Microsoft should use Twitter data theft as hosted apps marketing FUD

Microsoft couldn't pay for counter marketing as good this. Twitter has officially admitted to a security breach, via personal e-mail account, and the pilfering of confidential documents stored in Google Apps. Can you say, "On-premise computing?"

Based on the cycle of renewals, an unusually large number of Microsoft volume-licensing subscribers must re-up by July 31 or not at all. Given the econolypse's impact on IT spending and, because of layoffs, number of seats to renew, those license renewals may come harder than ever. Then there are all those newfangled hosted applications, some from Microsoft, and Google's push into the enterprise with Google Apps Sync for Microsoft Outlook.

Microsoft talks about the "Apple Tax," but I've heard plenty of IT managers complain about the "Microsoft Tax" in reference to Software Assurance fees or CALs (client-access licenses). They see that off-premise hosting can cost loads less per employee, provide immediate software and feature upgrades and reduce management costs. It's to these businesses considering hosted services -- and not from Microsoft or one of its partners -- that the Twitter/Google Apps data breach could be used as effective counter marketing. Microsoft sales people can spin the story to emphasize the importance of on-premise software and to call out new security features coming in Windows 7.

Twitter cofounder Biz Stone blogged "Twitter: Even More Open Than We Wanted" yesterday. Sorry, I'm a day late putting perspective on this one. In fairness to Google and Twitter, there wasn't an overt security breach but pilfering of passwords that allowed unauthorized access. But details like that don't much matter in counter marketing, particularly when the audience is receptive, even if unsure about whether to stay with the Microsoft software they've got or embrace the next new thing.

Many enterprises -- some bound by regulatory obligations -- are wary of letting information outside the confines of the firewall. Hosted services are scary to them, because they don't want to lose control over data -- the corporate crown jewels. Yet off-premise hosting appeals to some businesses, for the aforementioned reasons.

Letting information outside corporate confines is really a fear factor thing, anyway. Major businesses let terabytes of data leave the firewall every day, on laptops, BlackBerries and other mobile devices. These are high-theft items that also are often used for personal and professional purposes. There is commingled personal-professional behavior and data. which creates huge risk of data loss or password pilfering.

Twitter's security breach really may be a woeful tale of what can happen when commingling goes awry. Biz Stone blogs:

"About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company. Since then, we have performed a security audit and reminded everyone of the importance of personal security guidelines."

The red warning in that paragraph is "personal account." He continues:

"This attack had nothing to do with any vulnerability in Google Apps which we continue to use. This is more about Twitter being in enough of a spotlight that folks who work here can become targets. In fact, around the same time, Evan's wife's personal email was hacked and from there, the hacker was able to gain access to some of Evan's personal accounts such as Amazon and PayPal but not email. This isn't about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords."

Evan refers to Twitter's CEO, Mr. Williams. Biz Stone doesn't reveal how the personal e-mail accounts were hacked. He doesn't have to. It's clear from the brief explanation that the hacker got access to passwords, some of which were likely the same across multiple accounts.

For Microsoft, the sales spin is obvious:

  • Hosted applications are yet unproven compared to on-premise software. You get the security that you pay for.
  • Microsoft software is the safer, known choice. You're in control of employee access and passwords, not some administrative assistant or unpaid summer intern.
  • Windows 7 and Microsoft server software provide tools that allow IT organization to control who has access to what.
  • Windows Vista and 7 encryption tools can protect information leaving the corporate confines from theft or loss.

Bottom-line sale pitch: Renew your contracts now.

Microsoft couldn't ask for better timing, right at the close of a big volume-licensing renewal cycle. There's fear in the air, or there will be plenty if Microsoft's sales force stirs up some marketing FUD -- fear, uncertainty and doubt -- around the security of hosted apps served up by Web companies without rich heritage of software development; or business model (e.g., not Microsoft or its partners).

Is it fair counter marketing? Well, no. Microsoft has got its own software security problems, and there was no hacking of Google Apps or Twitter -- just the pilfering of passwords. Marketing isn't about fairness but selling more stuff. Twitter's data loss is premo marketing ammo. Fire away, Microsoft.

16 Responses to Microsoft should use Twitter data theft as hosted apps marketing FUD

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.