In branding news: IE7 is out in Beta 2 and I'm impatiently waiting for the first road tests. (Roight... as if I have a Microsoft platform around here...) Readers will recall that Microsoft took the first steps along the branded security path by putting the CA name up on the chrome. This places them in the lead in matters of risk.
Sadly, they also got a bit confused by the whole high-end super-certs furfie. IE7 only rewards the user with the CA brand if the site used these special high-priced certs.
Plonk! That kind of ruins it for security - the point of the branding is that the consumer wants to see the Bad Brand or Unknown Brand or the Missing Brand or the Bland Brand ... up there as well. Why? So as to close off the all-CAs-are-equal bug in secure browsing. (Preferably before the phishers start up on it, but just after the first sightings will do nicely, thanks, if you subscribe to post-GP theories.)
By choosing to promote a two-tiered risk statement, Microsoft then remains vulnerable to a takeover in security leadership. That's just life in the security world; leadersip is a bit of a lottery when you allow your security to become captive to marketing departments' zest for yet another loyalty program. Also, annoyingly, IE7 promises to mark any slightly non-formal certificated site (such as FC) as a Red Danger Danger site. Early indications are that this will result in an attack on brand that hasn't hitherto been seen, and has interesting strategic implications for you-know-who.
The CA branding idea is not new nor original. It was even (claimed to be) in the original Netscape design for secure browsing, as was the coloured security bar. Using brand is no more than an observation deriving from several centuries of banking history - a sector that knows more about risk matters than the Internet, if only because they lose money every time they get it wrong.
Consider some more in the flood of evidence that brand matters - over in VoIPland look at how things have changed:
In Europe, branded VoIP represented 51.2 percent of all VoIP calls in the last quarter of 2005, while Skype accounted for 45 percent of VoIP minutes. Vonage took less than one percent of the market while other third-party VoIP providers represented 3.5 percent of all VoIP traffic, the report said.
"Twelve months ago, Skype represented 90 percent of all VoIP minutes. Now people are buying branded services," Chris Colman, Sandvine's managing director for Europe, said Tuesday.
Whaaa.... 90% to 45% of the market in 12 months! No wonder Skype sold out!
The same trend was found in the North American market. The study found that U.S. branded VoIP represented 53 percent of VoIP minutes on broadband networks. Vonage, with a 21.7 percent share, and Skype, with 14.4 percent, were the leading third-party providers.
I'll bet Vonage are kicking themselves... Stop Press!
TECHNOLOGY ALERT from The Wall Street Journal.
Feb. 8, 2006
Internet-phone company Vonage Holdings has filed to raise up to $250 million in an initial public offering. The company also named Mike Snyder, formerly president of security company ADT, as its new CEO. Founder Jeffrey Citron, who had served as CEO, remains chairman.
FOR MORE INFORMATION, see:
I didn't know you could file an IPO in just minutes like that!
Meanwhile, one group that have traditionally resisted the risk nexus of brands ... just got hit over the head with their own brand! Mozilla earnt a spot in the 10 ten most influential brands last year. More influential that Sony! Heady praise indeed. Well done, guys. You have now been switched on to the miracle of brand, which means you have to defend it! Even as this was happening, Firefox lost market share in the US. Predicted of course, as IE7 rolls out, Microsoft users start to switch back. Nice. Competition works (in security too).
So, what's the nexus between brand and risk? Newbies to the brand game will blather on with statements like "we protect our brand by caring about the security of our users." Can you imagine a journo typing that up and keeping a straight face?
No, brand is a shorthand, a simple visual symbol that points to the entire underlying security model. Conventional bricks&mortar establishments use a combination of physical and legal methods (holograms and police) to protect that symbol, but what Trustbar has shown is that it is possible to use cryptography to protect and display the symbol with strength, and thus for users to rely on a simple visual icon to know where they are.
Hopefully, in a couple of years from now, we'll see more advanced, more thoughtful, more subtle comments like "the secured CA brand display forms an integral part of the security chain. Walking along this secured path - from customer to brand to CA to site - users can be assured that no false certs have tricked the browser."Posted by iang at February 8, 2006 01:27 PM | TrackBack