Why IT Security Never Sells

If you can come up with a way to make IT security “sexy” than you’ll likely make a mint. To me security is equivalent to insurance:

  • You buy it to prevent “bad stuff” that might happen
  • You usually only look at it annually (or even less frequently) or after something bad happens and you discover you are inadequately covered
  • The sales and purchase process is universally detested; no one likes to talk about all the “bad stuff,” and feels like they’re getting hoodwinked into buying more than they need during the sales process.

Rather than trying to come up with more dire scenarios, or bigger scarier numbers, I would personally turn my pitch into something like “Hey, we both know you need this, we both know it’s a painful process, we’ll help you make it fast, relatively painless, and work with you to understand the right level of protection as your ‘security advocate’ of sorts.”

That would assume you’re not in bed with all the vendors and getting a larger profit the more of their stuff you sell. I don’t think insurance/security are ever going to be perceived as high value products (unless the client just went through a disaster), but if you can present yourself as acting in the client’s best interest then you could have a more compelling value statement than the vendors that just want to scare you into buying more stuff.



  1. Security starts with your users!
    You have no control of there home PC’s or their mobile devices however, you can educate them to what is available for home PC protection and mobile devices whether its free or it there’s a cost – the choice of the user. To support this is how a user is criminally liable not taking adiquate steps to ensure work related data being modified on a non-company PC should any such data is compomised. This helps your IT Dept. with the security of the company network with some knowledge that a percentage of users are heeding the call for ‘self home security’ reduicing the corporate risk. It’s what I have done with the users I’ve worked with by providing timely information that helps both. Any security initiative is better than none. Well, that’s my take on security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: