Glossy Shield - The true sense of security?
Perception is reality in today's world! Can we make our customers believe that they are secure, as long as they perceive a sense of security, or at least until they are aware of the compromise? Do the customers realize that they might be believing/expecting one thing and your product is providing/delivering something else? Is that what you would really want?
Can the customers really blame the service providers for making them believe that they are secure? Isn't that what you are paying the security vendors for, for the sense of security? Or, are you really assuming that security magically appears from one single product, application or appliance? If you believe that you are paying them for a value added service, what methodologies would you use to prove them right or wrong (like collision analysis, etc.)?
Let us dive into reality for a change and avoid the false sense of security. The orange shield in the picture could give you a perception of it being made from a superior material, gold buttons, steal body, glossy effect and the deterrence from orange color. Would you pay a company that has similar logo's in their depiction of themselves and believe that they should be good at what they do because they look awesome? Sounds foolish, right?
Most of us (probably because we are human) fall for the very thing that we do not believe in. The glossy logo, attractive brochures, technology jargons, neurolinguistic keywords (NLP - Buy Now!), expensive suits (sales), awesome dashboards, movie-set work environments, etc. and we might start building our opinions based on a sales-pitch, advertisements or other forms that would anyhow be voided through a Merger Clause (sample):
"... Agreement constitutes the entire agreement and understanding between the parties hereto and supersedes any and all prior agreements and understandings, oral or written, relating to the subject matter ..."
The idea behind the clause is to generally void any or all misunderstandings that could have been caused due to the extensive exposure of sales agenda meetings, where the customers are promised the world. When signing the contract, the customers could choose to read it and understand that everything they have been told is about the glossy shield, but what they get might be a copper plate.
This does not mean that the service providers are bad or that the customers are innocent. It just means that people should stop falling for perception reality and glossy shields, but instead start asking questions. Sales pitches are great, but if you expect Impossible Mission Force (IMF) to solve your problems, you must be highly delusional! Certifications are great to have and shows value in the job market, but falling for the certification and accrediation alone is a problem.
Obsession over expensive suits and movie set environments could also make customers sign contracts, but would you sign the contract for the appearance if you were in that situation? Usage of neurolinguistic programming would make some people vulnerable to "buy now!", "sale ends tomorrow", "quarter closure", etc. but if you know where you stand, and the requirements for the product, market value comparison, cost benefit analysis, total cost of operation, return of investment, etc. should help you make your decisions, irrespective of how the product looks, what does it promise or how the UI is, etc., the appearance.
Don't blame the service provider or the sales guys for your lack of understanding! The idea here is to understand what you want and what you could get, does that align with your need/requirement and budget. If you expect the unexpected, anticipate a miracle, etc., then you must be dreaming. Truth is that, both service providers and customers have to watch out for each other and ensure that there is no false sense of security. Can you help fix the information security community, by doing what is right for everyone?
Welcome re·al·i·ty (/rē?al?dē/) !
If you are a service provider, sales professional or a customer and find this article to be amusing, please share your comments on what you have personally observed, how you have dealt with the problem, is this along the lines of what you have seen or what have I gotten wrong.
“If freedom of speech is taken away, then dumb and silent we may be led, like sheep to the slaughter.” ― George Washington
Disclaimer: Please note that these posts and what is described in them are for educational purposes only. Opinions expressed are solely my own and do not express the views or opinions of my employer.