In branding news: IE7 is out in Beta 2 and I'm impatiently waiting for the first road tests. (Roight... as if I have a Microsoft platform around here...) Readers will recall that Microsoft took the first steps along the branded security path by putting the CA name up on the chrome. This places them in the lead in matters of risk.
Sadly, they also got a bit confused by the whole high-end super-certs furfie. IE7 only rewards the user with the CA brand if the site used these special high-priced certs.
Plonk! That kind of ruins it for security - the point of the branding is that the consumer wants to see the Bad Brand or Unknown Brand or the Missing Brand or the Bland Brand ... up there as well. Why? So as to close off the all-CAs-are-equal bug in secure browsing. (Preferably before the phishers start up on it, but just after the first sightings will do nicely, thanks, if you subscribe to post-GP theories.)
By choosing to promote a two-tiered risk statement, Microsoft then remains vulnerable to a takeover in security leadership. That's just life in the security world; leadersip is a bit of a lottery when you allow your security to become captive to marketing departments' zest for yet another loyalty program. Also, annoyingly, IE7 promises to mark any slightly non-formal certificated site (such as FC) as a Red Danger Danger site. Early indications are that this will result in an attack on brand that hasn't hitherto been seen, and has interesting strategic implications for you-know-who.
The CA branding idea is not new nor original. It was even (claimed to be) in the original Netscape design for secure browsing, as was the coloured security bar. Using brand is no more than an observation deriving from several centuries of banking history - a sector that knows more about risk matters than the Internet, if only because they lose money every time they get it wrong.
Consider some more in the flood of evidence that brand matters - over in VoIPland look at how things have changed:
In Europe, branded VoIP represented 51.2 percent of all VoIP calls in the last quarter of 2005, while Skype accounted for 45 percent of VoIP minutes. Vonage took less than one percent of the market while other third-party VoIP providers represented 3.5 percent of all VoIP traffic, the report said."Twelve months ago, Skype represented 90 percent of all VoIP minutes. Now people are buying branded services," Chris Colman, Sandvine's managing director for Europe, said Tuesday.
Whaaa.... 90% to 45% of the market in 12 months! No wonder Skype sold out!
The same trend was found in the North American market. The study found that U.S. branded VoIP represented 53 percent of VoIP minutes on broadband networks. Vonage, with a 21.7 percent share, and Skype, with 14.4 percent, were the leading third-party providers.
I'll bet Vonage are kicking themselves... Stop Press!
TECHNOLOGY ALERT from The Wall Street Journal. Feb. 8, 2006
Internet-phone company Vonage Holdings has filed to raise up to $250 million in an initial public offering. The company also named Mike Snyder, formerly president of security company ADT, as its new CEO. Founder Jeffrey Citron, who had served as CEO, remains chairman.
FOR MORE INFORMATION, see:
http://wsj.com/technology?mod=djemlart
I didn't know you could file an IPO in just minutes like that!
Meanwhile, one group that have traditionally resisted the risk nexus of brands ... just got hit over the head with their own brand! Mozilla earnt a spot in the 10 ten most influential brands last year. More influential that Sony! Heady praise indeed. Well done, guys. You have now been switched on to the miracle of brand, which means you have to defend it! Even as this was happening, Firefox lost market share in the US. Predicted of course, as IE7 rolls out, Microsoft users start to switch back. Nice. Competition works (in security too).
So, what's the nexus between brand and risk? Newbies to the brand game will blather on with statements like "we protect our brand by caring about the security of our users." Can you imagine a journo typing that up and keeping a straight face?
No, brand is a shorthand, a simple visual symbol that points to the entire underlying security model. Conventional bricks&mortar establishments use a combination of physical and legal methods (holograms and police) to protect that symbol, but what Trustbar has shown is that it is possible to use cryptography to protect and display the symbol with strength, and thus for users to rely on a simple visual icon to know where they are.
Hopefully, in a couple of years from now, we'll see more advanced, more thoughtful, more subtle comments like "the secured CA brand display forms an integral part of the security chain. Walking along this secured path - from customer to brand to CA to site - users can be assured that no false certs have tricked the browser."
Posted by iang at February 8, 2006 01:27 PM | TrackBackSo what gets used by the folks in VOIP land ? Does Skype have as many users as it says?? Vonage has had an IPO ready to go from day one and the investors may not be getting out with much of a gain. The whole of the VOIP revolution is due to the useless email world. At one point email uses counted now they have been rendered useless. An attack on chat , email, bulletin boards, and other forms of mass user communications have been attacked leaving VOIP as the standing method that has not been attacked. So when the attack happens this form of communication will fade in importance as others have before them. At the core is the human engineering problem of having un-welcomed attacks challenge the agreeable user base that wants to talk or communicate with each other. The unmeasurable aspects of the convergence of Moore's Law and Metcalfe's Law with the Exploitative Barbarian Attack Law and if the technology survives the EBA assault it will be subjected to the Obesity Bueartic Attack and displaced by a disruptive technology starting the process over again.
Moore's Law, which states that computer processing power doubles every 18 months at the same price point.
Metcalfe's Law, which states that the value of any network increases exponentially with the number of users.
Exploitative Barbarian Attack Law, which states that as a disruptive technology displaces a traditional technology with an established governance model the growth of illegal attacks expands till it renders the advantages of the disruptive technology worthless.
Exploitive Bureaucratic Obesity Attack Law, which states that as a disruptive technology survives EBA and becomes bankrupt the regulatory stabilization will render it useless if a disruptive technology emerges.
By comparing the traditional implementations expansion and it eventual governance instances one can determine the speed at which its disruptive counterpart will become useless. Email can be compared to US postal services prior to regulations and standards implemented during 1800's. The difference and why this is caused the Exploitative Barbarian Attack Law is that the ability for EBA has increased without the ability of regulatory entities to enforce and protect its users. Therefore the Metcalf law needs to have caveats that define the value, are the users intended purposes the value?
The EBA will expand to consume the monetary advantage provided by the innovative disruptive technology. The rate of expansion of the EBA can be determined by measuring the traditional technologies cost to regulate based on the cost of regulation for unit of service. Further more the disruptive technology will prove to be bankrupt prior to implementation of a regulatory regime. The cost to implement a US Postal network was daunting and the cost to maintain it monopoly finally collapsed the viability of this service offering. The US Postal service was displaced by email, cheaper competitive carriers, and entrenched bureaucratic obesity. Prior to this bureaucratic obesity the mails where subject to EBA rendering the viability of any postal communications useless. The now bankrupt system was recovered from its failure to provide regulatory oversight and relaunched in a monopoly controlled by the state. So any communication service or transfer of information is attacked by barbarians and bureaucratic obesity. I suggest that the attacks lie at either end of the lifetime of any service forming a bell shaped curve and the time is reduced by the convergence of Moores law and Metcalfes law