencies between these different crypto bits?

Without this baseline visibility, planning or actually pulling off a quantum-safe migration? Forget about it.

2. Rapid Cryptographic Incident Response

When Storm-0558 hit in 2023, the most alarming aspect wasn’t the initial compromise but the uncertainty around its scope. Which keys were affected? What systems could attackers access with those keys? How quickly could the compromised credentials be identified and rotated without breaking critical business functions? These questions highlight how cryptographic incident response differs from traditional security incidents. When a server’s compromised, you can isolate or rebuild it. When a key’s compromised, the blast radius is often unclear – the key might grant access to numerous systems, or it might be one of many keys protecting a single critical asset. Effective cryptographic incident response requires:

  • Being able to quickly pinpoint all the potentially affected keys when a vulnerability pops up.
  • Having automated systems in place to generate and deploy new keys without causing everything to fall apart.
  • A clear understanding of how all the crypto pieces fit together so you don’t cause a domino effect.
  • Pre-planned procedures for emergency key rotation that have been thoroughly tested, so you’re not scrambling when things hit the fan.
  • Ways to double-check that the old keys are completely gone from all systems.

Forward-thinking organizations conduct tabletop exercises for “cryptographic fire drills” – working through a key compromise and practicing how to swap them out under pressure. When real incidents occur, these prepared teams can rotate hundreds or thousands of critical keys in hours with minimal customer impact, while unprepared organizations might take weeks with multiple service outages.

3. Cryptographic Lifecycle Assurance

Perhaps the trickiest question in key management is: “How confident are we that this key has been properly protected throughout its entire lifespan?” Back in the early days of security, keys would be generated on secure, air-gapped systems, carefully transferred via physical media (think floppy disks!), and installed on production systems with really tight controls. These days, keys might be generated in various cloud environments, passed through CI/CD pipelines, backed up automatically, and accessed by dozens of microservices. Modern cryptographic lifecycle assurance needs:

  • Making sure keys are generated securely, with good randomness.
  • Storing keys safely, maybe even using special hardware security modules.
  • Automating key rotation so humans don’t have to remember (and potentially mess up).
  • Keeping a close eye on who can access keys and logging everything that happens to them.
  • Securely getting rid of old keys and verifying they’re really gone.
  • Planning and testing that you can actually switch to new crypto algorithms smoothly.

When getting ready for post-quantum migration, organizations often discover keys in use that were generated years ago under who-knows-what conditions, leading to them discovering that they need to do a complete overhaul of their key management practices.

Business Continuity in the Age of Cryptographic Change

If there’s one tough lesson I’ve learned in all my years in tech, it’s that security and keeping the business running smoothly are constantly pulling in opposite directions. This tension is especially noticeable when we’re talking about cryptographic key management. A seemingly simple crypto maintenance task can also turn into a business disaster because you have not properly tested things ahead of time, leaving you in a state where you do not understand the potential impact if these tasks if things go wrong. Post-quantum migration magnifies these risks exponentially. You’re not just updating a certificate or rotating a key – you’re potentially changing the fundamental ways systems interoperate all at once. Without serious planning, the business impacts could be… well, catastrophic. The organizations that successfully navigate this transition share several characteristics:

  • They treat keeping crypto operations running as a core business concern, not just a security afterthought.
  • They use “cryptographic parallel pathing” – basically running the old and new crypto methods side-by-side during the switch.
  • They put new crypto systems through really rigorous testing under realistic conditions before they go live.
  • They roll out crypto changes gradually, with clear ways to measure if things are going well.
  • They have solid backup plans in case the new crypto causes unexpected problems.

Some global payment processors have developed what some might call “cryptographic shadow deployments” – they run the new crypto alongside the old for a while, processing the same transactions both ways but only relying on the old, proven method for actual operations. This lets them gather real-world performance data and catch any issues before customers are affected.

From Janek’s Black Box to Your Security Strategy

As we’ve journeyed from that fictional universal codebreaker in Sneakers to the very real quantum computers being developed today, it strikes me how much the core ideas of security haven’t actually changed. Back in the 1970s security was mostly physical – locks, safes, and vaults. The digital revolution just moved our valuables into the realm of ones and zeros, but the basic rules are still the same: figure out what needs protecting, control who can get to it, and make sure your defenses are actually working. Post-quantum cryptography doesn’t change these fundamentals, but it does force us to apply them with a whole new level of seriousness and sophistication. The organizations that suceed in this new world  will be the ones that use the quantum transition as a chance to make their cryptographic operations a key strategic function, not just something they do because they have to. The most successful will:

  • Get really good at seeing all their crypto stuff and how it’s being used.
  • Build strong incident response plans specifically for when crypto gets compromised.
  • Make sure they’re managing the entire lifecycle of all their keys and credentials properly.
  • Treat crypto changes like major business events that need careful planning.
  • Use automation to cut down on human errors in key management.
  • Build a culture where doing crypto right is something people value and get rewarded for.

The future of security is quantum-resistant organizations.

Gunter Janek’s fictional breakthrough in Sneakers wasn’t just about being a math whiz – it was driven by very human wants. Similarly, our response to quantum computing threats won’t succeed on algorithms alone; we’ve got to tackle the human and organizational sides of managing crypto risk. As someone who’s seen the whole evolution of security since the ’70s, I’m convinced that this quantum transition is our best shot at really changing how we handle cryptographic key management and the associated business risks.

By getting serious about visibility, being ready for incidents, managing lifecycles properly, and planning for business continuity, we can turn this challenge into a chance to make some much-needed improvements. The black box from Sneakers is coming – not as a device that instantly breaks all encryption, but as a new kind of computing that changes the whole game. 

The organizations that come out on top won’t just have the fanciest algorithms, but the ones that have the discipline to actually use and manage those algorithms and associated keys and credentials effectively. 

So, let’s use this moment to build security systems that respect both the elegant math of post-quantum cryptography and the wonderfully messy reality of human organizations. 

We’ve adapted before, and we’ll adapt again – not just with better math, but with better operations, processes, and people. The future of security isn’t just quantum-resistant algorithms; it’s quantum-resistant organizations.

The Strategic Reality of Enterprise Deployment Options

Leave a reply

Offering customers deployment flexibility from managed SaaS to complex on-premise installations often feels like essential table stakes in enterprise software. Vendors list options, sales teams confirm availability, and engineering prepares for varied environments. Operationally, it seems like necessary market responsiveness. Strategically, however, this frequently masks a costly disconnect.

“The single biggest problem in communication is the illusion that it has taken place.” – George Bernard

The illusion here is that offering deployment choice equates to a sound strategy, often without a shared internal understanding of the profound operational and financial consequences across the Deployment Complexity Spectrum, visualized below:

Consider an enterprise security vendor’s platform. Their cloud-native solution delivers threat detection efficiently through centralized intelligence and real-time updates (Managed SaaS). Yet, certain market segments federal contracts, highly regulated industries (often requiring Private Cloud or On-Premise), and organizations with strict data sovereignty requirements legitimately demand deployment options further right on the spectrum. Supporting these models isn’t simply a matter of preference; it’s sometimes a necessity for market access.

However, accommodating these more complex deployment models triggers that cascade of business implications. Engineering faces the friction of packaging for disparate environments; Sales encounters drastically longer cycles navigating security and infrastructure reviews with more stakeholders; Implementation becomes bespoke and resource-intensive; Support grapples with unique, often opaque customer environments typical of Hybrid Cloud or On-Premise setups. The key isn’t avoiding these markets entirely, but rather making conscious strategic decisions about how to serve them while understanding the full business impact.

This isn’t just about technical difficulty; it’s about a fundamental business trade-off between market access and operational efficiency. Let’s examine the quantifiable impact:

Enterprise Security Vendor – Annual Deal Comparison (Illustrative):

  • Cloud-Connected Platform (SaaS/Hybrid):
    • Annual Revenue: $500,000 | Sales Cycle: 4 months | Implementation: $20k | Margin: 75% | Support: Low/Standardized
  • Isolated On-Premise Platform (Same Core Functionality):
    • Annual Revenue: $700,000 | Sales Cycle: 12 months | Implementation: $150k | Margin: 25% | Support: High/Bespoke

The higher on-prem ARR is dwarfed by the tripled sales velocity drag, the 7.5x implementation cost, the margin collapse, and the ongoing high support burden. Even when necessary, this “complexity tax” must be accounted for. The long-term financial disparity becomes even clearer when visualized over time:

A Framework for Strategic Deployment Evaluation

To move beyond operational reactivity, vendors need a framework that explicitly evaluates the impact of supporting points along the deployment spectrum. This framework should quantify the true business impact, forcing conscious trade-offs:

  • Sales & Go-to-Market Impact (Weight: ~25%):
    • Quantify: How does this model affect sales cycle length? (On-prem often 2-3x longer). Example Key Metric: Sales Cycle Length (Days)
    • Identify: Does it require engaging more stakeholders (networking, security, infra, procurement), complicating the sale?
    • Assess: What is the cost of sales and required presales expertise vs. potential deal value? Does it accelerate or impede overall business velocity?

  • Implementation & Delivery Cost (Weight: ~30%):
    • Measure: What is the typical implementation time? (Days/weeks for SaaS vs. months/years for complex on-prem). Example Key Metric: Implementation Margin (%)
    • Factor In: Does it require bespoke configuration, custom infrastructure knowledge, and navigating complex customer organizational boundaries and politics?
    • Calculate: What is the true implementation cost and its impact on gross margin? How repeatable and predictable is delivery?

  • Operational Scalability & Support Burden (Weight: ~30%):
    • Analyze: How difficult is troubleshooting in varied, often opaque customer environments with limited vendor visibility? Can issues be easily replicated? Example Key Metric: Avg. Support Tickets per Account per Quarter
    • Resource: Does it require broadly skilled support staff or specialized experts per environment? How does this impact support team scalability and cost-per-customer?
    • Compare: Contrast the ease of automated monitoring and centralized support in SaaS vs. the manual, reactive nature of complex deployment support.

  • Customer Value Realization & Retention (Weight: ~15%):
    • Evaluate: How easily can customers access new features and improvements? Does this model enable SaaS-like continuous value delivery (think Tesla’s overnight updates) or does it rely on disruptive, infrequent upgrades? Example Key Metric: Net Revenue Retention (%) by Deployment Model
    • Track: How visible are product usage and value realization? Does lack of visibility (common in on-prem) hinder proactive success management and create renewal risks?
    • Engage: Does the model foster ongoing engagement or lead to “out of sight, out of mind,” weakening the customer relationship?

(Note: Weights are illustrative examples, meant to provoke thought on relative importance.)

This framework brings the hidden costs and strategic trade-offs into sharp focus, facilitating data-informed decisions rather than reactive accommodations.

Three Deployment Strategy Archetypes

Applying this framework often leads vendors towards one of three strategic postures:

  1. The SaaS-First Operator: Maximizes efficiency by focusing on SaaS and standardized cloud, accepting limitations on addressable market as the key trade-off to preserve operational leverage and innovation speed.
  2. The Full Spectrum Provider: Commits to serving all models but requires disciplined execution: distinct architectures, specialized teams, rigorous cost allocation, and pricing reflecting true complexity. High risk if not managed strategically with extreme operational discipline and cost visibility.
  3. The Strategic Hybrid Player: Primarily cloud-focused but supports specific, well-defined Hybrid or On-Premise use cases where strategically critical (e.g., for specific regulated industries or control-plane components). Aims for a balance between market reach and operational sustainability, requiring clear architectural boundaries and disciplined focus.

Implementation: Aligning Strategy with Execution

Making the chosen strategy work requires aligning the entire organization, incorporating lessons from both successful and struggling vendors:

  • Recognize the fundamental differences between cloud-native (for SaaS efficiency) and traditional architectures. Align product architecture with target deployment models; avoid force-fitting. Consider distinct codebases if necessary.
  • Ensure pricing models accurately reflect the total cost-to-serve for each deployment option, including the higher sales, implementation, and support burden for complex models (e.g., conduct quarterly reviews of actual cost-to-serve per deployment model).
  • Create dedicated teams or clear processes for the unique demands of selling, implementing, and supporting complex deployments. Don’t overload SaaS-optimized teams.
  • Even for on-prem, develop standardized deployment models, tooling, and best practices to reduce variability.
  • Invest in secure monitoring/diagnostics for non-SaaS environments where feasible to improve support efficiency.
  • Ensure internal alignment on the strategy and its rationale. Clearly communicate capabilities, limitations, and expectations externally (e.g., ensure support SLAs clearly reflect potential differences based on deployment complexity). Avoid the “illusion” of seamless flexibility where significant trade-offs exist.
  • Ensure executive alignment across all functions (Product, Engineering, Sales, Support, Finance) on the chosen deployment strategy and its implications. Resource allocation must match strategic intent.

Conclusion

Choosing which deployment models to offer, and how, is a critical strategic decision, not just a technical or sales tactic. It fundamentally shapes your business’s operational efficiency, cost structure, product architecture, innovation capacity, and customer relationships. As the visualized business impact illustrates, ignoring the true costs of complexity driven by technical realities, architectural limitations, and organizational friction can cripple an otherwise successful business.

By using a multi-dimensional framework to evaluate the real impact of each deployment option and aligning the entire organization behind a conscious strategy, vendors can move beyond reactive accommodations. Success lies not in offering every possible option, but in building a sustainable, profitable, and scalable business around the deployment choices that make strategic sense. Avoid the illusion; understand and communicate the true impact.

Strategic Product End-of-Life Decisions

Leave a reply

When a product reaches the end of its lifecycle, companies typically create simple tables mapping products to migration paths, target dates, and release milestones. While operationally necessary, these tables often fail to capture the complex nature of EOL decisions. As George Bernard Shaw aptly said, “The single biggest problem in communication is the illusion that it has taken place.” These simplistic EOL tables create precisely this illusion-providing the comfort of a decision framework without addressing the strategic nuances.

Consider a neighborhood bakery that supplies all baked goods to a large grocery store chain. After a change in ownership, the new bakery manager reviews the product lineup and identifies a specialty pastry that appears to be an underperforming outlier-purchased by only a single customer. With a purely product-centric analysis, discontinuing this item seems logical.

However, this pastry happens to be a signature item for the grocery chain, which purchases substantial volumes across the bakery’s entire range. When informed about the discontinuation, the grocery store explains that their customers specifically request this specialty pastry. The bakery manager refuses to reconsider, emphasizing that the product isn’t profitable enough and the production line is needed for more popular items.

A few weeks later, the bakery learns that the grocery chain has decided to replace them entirely with a new vendor capable of meeting all their needs. The interaction was handled so poorly that the grocery store, despite being a major customer, isn’t even inclined to renegotiate-they’ve moved on completely.

This scenario vividly illustrates a common but critical strategic error: viewing products in isolation rather than considering their value in customer relationships. The quantitative analysis reveals the magnitude of this mistake:

Enterprise Account Analysis:

  • Specialty Pastry: $12,000 annual revenue, -8% margin
  • All Other Products: $680,000 annual revenue, 22% margin
  • Total Account Value: $692,000 annual revenue, 21% blended margin
  • Risk Assessment: Discontinuing the specialty pastry put $692,000 at risk, not just $12,000
  • Outcome: Complete loss of the account (100% revenue impact vs. the expected 1.7% impact)

The bakery manager made several critical errors that we see repeatedly in product EOL decisions. They treated each pastry as an isolated product rather than part of a larger strategic relationship. They failed to recognize the pastry’s importance to their major client. They made decisions based purely on aggregated sales data without customer segmentation. They approached the conversation without empathy or alternatives. And they prioritized immediate resource allocation while overlooking long-term consequences.

A Framework for Better Decisions

To avoid similar mistakes, organizations need a comprehensive approach that evaluates EOL decisions across dimensions that understand the whole business, here is an example of how this might work in our bakery example:

  • Customer relationship impact should be the primary consideration in any EOL decision, weighing approximately 40% in the overall assessment. This includes evaluating the aggregate revenue from all products with shared customers, the customer’s classification and business importance, the probability of triggering a broader portfolio review, and what C-level relationships are tied to the product.
  • Product economics matter but must be viewed holistically, accounting for about 25% of the decision weight. Consider the product-specific recurring revenue and growth trajectory, any “door opener” and account protection value, ongoing engineering and operations expenses, volume and complexity of support tickets, and margin trajectory over time.
  • Technical considerations evaluate the maintenance burden against potential disruption, weighing approximately 20% in the decision process. Assess technical debt quantification, resources allocated across engineering and support, systems that depend on this product, estimated customer transition effort, and infrastructure and stack viability.
  • Market position provides critical competitive context, contributing about 15% to the decision framework. Consider the percentage of customers actively using the product, strength of the unique value proposition, fit with long-term product vision, and segment growth trajectory.

Note: These % figures are really intended as examples rather than strict guidelines.

These four dimensions provide a balanced view of a product’s strategic importance beyond immediate financial metrics. The bubble chart above illustrates their relative weighting in the decision process, emphasizing the outsized importance of customer relationships.

Three Product Archetypes and How to Handle Them

Most EOL candidates fall into one of three categories, each requiring a different approach:

  • Strategic anchor products have high customer relationship impact despite potentially challenging economics or technical debt. Like the bakery’s specialty pastry, they may appear unprofitable in isolation but protect significant broader revenue. Organizations should retain these products despite costs, as they protect broader customer relationships and associated revenue streams, though pricing adjustments might be considered if necessary.
  • Legacy systems typically have balanced profiles with high technical maintenance burden but moderate customer impact. They often represent technical debt accumulated through growth. The wise approach is to modernize rather than discontinue to maintain customer relationships, creating migration paths that preserve core functionality while reducing technical debt.
  • True EOL candidates have low customer attachment and minimal dependency chains. Their strategic value has diminished over time as the market has evolved. These products can be considered for end-of-life treatment with appropriate migration paths and thoughtful customer communication, ensuring smooth transitions to alternatives.

The radar chart above illustrates how these three product archetypes compare across the four dimensions. Strategic anchor products show high customer relationship impact, legacy systems typically have high technical burden but moderate customer impact, and true EOL candidates score low across most dimensions.

Implementation: Making It Work in Practice

Successful EOL decisions require collaboration across the organization through a structured process. Begin with thorough data collection across all dimensions, then integrate perspectives from Sales, Customer Success, Product, Engineering, and Support. Project different transition timelines and potential impacts. Present multidimensional analysis to secure leadership alignment. Develop thoughtful communication that acknowledges the full context.

As the bakery example illustrates, EOL decisions are fundamentally about managing complex trade-offs. The framework shifts the conversation from “Should we discontinue this product?” to “What is the strategic value of this product to our customers and business?”

By moving beyond simplistic spreadsheet analysis to a multidimensional approach, organizations can make EOL decisions that enhance rather than damage customer relationships, technical architecture, and market position.

Remember Shaw’s warning about the illusion of communication. Your EOL tables may give the appearance of strategic planning, but without considering all dimensions, they’re merely operational checklists that risk overlooking critical strategic value. The true measure of EOL success isn’t operational execution but customer retention and long-term business impact.

Decision-making as a Product Manager

Leave a reply

We cannot do everything; the French have a saying, “To choose something is to renounce something.” This also holds true for Product Managers. How we choose is important, especially in a startup where resources are finite.

The larger the organization, or the more political it is, having a framework that we use for decision-making helps us both increase the chances of good decisions and defend the uncomfortable decisions that must be made.

The highest priority of a product manager is to be a good custodian of the engineering resources. This means we must ensure they have the information they need to make the right engineering investments; otherwise, we are wasting the most valuable asset in the organization.

The next highest priority is to ensure that the sales and support team has what they need to keep the funnel full. This might include marketing materials, product roadmaps, one-on-one customer engagements, or a myriad of other inputs to the sales process that enable the field to support teams to jump-start the revenue engine.

With that said, if all we do is focus on those two things, we fail. Product management is about solving a specific business problem in an elegant and timely manner. This requires research, customer interviews, designs, and roadmapping. Once we unblock engineering, sales, and support, we must shift our priority to optimizing the conversion funnel.

We need to prioritize optimizing how each stage of the sales funnel works while ensuring the existing sales, support, and engineering processes function as needed.

The path to success involves balancing immediate needs with long-term strategic goals and continually refining the process to ensure that the product not only addresses current market needs but is also positioned for future growth and success. This also requires us to continually assess, as independently as we can, how the organization is doing on these metrics so we can make sure how we prioritize evolves with the ever-changing needs of the organization.

As the product manager, you are in many respects the general manager for the business. If you get too focused on a task mindset, simply put, you will miss the forest through the trees, which for a small company can be the difference between death and success.

The Decision Engine

What makes this funnel particularly powerful is that each stage generates critical information that fuels better decision-making. As a product manager, you’re not just moving customers through stages—you’re creating a decision engine that systematically improves how you allocate resources and prioritize efforts.

When focusing on filling the funnel, every piece of messaging that resonates or falls flat gives you data that refines your market understanding. The leads that convert tell you which pain points matter most; those that don’t reveal gaps in your value proposition. This creates a natural feedback loop where better market understanding leads to more effective messaging, which generates higher-quality leads, further enhancing your understanding.

This pattern continues as prospects move toward contracts. Here, you learn precisely where your offering stands relative to alternatives. Which features accelerate decisions in your favor? What competitive gaps slow down contract signing? These insights should directly influence your product prioritization decisions, creating a virtuous cycle where enhanced differentiation speeds contract closure.

Product Design: The True Driver of Sales Velocity

Looking at our funnel, it’s tempting to see words like “quickly,” “successful,” and “renewals” as purely sales-driven metrics. In reality, these outcomes are fundamentally shaped by product decisions. Each “quickly” in our funnel represents not just a sales process optimization but a product design imperative.

Consider the pilot stage. Moving through pilot “quickly” isn’t just about sales execution—it’s about how you’ve designed the product to be deployed, configured, and integrated. A product that requires weeks of professional services to set up creates an inherent velocity constraint that no sales process can overcome. Your architectural decisions directly determine how rapidly customers can reach value.

Similarly, moving to full production quickly depends on how you’ve designed for scalability from the beginning. Does your product require painful reconfiguration when moving from pilot to production? Have you anticipated enterprise requirements for security, compliance, and integration? The deployment friction your customers experience is built into your product decisions long before the sales team encounters it.

Making customers “successful” and securing renewals are likewise outcomes of product strategy more than sales tactics. A product designed with deep customer empathy, clear use cases, and thoughtful success metrics creates its own momentum toward renewal. Conversely, even the most skilled customer success team can’t compensate for a product that doesn’t deliver measurable value aligned with the customer’s definition of success.

As a product manager, recognize that you’re designing not just features but the velocity of your entire business. Every decision that reduces friction in deployment, integration, scalability, and value realization accelerates your funnel more effectively than any sales process optimization could.

Communication: The Force Multiplier of Decision-Making

The greatest decision framework in the world fails if it remains inside your head. The biggest problem with communication is the illusion that it has occurred. As a product manager, you can never communicate too much about decisions and their rationale.

Clear communication turns good decisions into organizational alignment. When engineers understand not just what to build but why it matters to customers and the business, they make better micro-decisions during implementation. When sales understands the strategic reasoning behind a feature prioritization, they can communicate this context to customers, turning potential disappointment into a deeper relationship.

Insufficient communication of decisions and rationale inevitably leads to loss of focus and momentum. Teams begin to drift in different directions, making assumptions about priorities that may conflict with your actual intentions. You’ll find yourself having the same conversations repeatedly, wondering why people “just don’t get it.” The answer is usually that you haven’t communicated nearly as effectively as you thought.

This communication challenge often necessitates difficult conversations and realignment throughout the process. Team members may have become invested in directions that no longer align with your decisions. Having to reset expectations is uncomfortable but essential. These conversations become significantly easier when you’ve consistently communicated the decision framework and the data informing it.

Effective communication of decisions requires multiple formats and repetition. The same message needs reinforcement through documentation, presentations, one-on-ones, and team discussions. Remember that people need to hear information multiple times, in multiple contexts, before it truly sinks in. What feels like redundant overcommunication to you is often just barely sufficient for your stakeholders.

Most importantly, communicate not just the what but the why. Decisions without context are merely directives; decisions with context create learning opportunities that help your team make better autonomous choices aligned with your strategy.

Embracing Constraints

It’s worth acknowledging a fundamental truth of product management: resource constraints are inevitable regardless of your organization’s size. Even companies with seemingly infinite resources must choose where to allocate them. Google, Amazon, and Apple all discontinue products and say “no” to opportunities—size doesn’t eliminate the need for prioritization, it just changes the scale of what’s possible.

Priority conflicts and organizational challenges will always be part of the landscape you navigate. You’ll encounter competing stakeholder needs, passionate advocates for conflicting approaches, and the politics that come with any human enterprise. This isn’t a sign that something is wrong—it’s the natural state of building products in complex environments.

The key difference between effective and ineffective product managers isn’t whether they face these challenges, but how they approach them. By being transparent about the first and second-order effects of your decisions, you create trust even when stakeholders disagree with your choices. When engineering knows why you’ve prioritized feature A over feature B, they may still be disappointed but can align with the reasoning.

Perhaps most importantly, remember that few decisions are truly permanent. The best product managers maintain the humility to monitor outcomes and change course when the data suggests they should. Your decision framework should include not just how to decide, but how to recognize when a decision needs revisiting. This adaptability, coupled with transparency about your reasoning, creates the resilience necessary to navigate the inevitable twists in your product journey.

Building Decision Frameworks That Scale

As product managers, we should strive to make our analysis and decision processes repeatable and measurable. Using consistent rubrics helps ensure that the insights generated at each funnel stage don’t remain isolated events but become part of an institutional learning process.

These rubrics need not be complex—simple scoring systems for evaluating feature requests against strategic goals, or frameworks for assessing customer feedback patterns—but they should be consistent. By standardizing how we evaluate options, we create the ability to look back quarterly and yearly to assess the quality of our decision-making.

Did we ask ourselves the right questions? Did we weigh factors appropriately? Which decision frameworks yielded the best outcomes? This retrospective analysis allows us to internalize lessons and deploy improved decision processes more consistently across the organization. Over time, these rubrics become the scaffolding that supports better and faster decisions as the company grows.

Feeding the Company’s Soul

As a product manager, you are the custodian of more than just resources—you are feeding the very soul of the company. Product is where vision meets reality, where strategy becomes tangible, and where customer needs translate into business value. Each decision you make, each iteration loop you create, fuels the journey toward the company’s next milestone.

These seemingly small decisions—which feature to prioritize, which customer segment to focus on, which technical debt to address—collectively determine the trajectory of the entire organization. The funnel isn’t just a conversion mechanism; it’s the heartbeat of your business, pumping valuable insights that nourish every subsequent decision.

Your most valuable contribution isn’t the individual decisions you make, but how you architect the feedback loops that transform customer interactions into organizational learning. By systematically capturing and applying these insights, you create not just a product but an ever-evolving organism that adapts and thrives in changing conditions.

Remember that in a startup, the line between success and failure is often razor-thin. Your ability to make good decisions, informed by these iteration loops, may be the difference between reaching that next funding milestone or running out of runway. You’re not just building a product—you’re charting the course that determines whether your company reaches its destination or disappears beneath the waves.