Log in

Site menu:



Site search

February 2019
« Dec    



More $ = More Security?

Perhaps… if it’s the illusion of security rather than real security that’s being qualified (assuming the all-too likely case that illusion and reality are, in fact, different, and that it’s illusion that is more popularly important). At least that’s a conclusion that one could easily arrive at by extension of this study on wines. Accusations of pretense and snobbery aside, it’s really no great surprise that the value of a thing is not based solely on its intrinsic properties, but that expectations of value are manipulable by changes to external properties (price for wines, loudness for music, contrast for video images, etc.) What is surprising, however, is that it’s not merely expectations but actual perceptions that are subject to manipulation.

But the wine study participants were not actually paying for the wine they were tasting, they were simply informed of the (alleged) prices. Which suggests that the mere knowledge of the usual price of a thing might be enough to create an exaggerated expectation/perception effect. What does this mean to security? For vendors selling products it could mean “charge more money and network/security admins will perceive your product as providing better security”, or it could mean “employ a deliberate strategy of giving your products a very high suggested retail price and then discount deeply to simultaneously create the illusion of superiority while remaining price competitive.” Sound like this might be describing anyone in the industry?

This sort of manipulation of perception, however, would seem to end with the “consumer” of the product – in the case of security products, that would be the network/security admin rather than the collection of end-users that are protected by the product. And since one might posit that an illusion of security can actually weaken the overall posture of real security (by emboldening people to behave more recklessly), that its intentional intensification would be a bad thing. Weaving these pieces of data together, there’s at least potential for us to put it to good use: I’d be curious to see the effect of admins delivering a message to end-users along the lines of “we just installed a new network security appliance that cost 30% less than the competition, but it actually provides better security.” If such an attempt at a benevolent manipulation of expectations and perceptions alone could succeed at eliciting more responsible and careful IT behaviors among users, imagine how much more practically valuable the net effect would be if the product claims also happened to be true?

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • LinkedIn
  • Facebook
  • email
  • Google Bookmarks
  • StumbleUpon
  • Reddit

You must be logged in to post a comment.