Marketing Security
Well it's been a while since I last posted – no excuses but it has been a few stressful weeks – end of quarters, travel across the world and all. In any case I wanted to follow up with the general theme of security evolved that I got started last time. One of the interesting things that has happened in the last year or so is that security for some has changed from something to be ashamed of and a pain point to an advantage of sorts. Case in point is Apple which through its Mac-PC commercials appears to trump its security (among other attributes) over the competition. This is interesting for a couple of reasons in my mind. Firstly, it shows that security has stepped out of the technical echelons and made its way all the way to the marketing department (which if you believe the stereotypes is meant to be one of the clueless departments competing hard for the most clueless with the sales guys ;)). This in turn leads to the second reason. One thing a good marketing department (and whether you like them or not or whether you believe the commercials or not, you have to agree Apple has one of the best) is good at is at coming up with important reasons why customers should buy their product. This in turn implies that whatever this competitive advantage is, it is only an advantage if it makes a difference to the consumer. Now in my little mind what that means is in Apple's wisdom security is something that end users care about – and remember they are talking about primarily consumers not enterprises. From my perspective this is pretty big and it would be interesting to see or hear about the research that went into coming up with this marketing strategy i.e. how much do users care about security as an attribute, how does it compare to performance or usability etc. I would think someone at Apple has these answers and these could help answer the ever pertinent "What's the ROI for security?" or even the more basic "Why security?".
The other kind of related phenomenon is what has happened at the security conferences over the last few years. Almost every security conference that I attended or was interested in or that someone I knew attended or was interested was dominated by pretty much company – Microsoft. Microsoft was not only a major sponsor but also had employees presenting and not just one or two presentations – heck at Blackhat 2006 they had an entire track. In my humble opinion a lot of this was marketing around the release of Vista and the security advances that it brings to the table as compared to prior versions of Windows. The interesting I learned is that the Security Technology Business Unit (or whatever it is called now – given all the reorganizations) which is responsible for Windows security actually has a Marketing person. I would guess this person is tasked to a large extent with PR associated with the Patch Tuesday releases, but it wouldn't surprise me if part of the focus is also on marketing security as a competitive advantage for the Windows platform and the other Microsoft products.
Anyways just theories obviously since I have no insider information but I do think it is a interesting transition from defensive security to offensive security if I may call it that. On the other hand maybe I am reading too much into this trend…