| I wish it were just interns... Example follows. The Finnish security company F-Secure revealed a secure cloud service, called Younited (https://www.younited.com/). It did not catch on. The active user amounts stayed at near zero level so it was sold to a company called Synchronoss. F-Secure initially hoped that their good reputation, and the fact that the servers are located in countries without draconian spying legislation would be enough. They seriously hoped to make a star product out of their secure cloud service. Well, secure against whom? Simply installing the applications and completing registration process revealed instantly that the service is insecure. Yes, in compliance sense "everything is encrypted", but the keys are clearly held server side. The customer has absolutely no control over the key management and storage, meaning they are at F-Secure's mercy, and F-Secure can technically open everything for authorities. Now the actually interesting part of the story: The problem isn't the implementation. The problem isn't that they marketed it as secure. The important alpha users on this product area are way too savvy, and stayed away. As per the standard innovation diffusion model, they did not drag other users in. Not marketing the service as secure would have yielded better results! It's funny how even serious software security companies screw things up. Even when they are attempting for a strategic new product positioning, and even when at near clear blue sea situation. |