The information security industry is currently worth $120bn per year. That means on average $15 per year is spent for every person on Earth. Obviously, the spend is not equally distributed as a significant proportion of the 7.5bn people alive today do not even have access to the internet, so that number is actually quite a bit higher for those of us who do.
There's nothing wrong with companies making money on information security, but for such a critical technology sector it seems inappropriate for it to be sold at a premium. Security should be a commodity, a baseline that is a given - not something you need to spend a load of your organisations' money to achieve.
For years, hackers been working hard developing all kinds of nefarious technologies and methods in order to infiltrate, corrupt, and steal your data. The need for strong information security only grows as time goes on, as hackers get more sophisticated and as more and more of our personal and professional world is captured, processed and stored digitally.
At IAM Cloud, we've always prided ourselves on our value. We've always tried to sell our goods at a fair price, we've never undertaken dirty tricks like attracting business at a cheap price and then ramping up the price later when a customer is snared. Over the past 5 years, our pricing has actually dropped, not increased. That's despite working in a cloud business environment that is doing to total opposite. Our platform has been hosted on Microsoft Azure's cloud from the outset, and the price has gone up and up. In only 5 years, the pricing we've paid for the same services in Azure has increased by more than 50%. At the same time, we've shielded our customers from all of that and continued with our objective of providing good value.
There are a great number of important security products out there, from email filtering, firewalls, anti-virus, monitoring and threat detection, encrypted storage, identity federation, and so on. All are important, and all have their place, but I'd argue that the most fundamental and essential security technology is multi-factor authentication (MFA).
For years it has been widely accepted that "the user" is the weakest link in the chain for information security. You can have a hugely sophisticated array of different security technologies, but if someone can successfully impersonate your user because they've acquired the user's username and password, then most of that security can be bypassed. Multi-factor authentication is *the* security that protects the weakest link in the chain, the user.
Pretty much everyone in the developed world knows what MFA is, even if they don't think they do. Most will associate it with online banking. But the reality is that all data has value, and all personal, corporate and commercial data needs to be protected. MFA isn't just for banks any more, it's for everyone.
While MFA doesn't negate the need for other technologies like anti-virus or email filtering, if you were to implement "one thing" to improve information security in your organisation, I'd strongly argue that MFA is likely to have the biggest impact.
"But isn't MFA really expensive? I'm not sure we can afford it."
Well, it certainly can be. Most dedicated MFA providers are pretty expensive. On the upside many of the major identity providers - Okta, OneLogin, Azure AD Premium - provide it as part of their core package... But on the downside, their core packages are already pretty expensive at c. $5 per user per month (before any education or non-profit discounts are applied).
The great news is that IAM Cloud also provides MFA as part of our core-offering. And at $2.40 per user per month (before significant education and non-profit discounts), our core package is less than half the price of the alternatives while providing the same benefits and core functionality and security. Information security shouldn't just be for banks, it should be for everyone, and at IAM Cloud we're trying to make that possible by making the pricing affordable and accessible.