I am easily old enough to recall the introduction of the first airbags in cars. And what a tough sell it was. Overly expensive, they had to compete with ‘other‘ accessories, like metallic paint and chrome wheels. Airbags would bring additional safety, a feature that you would probably never need it and – more importantly – the neighbours would never notice. For some time, Chrysler glued a shiny ‘4 Airbags Inside’ plate onto the back of its Voyager cars, just to provide buyers with at least a hint of tangible value.
Selling security is still a bit like selling early airbags. I realized this once more the other day, when I had an interesting conversation with Mike Fey, the recently appointed CTO of McAfee. Companies spend an increasing amount of their IT budget on security, and although everybody will acknowledge the necessity of it, particularly the business side of firms don’t always have the topic close to the heart. They’d rather spend their money on glossy solutions around cloud, social, mobility and Big Data as they deliver direct value that impresses neighbours, customers, partners and competitors the like. And the situation becomes worse if security turns out to be standing in the way of their plans, bringing objections, uncertainties, delays and – ultimately - business prevention.
Maybe, selling security to the business as a separate topic is not such good idea anymore. The key may be in understanding and communicating how security enables areas of growth, rather than obstructing them. Our latest cloud research (more about it soon) shows that firms see all the obvious benefits of public clouds, but only make small steps forward, uncertain as they are about security, privacy and data sovereignty. The same goes for enterprise mobility, with employees banging on the door of corporate IT, demanding access to corporate data and applications on their own smartphones. It certainly also pertains to Big Data, with its potential still dormant as organizations try to grasp the security implications of the sheer volume, variety and velocity of today’s data.
Security architects should pay more attention to these growth areas. Not to understand what possibly could go wrong but what is needed in terms of a secure platform to reap the business benefits of cloud, mobile, Big Data and social: unobstructed, liberated from uncertainty and lack of clarity.
From that perspective, the acquisition of McAfee by Intel makes a lot of sense, with security sooner or later infusing with the chipset and becoming a ubiquitous part of the infrastructure. Something you don't have to worry about anymore, because it is part of the foundational design. Something shiny on the inside, if you like.