Bruce Schneier

 

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography

About Bruce Schneier

Contact Information

 

Schneier on Security

A blog covering security and security technology.

« British Anti-Theft Briefcase from the 1960s | Main | Comic: Movie Hacking vs. Real Hacking »

March 5, 2012

Themes from the RSA Conference

Last week was the big RSA Conference in San Francisco: something like 20,000 people. From what I saw, these were the major themes on the show floor:

Who else went to RSA? What did you notice?

Posted on March 5, 2012 at 1:30 PM26 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

A lot of companies selling fear.

Posted by: pmp at March 5, 2012 1:40 PM

@pmp "A lot of companies selling fear."

There are two reasons people buy stuff. They are greed and fear. People buy iphones because it provides them instant gratification. People buy life insurance because of fear.

Unfortunately the only way you can get people to buy security stuff is to sell fear. After all, it is difficult to get excited about the latest security offering. In the best case it works and nothing bad happens to your machines and networks.

Posted by: Malachi J at March 5, 2012 2:33 PM

An astounding number of companies, big and small, selling protection for BYOD. Hard for any one vendor to stand out in this market with all the background noise. Yet there will have to be a major shake out to narrow the field down to a workable number.

Posted by: craneboy at March 5, 2012 2:36 PM

craneboy -

Why does the field need to be narrowed down? Manufacturers implemented APIs so people could even roll their own device policy solutions. Whether a vendor's feature set meets your needs or not seems like valid criteria. I don't think we need a situation like "well, we either go with SAP, or x".

Some people will need a particularly robust BYOD solution with extensibility, others will just need something simple, like locating lost devices. The more competition, the better, IMO

Posted by: blaughw at March 5, 2012 3:08 PM

@ Malachi J,

There are two reasons people buy stuff. They are greed and fear

Err no. The two main human motivators appear to be "envy" and "fear" gread comes a long way down. Thus people by iPhones not out of greed but envy.

Posted by: Clive Robinson at March 5, 2012 4:13 PM

@ Malachi J

"Unfortunately the only way you can get people to buy security stuff is to sell fear."

Perhaps sales people have to resort to fear to get a sale but the security professional's job is to understand risk, prepare business-appropriate remedies, and promote confidence. If you communicate a risk to decision makers and they choose to accept it rather than mitigate it that's on them. Security professionals deliberately scaring clients is unseemly and ultimately counterproductive.

Posted by: mcb at March 5, 2012 4:25 PM

Huh... What does "RSA" even stand for? Seems impossible to find out from their website, at least.

Other than that, both pmp and mcb have valid points - and what's this list you're talking about, Clive? Any chance the rest of us might see it?

Posted by: SnallaBolaget at March 5, 2012 4:32 PM

@SnallaBolaget, it stands for Rivest, Shamir, and Adleman, the three cryptographers who were the first to publish openly the public key algorithm which shares the initialism.

Posted by: Peter at March 5, 2012 4:48 PM

Also a lot on cyber terrorism and cyber warfare, and off course more fear because of that.

Posted by: Alapan at March 5, 2012 5:15 PM

Noticed a lot of booth babes. Didn't see fear with themor the rum they were offering.

Posted by: postnothing at March 5, 2012 5:28 PM

One more thing.

Thank you Bruce for the free book and signing. Just awesome.

Posted by: postnothing at March 5, 2012 5:30 PM

Tons of companies selling expensive enterprise solutions that will help security but not prevent ALL hack attempts.

Several researchers were emphasizing how much trouble this "Bring Your Own Device" will cause. Get inside the corporate network with this rogue app!

Cheaper than dropping a USB key in the parking lot.

Posted by: Tom Johnson at March 5, 2012 7:07 PM

Um, I bought an iPhone because the droid 2 I had sucked rocks.
Envy? Need?

Posted by: john at March 5, 2012 8:17 PM

Retep's Laws:
A- Algorithmic Based Security degrades as an inverse of Moore's Law.

B- With an inverse of the Moore's Law cost curve to cost out maintaining security on an open, interacting portal.

Sam Peds' Laws:
C- Policy fails to impede technology;

D- Motives to use technology despite policy are freely inventable to suit using the technology.

Sam's Joint Law:
E- Those uncomfortable with the above laws will seek to change the definitions
of key terms so as to seem to empower themselves
to create policies to impede technologies.

This has a great deal to do with the science of perceptions
and the taxonomy of data used as infortmation.

Posted by: Peter E Retep at March 5, 2012 9:28 PM

@SnallaBolaget
"what's this list you're talking about, Clive? Any chance the rest of us might see it?"

I wouldn't presume to answer for Clive, but if it's the list I'm thinking of, I'll stick with Lust and Gluttony. ;-)

Posted by: Civil Libertarian at March 5, 2012 10:34 PM

Did anyone happen to drop dodgy usb sticks in vendor bowles? Or pick one up?

Posted by: Vles at March 6, 2012 3:24 AM

'The two main human motivators appear to be "envy" and "fear"'

Not sure who said it first (Thomas Moore?), but the correct order is:
1 Status
2 Lust&Gluttony

Status can be divided into two non-exclusive motivations:
1.a Promote status increase
1.b Avoid status decrease (status angst)

Survival and sustenance can trump 1&2, when needed (but not in young or high status males).

Posted by: Winter at March 6, 2012 4:27 AM

Nothing on the Expo floor really struck me in a big way. In this day and age where product information is readily available online, I don't see much value in this form of exposition.

The sessions are much more important -- while some were trying to play up big data, I think the most significant theme was BYOD. The biggest issue facing us in this regard is that while most vulnerabilities come from failing at the basic "blocking and tackling", BYOD looks like putting the cheerleaders on the line of scrimmage.

I also enjoyed the debate format for some topics, such as software liability (yesbruce).

Posted by: Brian at March 6, 2012 7:16 AM

One thing I'm not sure they had right, which is what does BYOD realy mean,

BYOD = Bring Your Own ***, to our network.

Where *** could be,

1, Danger,
2, Disaster,
3, Doom,
4, Damager,
5, Destroyer,
...
etc etc.

And befor people mark me down as being a pessimist I'm not the only one of this view point,

http://news.cnet.com/8301-27080_3-57389046-245/...

@ Bruce,

Love your quote in the above article ;-)

Posted by: Clive Robinson at March 6, 2012 7:48 AM

I noticed that it is never a good idea to announce that there are 1000 free copies of a book waiting at the HP Pavilion BEFORE you start the Q&A.

I also noticed that when a mob is swamping a pair of over-matched booth babes for a copies of said free book, they will be completely oblivious when the author of the subject of their desire pushes through their midst to get to the signing table. :-D

Thanks for the book, and I can't wait to see what sort of social experiment you run on your mob, I mean audience next year.

Posted by: Mike B at March 6, 2012 9:54 AM

Thanks @Peter and Civil Libertarian. :)

Posted by: SnallaBolaget at March 6, 2012 10:16 AM

The 7 Cardinal Sins are wrath, greed, sloth, pride, lust, envy, and gluttony.

Posted by: nonegiven at March 6, 2012 11:31 AM

I've been in this field a long time.

Once upon a time, clients would listen to - and sometimes follow - my advise when I recommended fixing their underlying problems.

Now, they all believe that if they just install software A or buy "network appliance" B then everything will be just fine. They even get upset if I don't provide a list of Recommended Products.

Sigh.

Posted by: Shmoo at March 6, 2012 12:53 PM

@ Clive Robinson

"One thing I'm not sure they had right, which is what does BYOD realy mean,

BYOD = Bring Your Own ***, to our network.

Where *** could be,

1, Danger,
2, Disaster,
3, Doom,
4, Damager,
5, Destroyer,"

6. Drinks
7. Dessert
8. Doubt
9. Disarray
10. Double Entendre?

Posted by: mcb at March 6, 2012 2:01 PM

Your Liars and Outliers session is up on Youtube, for those of us who didn't attend: http://www.youtube.com/watch?v=hgEQfDV6NnQ
Lots of other great talks too. :)

Posted by: Mort at March 6, 2012 2:20 PM

11. Date
12. Desire
13. Damn thing
14. Dynamo
15. Dynamite

We could go on like this for days...

J.

Posted by: Jon at March 6, 2012 6:16 PM

Subscribe to comments on this entry

Post a comment




E-mail is optional and will not be displayed on the site.


Remember Me?


Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Powered by Movable Type. Photo at top by Geoffrey Stone.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Bruce Schneier
Blog Menu

Search


blog only
essays and op eds only
whole site

Blog Home Page
100 Latest Comments

Archives by Date

2012 J F M A M
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D

Support Bloggers' Rights!
Defend Privacy--Support Epic
Latest Book
Liars & Outliers
more books by Bruce Schneier
Syndication
Full Text Feed
Excerpts Feed

Follow on Twitter
Subscribe via Kindle

Translations
German
Italian

more translations

Crypto-Gram Newsletter
If you prefer to receive Bruce Schneier's comments on security as a monthly e-mail digest, subscribe to Schneier on Security's sister publication, Crypto-Gram.
read more