Security market is leasing the plot

[InfoSec News <isn () c4i org>]

http://www.vnunet.com/Analysis/1138843

Guy Matthews 
17-02-2003 

Is there any place for leasing in the security market? It's going to
be a huge sector this year; making security sales will be like selling
medical dictionaries to hypochondriacs.

But there remains a huge question mark over whether leasing and rental
has a place in security. Leasing, for all its attractions, does not
have an obvious place in the security market because firms, especially
SMEs, like the idea of ownership in this area.

Then there is the question of disposal. The average lease term will be
three years.

Returning IT kit means having to transfer all of the data on the hard
drive and, while this is not exclusively a leasing issue (a recent
study in the US showed that three out of four old machines contained
retrievable data), having a definite deadline to which you have to
work puts pressure on users.

Then there is the psychology of selling security, and a sceptical
end-user market may take some convincing.

A recent book by Kevin Mitnick, the famous ex-hacker, described how
the simplest way to get information from a company is often to phone
up and pretend to be someone you're not.

Everything from passwords to whole databases can be obtained this way.  
All of the retinal scanners in the world will not overcome the
stupidity of some people.

Security is often all in the mind, and it is an area that most people
will happily ignore until it is too late.

The reason security tends to be ignored is 'inflation syndrome'. That
is inflation in the sense of expansion.

This inflation syndrome is the one where a customer takes your call,
receives your sales visit and is turned into a paranoid wreck within a
week.

In essence your message is: you've secured the doors, now what about
the windows? What if they come in through the roof? Can you actually
trust your employees? And so on.

The trick is to convince users that, while they are at risk as never
before, they can still achieve something by addressing the issue.

First the consultation. A few questions. Who has physical access to
your IT? Do you have a wireless network? Then the diagnosis: your
security is a joke, and a sixth-form hacker could destroy you in
seconds.

Within days of meeting you the end-user will be having sleepless
nights. Within a week they will be calling you for reassurance.

To close the deal you say: 'We're glad you have decided to take
security seriously. Here are the actions you should take, and these
are the products we recommend.'

After all this, offering leasing doesn't really fit. Does it?



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.