Schneier on Security
A blog covering security and security technology.
« British Anti-Theft Briefcase from the 1960s |
| Comic: Movie Hacking vs. Real Hacking »
March 5, 2012
Themes from the RSA Conference
Last week was the big RSA Conference in San Francisco: something like 20,000 people. From what I saw, these were the major themes on the show floor:
Who else went to RSA? What did you notice?
Posted on March 5, 2012 at 1:30 PM
• 26 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
A lot of companies selling fear.
@pmp "A lot of companies selling fear."
There are two reasons people buy stuff. They are greed and fear. People buy iphones because it provides them instant gratification. People buy life insurance because of fear.
Unfortunately the only way you can get people to buy security stuff is to sell fear. After all, it is difficult to get excited about the latest security offering. In the best case it works and nothing bad happens to your machines and networks.
An astounding number of companies, big and small, selling protection for BYOD. Hard for any one vendor to stand out in this market with all the background noise. Yet there will have to be a major shake out to narrow the field down to a workable number.
Why does the field need to be narrowed down? Manufacturers implemented APIs so people could even roll their own device policy solutions. Whether a vendor's feature set meets your needs or not seems like valid criteria. I don't think we need a situation like "well, we either go with SAP, or x".
Some people will need a particularly robust BYOD solution with extensibility, others will just need something simple, like locating lost devices. The more competition, the better, IMO
@ Malachi J,
There are two reasons people buy stuff. They are greed and fear
Err no. The two main human motivators appear to be "envy" and "fear" gread comes a long way down. Thus people by iPhones not out of greed but envy.
@ Malachi J
"Unfortunately the only way you can get people to buy security stuff is to sell fear."
Perhaps sales people have to resort to fear to get a sale but the security professional's job is to understand risk, prepare business-appropriate remedies, and promote confidence. If you communicate a risk to decision makers and they choose to accept it rather than mitigate it that's on them. Security professionals deliberately scaring clients is unseemly and ultimately counterproductive.
Huh... What does "RSA" even stand for? Seems impossible to find out from their website, at least.
Other than that, both pmp and mcb have valid points - and what's this list you're talking about, Clive? Any chance the rest of us might see it?
@SnallaBolaget, it stands for Rivest, Shamir, and Adleman, the three cryptographers who were the first to publish openly the public key algorithm which shares the initialism.
Also a lot on cyber terrorism and cyber warfare, and off course more fear because of that.
Noticed a lot of booth babes. Didn't see fear with themor the rum they were offering.
One more thing.
Thank you Bruce for the free book and signing. Just awesome.
Tons of companies selling expensive enterprise solutions that will help security but not prevent ALL hack attempts.
Several researchers were emphasizing how much trouble this "Bring Your Own Device" will cause. Get inside the corporate network with this rogue app!
Cheaper than dropping a USB key in the parking lot.
Um, I bought an iPhone because the droid 2 I had sucked rocks.
A- Algorithmic Based Security degrades as an inverse of Moore's Law.
B- With an inverse of the Moore's Law cost curve to cost out maintaining security on an open, interacting portal.
Sam Peds' Laws:
C- Policy fails to impede technology;
D- Motives to use technology despite policy are freely inventable to suit using the technology.
Sam's Joint Law:
E- Those uncomfortable with the above laws will seek to change the definitions
of key terms so as to seem to empower themselves
to create policies to impede technologies.
This has a great deal to do with the science of perceptions
and the taxonomy of data used as infortmation.
"what's this list you're talking about, Clive? Any chance the rest of us might see it?"
I wouldn't presume to answer for Clive, but if it's the list I'm thinking of, I'll stick with Lust and Gluttony. ;-)
Did anyone happen to drop dodgy usb sticks in vendor bowles? Or pick one up?
'The two main human motivators appear to be "envy" and "fear"'
Not sure who said it first (Thomas Moore?), but the correct order is:
Status can be divided into two non-exclusive motivations:
1.a Promote status increase
1.b Avoid status decrease (status angst)
Survival and sustenance can trump 1&2, when needed (but not in young or high status males).
Nothing on the Expo floor really struck me in a big way. In this day and age where product information is readily available online, I don't see much value in this form of exposition.
The sessions are much more important -- while some were trying to play up big data, I think the most significant theme was BYOD. The biggest issue facing us in this regard is that while most vulnerabilities come from failing at the basic "blocking and tackling", BYOD looks like putting the cheerleaders on the line of scrimmage.
I also enjoyed the debate format for some topics, such as software liability (yesbruce).
One thing I'm not sure they had right, which is what does BYOD realy mean,
BYOD = Bring Your Own ***, to our network.
Where *** could be,
And befor people mark me down as being a pessimist I'm not the only one of this view point,
Love your quote in the above article ;-)
I noticed that it is never a good idea to announce that there are 1000 free copies of a book waiting at the HP Pavilion BEFORE you start the Q&A.
I also noticed that when a mob is swamping a pair of over-matched booth babes for a copies of said free book, they will be completely oblivious when the author of the subject of their desire pushes through their midst to get to the signing table. :-D
Thanks for the book, and I can't wait to see what sort of social experiment you run on your mob, I mean audience next year.
Thanks @Peter and Civil Libertarian. :)
The 7 Cardinal Sins are wrath, greed, sloth, pride, lust, envy, and gluttony.
I've been in this field a long time.
Once upon a time, clients would listen to - and sometimes follow - my advise when I recommended fixing their underlying problems.
Now, they all believe that if they just install software A or buy "network appliance" B then everything will be just fine. They even get upset if I don't provide a list of Recommended Products.
@ Clive Robinson
"One thing I'm not sure they had right, which is what does BYOD realy mean,
BYOD = Bring Your Own ***, to our network.
Where *** could be,
10. Double Entendre?
13. Damn thing
We could go on like this for days...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.