Content Security managing director, Louis Abdilla, said any security sales pitch should be made to the business owners or executive as part of a risk management offering, same as insurance. It also offers better options for value add on a sale.
"It's not at the IT department because the IT department is being asked to cut back spending and budget. It's actually at the business level, where you say 'If you don't do it fine, but these are the potential risks'," he said.
"So if they're happy to live with that, that's okay. You can then list the options that they can go through from good, better, best, in terms of what they feel is their level of risk aversion is in terms of their business strategy."
McAfee's new NGFW APAC sales director, Joe McPhillips, agrees. The importance of security and firewalls is often overlooked in the grand scheme of risk strategy. A security breach to a business is worse than an insurance payout on a burned down building.
"Maybe it's time to try and get businesses to introduce actuaries into their IT department?" he said.
Ettridge thinks the risk assessment problem is far worse than that.
"If your source plans are gone, they're not coming back. It doesn't matter how much insurance you've got, you're out of business. So I always liken it more to the safety industry. It's about providing protection: you've got a car with airbags so that you don't die, rather than life insurance so that your surviving wife gets payment," he said.
NewLease head of Cloud strategy, Stephen Parker, said firewalls and security need to actually be pitched as part of the company's competitive advantage.
"What C-level execs hear is things like; 'my intellectual property could be stolen, which is my competitive advantage', or, 'my share price would be hit.' Even 'Let's look at three companies who've had a breach and their share price took a X per cent dive.' 'What about our reputational damage?' Security needs to be presented in a language they can understand," he said. Cloud has made the delineation between on premise and off premise computing moot.
Historically, a firewall was used to keep baddies out. Now there is no firm boundary, no wall determining what is inside and outside the firewall — data flows freely in every direction. All of your data isn't necessarily in the building that you own, or even in the datacentre, it could be anywhere; it could be on a device or in the Cloud.
Part of the problem with the security market, and much of this is due to marketing hyperbole, is that we have a very black and white view of security. You either have it foolproof, or you don't and you will be wrecked by malware. Actually it works in varying levels, but the most important thing to remember is that no system is ever 100 per cent secure.
Sign up for Computerworld eNewsletters.