The High Cost of "Free"
We got a new dining room table this week. Like a newborn baby, it took nine months to arrive. (Unlike a newborn baby, it sleeps through the night and requires no changing.)
Our old table had served us well. We walked into a discount showroom in 2011 when we bought our first house, found one with a low price, and said, “that one.” Fourteen years later, it was time to say goodbye.
Now you might be thinking: “How much did you sell it for?”
It’s a reasonable question. We had outgrown it, but it still had plenty of high-functioning years left. Surely someone would pay $50 for it.
But, we wanted to get it out of the house quickly, so I listed it for free on Craigslist. Within a matter of hours, I received more than 10 interested emails.
I emailed the first person. No response.
I emailed the second person. No response.
Finally, I emailed everyone else with the same message, asking them to text me with specific information about when they could pick it up.
In the end, just two responses. Spencer came the next day and our table was gone.
Does my experience strike you as odd (and I don’t mean the fact that I am still using Craigslist)? After all, out of all those people – all of whom took the time to express interest – only two followed up. And it was FREE!
But the more I thought about it, the more I realized that maybe it wasn’t so free.
Sending an email to express interest is quick and easy. Picking up a table requires time, effort, maybe even the cost of renting an appropriate vehicle. It’s no wonder most of these people disappeared.
Free Software Has a Cost
When it comes to tech products, there are likewise many things available for free. But here as well, they almost always come with some kind of price tag, even if it’s not explicitly stated in dollars and cents.
And so while I appreciate that every business has budget constraints, it’s important to understand what you are trading off when you choose one of these free options. In general, it breaks down into three flavors.
#1. “Data Collection Free”
When you download a free product or use a browser extension, the developers of that product are likely still making money.
They capture the data you are sending (browser extensions can see everything you do inside the browser!) and sell it to other companies, as AVAST did when it sold its customer data.
As the saying goes, “if the product is free, you are the product.”
#2. “Limited Use Free”
In these cases, you are given restricted access to a product. It might be a 30-day trail. It might be a limited number of queries or users.
Recommended by LinkedIn
For example…
- Tenable Nessus Essentials allows users to scan up to 16 IP addresses with a lot of features disabled such as configurable reporting.
- VirusTotal allows users to scan suspicious files, but it limits this to 500 requests per day.
- Aikido Code Scannings will scan code for up to two users.
These restricted tools can be a great way to try before you buy. But they are often not good enough to solve most problems. Putting them to use for critical system needs can be a challenge.
#3. “Significant Technical Knowhow Free”
Sometimes, a company will make an open source version of a product available. Many of these tools allow downloading and modifications – all at no cost.
Examples include:
- Nmap for network discovery
- Metasploit for simulating attacks to test defenses
- Snort for intrusion detection
A great deal! But … you need to be an expert to use them.
And even if you have the technical knowledge in-house, there’s an opportunity cost; you’ve got to spend resources applying that knowledge.
As one of my clients told me, these types of products are, “trading licensing costs for labor costs.”
Everything Has a Cost
Selling your privacy? Never a good idea.
Limited use? Okay at first … until you realize you need more features.
Do-it-yourself? Be prepared to deploy internal resources to keep things running.
However you look at it, if you are managing a cybersecurity program and think “free” will solve your budget problems, know there will still be a cost.
It may not be initially obvious and it may not come in the form of a check written. But it’s in there somewhere.
Gotta run. A financial advisor has just invited me to a “free dinner!”
Want to get great cybersecurity content delivered to your inbox? Click here to sign up for our monthly newsletter, Tales from the Click.
This article was originally published on the Fractional CISO blog.
If I'm trying to give away a couch or something, I always put some low price like $20 as its easier to sell it rather than give it away. I'm sure its somehow a psychological trigger of perceived value vs free junk.
I'd add a fourth cost, Rob -- support. When something breaks at 2am, there's no one to call. You're on your own with Stack Overflow and hope.
Ah yes… the only vacation where you come back with debt instead of a tan
Rob, this is a valuable perspective! Your insights on the hidden costs of "free" in both furniture and cybersecurity tools highlight an often overlooked reality. It's crucial for business leaders to understand these dynamics, and your guidance is instrumental in navigating them effectively. Keep up the great work!
I think that these tools are subject to Newton's First Law of Motion (our modern day digital version). It takes investment to change the trajectory of a business process or project. What investment will you have to make to solve the problem with a free tool? There is always a tradeoff, what external force needs to be exerted to be successful with the free tool?