Themes from the RSA Conference

Last week was the big RSA Conference in San Francisco: something like 20,000 people. From what I saw, these were the major themes on the show floor:

  • Companies that deal with “Advanced Persistent Threat.”
  • Companies that help you recover after you’ve been hacked.
  • Companies that deal with “Bring Your Own Device” at work, also known as consumerization.

Who else went to RSA? What did you notice?

Tags: , , , ,

Posted on March 5, 2012 at 1:30 PM26 Comments

Comments

Malachi J March 5, 2012 2:33 PM

@pmp “A lot of companies selling fear.”

There are two reasons people buy stuff. They are greed and fear. People buy iphones because it provides them instant gratification. People buy life insurance because of fear.

Unfortunately the only way you can get people to buy security stuff is to sell fear. After all, it is difficult to get excited about the latest security offering. In the best case it works and nothing bad happens to your machines and networks.

craneboy March 5, 2012 2:36 PM

An astounding number of companies, big and small, selling protection for BYOD. Hard for any one vendor to stand out in this market with all the background noise. Yet there will have to be a major shake out to narrow the field down to a workable number.

blaughw March 5, 2012 3:08 PM

craneboy –

Why does the field need to be narrowed down? Manufacturers implemented APIs so people could even roll their own device policy solutions. Whether a vendor’s feature set meets your needs or not seems like valid criteria. I don’t think we need a situation like “well, we either go with SAP, or x”.

Some people will need a particularly robust BYOD solution with extensibility, others will just need something simple, like locating lost devices. The more competition, the better, IMO

Clive Robinson March 5, 2012 4:13 PM

@ Malachi J,

There are two reasons people buy stuff. They are greed and fear

Err no. The two main human motivators appear to be “envy” and “fear” gread comes a long way down. Thus people by iPhones not out of greed but envy.

mcb March 5, 2012 4:25 PM

@ Malachi J

“Unfortunately the only way you can get people to buy security stuff is to sell fear.”

Perhaps sales people have to resort to fear to get a sale but the security professional’s job is to understand risk, prepare business-appropriate remedies, and promote confidence. If you communicate a risk to decision makers and they choose to accept it rather than mitigate it that’s on them. Security professionals deliberately scaring clients is unseemly and ultimately counterproductive.

SnallaBolaget March 5, 2012 4:32 PM

Huh… What does “RSA” even stand for? Seems impossible to find out from their website, at least.

Other than that, both pmp and mcb have valid points – and what’s this list you’re talking about, Clive? Any chance the rest of us might see it?

Peter March 5, 2012 4:48 PM

@SnallaBolaget, it stands for Rivest, Shamir, and Adleman, the three cryptographers who were the first to publish openly the public key algorithm which shares the initialism.

Alapan March 5, 2012 5:15 PM

Also a lot on cyber terrorism and cyber warfare, and off course more fear because of that.

postnothing March 5, 2012 5:28 PM

Noticed a lot of booth babes. Didn’t see fear with themor the rum they were offering.

postnothing March 5, 2012 5:30 PM

One more thing.

Thank you Bruce for the free book and signing. Just awesome.

Tom Johnson March 5, 2012 7:07 PM

Tons of companies selling expensive enterprise solutions that will help security but not prevent ALL hack attempts.

Several researchers were emphasizing how much trouble this “Bring Your Own Device” will cause. Get inside the corporate network with this rogue app!

Cheaper than dropping a USB key in the parking lot.

Peter E Retep March 5, 2012 9:28 PM

Retep’s Laws:
A- Algorithmic Based Security degrades as an inverse of Moore’s Law.

B- With an inverse of the Moore’s Law cost curve to cost out maintaining security on an open, interacting portal.

Sam Peds’ Laws:
C- Policy fails to impede technology;

D- Motives to use technology despite policy are freely inventable to suit using the technology.

Sam’s Joint Law:
E- Those uncomfortable with the above laws will seek to change the definitions
of key terms so as to seem to empower themselves
to create policies to impede technologies.

This has a great deal to do with the science of perceptions
and the taxonomy of data used as infortmation.

Civil Libertarian March 5, 2012 10:34 PM

@SnallaBolaget
“what’s this list you’re talking about, Clive? Any chance the rest of us might see it?”

I wouldn’t presume to answer for Clive, but if it’s the list I’m thinking of, I’ll stick with Lust and Gluttony. 😉

Winter March 6, 2012 4:27 AM

‘The two main human motivators appear to be “envy” and “fear”‘

Not sure who said it first (Thomas Moore?), but the correct order is:
1 Status
2 Lust&Gluttony

Status can be divided into two non-exclusive motivations:
1.a Promote status increase
1.b Avoid status decrease (status angst)

Survival and sustenance can trump 1&2, when needed (but not in young or high status males).

Brian March 6, 2012 7:16 AM

Nothing on the Expo floor really struck me in a big way. In this day and age where product information is readily available online, I don’t see much value in this form of exposition.

The sessions are much more important — while some were trying to play up big data, I think the most significant theme was BYOD. The biggest issue facing us in this regard is that while most vulnerabilities come from failing at the basic “blocking and tackling”, BYOD looks like putting the cheerleaders on the line of scrimmage.

I also enjoyed the debate format for some topics, such as software liability (yesbruce).

Clive Robinson March 6, 2012 7:48 AM

One thing I’m not sure they had right, which is what does BYOD realy mean,

BYOD = Bring Your Own ***, to our network.

Where *** could be,

1, Danger,
2, Disaster,
3, Doom,
4, Damager,
5, Destroyer,

etc etc.

And befor people mark me down as being a pessimist I’m not the only one of this view point,

http://news.cnet.com/8301-27080_3-57389046-245/why-the-security-industry-never-actually-makes-us-secure/

@ Bruce,

Love your quote in the above article 😉

Mike B March 6, 2012 9:54 AM

I noticed that it is never a good idea to announce that there are 1000 free copies of a book waiting at the HP Pavilion BEFORE you start the Q&A.

I also noticed that when a mob is swamping a pair of over-matched booth babes for a copies of said free book, they will be completely oblivious when the author of the subject of their desire pushes through their midst to get to the signing table. 😀

Thanks for the book, and I can’t wait to see what sort of social experiment you run on your mob, I mean audience next year.

Shmoo March 6, 2012 12:53 PM

I’ve been in this field a long time.

Once upon a time, clients would listen to – and sometimes follow – my advise when I recommended fixing their underlying problems.

Now, they all believe that if they just install software A or buy “network appliance” B then everything will be just fine. They even get upset if I don’t provide a list of Recommended Products.

Sigh.

mcb March 6, 2012 2:01 PM

@ Clive Robinson

“One thing I’m not sure they had right, which is what does BYOD realy mean,

BYOD = Bring Your Own ***, to our network.

Where *** could be,

1, Danger,
2, Disaster,
3, Doom,
4, Damager,
5, Destroyer,”

  1. Drinks
  2. Dessert
  3. Doubt
  4. Disarray
  5. Double Entendre?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.