[ISN] Security market is leasing the plot

From: InfoSec News (isnat_private)
Date: Tue Feb 18 2003 - 00:46:30 PST

  • Next message: InfoSec News: "[ISN] A little more stuff..."

    Guy Matthews 
    Is there any place for leasing in the security market? It's going to
    be a huge sector this year; making security sales will be like selling
    medical dictionaries to hypochondriacs.
    But there remains a huge question mark over whether leasing and rental
    has a place in security. Leasing, for all its attractions, does not
    have an obvious place in the security market because firms, especially
    SMEs, like the idea of ownership in this area.
    Then there is the question of disposal. The average lease term will be
    three years.
    Returning IT kit means having to transfer all of the data on the hard
    drive and, while this is not exclusively a leasing issue (a recent
    study in the US showed that three out of four old machines contained
    retrievable data), having a definite deadline to which you have to
    work puts pressure on users.
    Then there is the psychology of selling security, and a sceptical
    end-user market may take some convincing.
    A recent book by Kevin Mitnick, the famous ex-hacker, described how
    the simplest way to get information from a company is often to phone
    up and pretend to be someone you're not.
    Everything from passwords to whole databases can be obtained this way.  
    All of the retinal scanners in the world will not overcome the
    stupidity of some people.
    Security is often all in the mind, and it is an area that most people
    will happily ignore until it is too late.
    The reason security tends to be ignored is 'inflation syndrome'. That
    is inflation in the sense of expansion.
    This inflation syndrome is the one where a customer takes your call,
    receives your sales visit and is turned into a paranoid wreck within a
    In essence your message is: you've secured the doors, now what about
    the windows? What if they come in through the roof? Can you actually
    trust your employees? And so on.
    The trick is to convince users that, while they are at risk as never
    before, they can still achieve something by addressing the issue.
    First the consultation. A few questions. Who has physical access to
    your IT? Do you have a wireless network? Then the diagnosis: your
    security is a joke, and a sixth-form hacker could destroy you in
    Within days of meeting you the end-user will be having sleepless
    nights. Within a week they will be calling you for reassurance.
    To close the deal you say: 'We're glad you have decided to take
    security seriously. Here are the actions you should take, and these
    are the products we recommend.'
    After all this, offering leasing doesn't really fit. Does it?
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Feb 18 2003 - 03:20:19 PST