FUD in IT security markets can have serious consequences

By Tom Foremski - November 23, 2004

by Tom Foremski for SiliconValleyWatcher.com

The practice of creating fear, uncertainty and doubt (FUD) in markets has always worked well for the largest IT companies. IBM was first associated with this term but others quickly learned how to use the technique.

FUD is simple and very effective. If you are challenged by a smaller rival, maybe a startup, you say you have a better product/service on the way soon. Potential customers will often wait to evaluate both products/services. This provides the larger player with time to catch up, while the startup burns out of money or can't match the marketing dollars.

In my most recent column for the Financial Times, I make the point that FUD in the IT security sector could potentially have far more serious consequences these days. It can prevent the timely application of security technologies within large numbers of organizations, leaving them vulnerable to huge numbers of exploits.


Several security technology startups recently banded together to fight FUD and what they claim is a deliberate creation of a false sense of security. They have challenged the largest vendors, such as Cisco Systems, Symantec, Check Point and Juniper Networks, to allow an independent lab to evaluate competing security products.

From the FT column: (it’s a little strange quoting myself but the column is behind a subscription firewall so I can only smuggle a few paras out....)

The companies issuing the challenge are Imperva, NetContinuum, and Teros. Shlomo Kramer, chief executive of Imperva, is a co-founder of Check Point, the leading firewall vendor. The CEOs of the three companies are primarily concerned about the issue of application security. While the perimeter of most corporations is protected by firewalls, there is less protection against software that exploits IT applications and steals data for criminal gain. They say application security systems must meet certain minimum requirements.

“We believe these minimums are not being met by many vendors, despite marketing claims that strongly imply such protection. The result is a false sense of security that exposes consumers and corporations to a higher risk of identity theft and other similar data loss threats,” they say. ICSA Labs, an independent laboratory, will be testing application security products and helping establish minimum standards.


I also note in the column that clarity in the computer security market is very important. Keeping the message simple will help sales and adoption. However, Symantec, the world’s largest security software company, seems to believe that clarity is best served by the introduction of a new IT term: “information integrity.” This term is now used to describe its security products and services. According to Symantec, “Security + Availability = Information Integrity.”

I recently heard that some security startups are considering adopting the “Information Integrity” term because Symantec uses it. This ability for a dominant company to change the language used to describe products or services is a formidable competitive advantage. But the introduction of more jargon won't speed the overall adoption of the latest computer security technologies. And I doubt it will do much for Symantec's sales.

We already know that computer virus, worm and spyware creators move far faster than computer security companies. There is no need to handicap things further with confusing IT jargon.


Here is my FT column, a subscription to FT.com is required.


dk0815


Share this article

 Subscribe in a reader

By Tom Foremski - November 23, 2004 | Permalink | Category: Tech Watch
| SVW Toolbar | SVW Newsletter | SVW Mobile