The risk of commoditizing security and privacy

Protecting your small business means more than checking off a few boxes

If you’ve taken a stroll through office superstores or even a modern mega-bookstore you’ve no doubt noticed the abundance of ‘kits’ jockeying for position to help us neophytes tackle complex projects with a legal or regulatory slant: everything from creating a living will to wrapping up a divorce in a half hour flat is there, in all its checklist-powered splendor.


Does that level of commoditization work? You bet. It’s cheap and it directly addresses the interest of a specific segment of the public, namely those who would rather handle things themselves and save money in the process. The fine print is that you don’t get the personalized, guaranteed service of a dedicated professional. But so what? It’s better than nothing and if you choose to then hire a professional, you’re already going to be on the right track.


The problem arises when you do visit that lawyer, accountant or neurosurgeon and they dismiss all the good work you’ve done because it is simply based on a system they had nothing to do with developing. So you resign yourself to starting over and realize that you might have had a false sense of comfort about the whole thing all along.


Now imagine that one of those kits included a ‘Do-It-Yourself Life Insurance Policy Kit’ promising to give your family guaranteed income and zero-effort payout in adverse situations. Would you use it?


That depends. If that kit is published by a reputable company and as the first step in the process of getting your personalized policy, then you might consider it as a pleasant  alternative to having to decipher the industry jargon of a somnambulant customer service representative. If however that ‘kit’ offers you a DIY solution to all your worldly problems in a pretty package, then it’s most likely going to cost you a lot more than the sticker price.


And so it is with the security and privacy space that I work in. I see everything from IT companies to product vendors promoting their wares with manufactured urgency. The move to commoditize security has little to do with superior product and more to do with reaping the rewards of fear, uncertainty and doubt (FUD). It is always refreshing to see a true security professional or company that is responsible about their use of language and passionate about transferring knowledge, but these are few and far between.


As a small business owner or professional you should remember that security is still an immature industry and privacy is a nascent profession. Although threats to valuable assets are constantly emerging and calculable risk can be found everywhere, those who choose to operate in this space should always strive to educate before opting to instill fear in their (my) audience. So if you’re in the market for quality products and services, stay away from FUD and ask yourself if the all singing, all dancing software you’re being compelled to buy can really protect you or whether it’s just smoke and mirrors. Still in doubt? Let’s talk.



Claudiu Popa is a corporate security and privacy-risk advisor with Informatica Corporation and founder of He is also co-author of The Canadian Privacy and Data Security Toolkit (Canadian Institute of Chartered Accountants, 2009) and Managing Personal Information (Reuters, 2012). Follow his informative tweets @datarisk or

Claudiu Popa
Claudiu Popa
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.