Sunday, January 25, 2009

I disagree with Bruce Schneier - but ask for his help!

Some more interesting feedback on our guarantee, the most recent one if from Bruce - I love his blog and read it quite often. This one he tackles the BitArmor guarantee head on :) I respect his opinion on a lot of things, but in this case I think he may have been a bit off the mark.

In this litigious society that we live, in putting yourself out there and standing behind your product is not a simple task. It takes some serious product capability to think about offering something like this - one would have to be, as an executive, completely irresponsible to open up BitArmor if this were not the case. Ergo, Bruce, please give us a little credit - this is not just a PR stunt.

There obviously is a PR element to this, but without product capability to back it up, no company can do this. It would have been nice of you to have at least acknowledged that possibility and asked insurance companies to step up, instead of “pooh-poohing” the whole thing.

What we do as security companies is reduce risk - what an insurance company does is transfer risk or normalize it across a large set of customers. Big difference there. I bet if insurance companies feel security products work, they would be able to better quantify the liability and offer affordable premiums! It takes the foundation of good security for insurance to work - buying and selling liability will be easier if this foundation is strong.

And to your point below:

“So if BitArmor fails and someone steals your data, and then you get ridiculed by in the press, sued, and lose your customers to competitors -- BitArmor will refund the purchase price.”

Here is the rub – this process is not exclusive to BitArmor protected data! If you lose your data, protected by any security product (or not protected at all), you will still be ridiculed, sued and lose your customers! We are not claiming that our product is unbreakable – what we are saying is we are willing to shoulder some responsibility for its failure to do the task it was bought for, i.e. protect data.

And we think we can do a better job than any product out there - hence our confidence in putting forth a guarantee.. If we can make this better and more workable for the industry, we welcome a conversation with Mr Schneier and ask for his help.

We have, we believe, the right product for this. Help us take the security industry forward.

No comments: