Here is a philosophical question for you:
Many SaaS vendors currently only offer SSL support to clients who pay a premium.Â Users who don’t pay, can’t have the “extra” benefit of using SSL.Â Â What happens to the small companies and/or single users who wish to be secure, but do not need unlimited users or 2GB of file storage, or 10 project templates?Â Who in their right mind would pay $20 extra a month just to get SSL?Â Â And what possible justification is there for denying transport-level security to smaller customers?
Today we have this perception that only the largest corporations need to pursue security:Â the ones with CIOs and Enterprise Architects,Â the ones trading publicly or in a vertical where audits are mandatory.Â If you ask me, I think we could go a very long way if we stopped thinking like this and began to enable any person or organization, of any size to care about, understand, and pursue secure internet operation.
I know it isn’t as lofty a goal as Bob has put forth;Â but this issue, to me,Â represents a small part of the underlying systemic problem that Bob is trying to shed light on.
I fear that until there’s liability for creating infosec hazards this kind of thing will persist.
I wonder how many people would buy a “base model” car without door locks?