In many – or indeed most – companies that buy website security to protect their visitors’ privacy online, it is a technical person who does the buying. This seems logical – it is a technical remit, needs some technical knowledge to get it working, and because it is seen as a technical necessity, is just palmed off to the IT guys in the corner.
So why do we see this as a problem? Like many buying decisions, it is easy to boil everything down to numbers, and buy purely based on a calculation like miles per gallon, or monthly repayment amount whilst ignoring total cost of ownership over time, or interest rates for example. Humans are complex, so just seeking out the cheapest, or buying purely based on one logical assessment at the expense of fluffier emotional reasoning rarely works – which is why it might not be wise to rent or buy the cheapest house if that means being in a less safe area. Real economies can start out small short-term, and end up as very costly false economies long-term.
For the sake of illustration, we’ll make an assumption that one key factor (to name just one) that makes technically minded people experts at writing software, being an IT genius or doing anything else technical, is their ability to process logic rapidly and effectively whilst filtering out fluffy irrelevance. To be able to be a good programmer for instance, you need to hold in your head relationships between complex sets of data and different data types, know how it all can, and can’t interact, plus consider multiple concurrent processes and dependencies all at once – almost being the human version of the computer before sitting down to tell the machine how to think.
When it comes to ordering SSL, which is the technology responsible for the padlock icon in your web browser when you access a secure site like your online banking – we find that time and time again, our clients put the decision in the hands of their technical staff. To us, this is a big false economy, and is to the detriment of trust and privacy online for all of us. It is rather like buying a car purely on the advice of a mechanic with his logical hat on.
A logical mechanic probably wouldn’t use much more than hard facts to recommend you a car, based on his expert understanding of all the bits that you don’t see or understand, like engine components he knows comes from the same factory as in more expensive models, and ease of servicing and reliability for instance. He is likely to avoid the more emotional needs of a purchase though – how you feel driving one model over another, what they do for yourself image, how safe you feel driving one compared to the next, or just which feels more “you”.
Because the padlock in our web browser denotes cold, hard encryption – mathematical and logical factors that determine to what extent your credit card details, or other personal details are kept private – IT guys tend to act like our reasoned car mechanic.
In our metaphor though, the marketing manager, or the marketing director is a car enthusiast. She understands all the feelings and joy associated with driving a responsive, agile, classic British sports car, and the fact that other vehicles tick many more (practical) boxes and are cheaper just doesn’t matter - nothing logical can replace those joyous feelings, so if saving money means doing away with driving pleasure and overall experience, it is a false economy and just won’t be a viable purchase option.
Good marketing managers and directors realise that the unseen logic and maths and plain geekery of SSL encryption is completely irrelevant to how safe their online customers actually feel. They understand it needs to work first and foremost, but that the feelings of security, and level of trust inspired in the end user is all that matters. As a result, marketing buyers go for the ‘padlock’ that inspires the most trust and confidence possible in their website.
They know that the more their visitors feel that they recognise, trust and are confident in the site, the less risk they perceive (another feeling, or set of feelings) the more likely they are to register for the newsletter, complete a purchase, and generally interact with the business online. When marketing buyers do the specifying and purchasing, in a larger sense they foster greater trust and transparency of identity online by picking the best products that make us feel safe on the “big web”.
Conversely, technical buyers often do the opposite, by buying lesser products that are merely “probably statistically good enough” but devoid of the signs of trust (who owns the site, prominence of padlock and other visual cues), this just seeks to commoditise encryption at the expense of the other critical aspects that give us the feeling of genuinely trusting a site. This is a vicious circle which is to the detriment of everyone. The more sites that do their job properly, and refuse to compromise and save a few pounds, the more every other site out there has to do the same.
By raising the bar, and only going for the best, all legitimate sites get elevated above the rest, and overall consumer confidence in being safe online grows too. Nobody here loses out except online scammers, fraudsters and phishers.
In short, anything other than the biggest signs that your site is secure, is trusted, trustable and genuinely run by your company (and not someone malicious) is a huge false economy, so this critical decision shouldn’t ever be solely up the IT guys.
ABOUT OLIVER WILKINSON
Oliver Wilkinson is a director of SSL247.co.uk - the UKs leading reseller of SSL encryption. He is a big believer in true value for money, British sports cars and metaphors.
Oliver Wilkinson is a director of SSL247 Ltd and has been with SSL247 in the internet security sector since 2004. He last worked in a bricks and mortar businesses in 1998, and despite this and two business degrees prefers the hands-on, common-sense end of the business spectrum. Find him in places as diverse as Hosting Con in the US, Techcrunch in Paris, and Wired Magazine's 'Upgrade Series' in Soho.