February 21, 2012 Leave a comment
Next week, something insidious and life-choking will settle over the San Francisco Bay area and threaten everyone with confusion, nausea, and full loss of body hair.
The cloud of FUD.
For you South Park fans, yes, this is far more dangerous than the Cloud of Smug introduced in one of the classic South Park episodes (The Perfect Storm of Self Satisfaction). In the episode, the South Park residents begin to purchase hybrid cars (the Toyonda Pious) in large numbers, and their self-satisfaction in their eco-friendly ways creates a dangerous cloud of smug. Unfortunately, the South Park cloud collides with two other clouds of smug, one from the general self-satisfaction of the SF Bay inhabitants and a rogue cloud from George Clooney’s Academy Award speech. This creates the perfect storm of self-satisfaction with catastrophic results, destroying San Francisco and causing general havoc in South Park.
The RSA Conference is next week, and the amount of FUD in any normal RSA week can be problematic. But this year, the IT security world is at an interesting crossroads. The underpinnings of trust have been called into question through breaches of companies like Diginotar, and more recently, VeriSign. Analysis released last week called into question encryption algorithms used by RSA, who is still reeling from a highly public breach last year. Studies indicate that breaches are on the rise, and targeted attacks (including the Advanced Persistent Threat) are hitting their mark with increasing frequency. And we have no idea how many breaches are yet undiscovered and when we do discover them, we lack the tools to fully assess the damage. The public disclosure of the VeriSign breach included language from VeriSign management that they were still not quite sure what had been stolen, in spite of the breach occurring in 2010. Attacks like Duqu were illustrative of the growing sophistication in data gathering techniques to build even more sophisticated follow-on attacks.
We have entered a new phase in IT security to be sure, and all of this uncertainty will amplify the FUD volume to deafening levels. That is because while there are several innovative companies offering real solutions to these new problems, the majority are scrambling. When companies scramble in the IT security market, the result is a Perfect Storm of Self Preservation. Those who lack real answers will look to duck and cover, and the predictable result will be epic volumes of FUD with a healthy undercurrent of smug.
Seriously, we should consider renaming the RSA 2012 exhibit area FUDapalooza! I am not talking about the usual “hamster wheels of pain”, “yes, I do that” (before a question is asked) level of FUD. This will be highly advanced, super concentrated FUD.
For example, everyone, including the nice people that serve old, stale sandwiches in the lobby for $18, will have “The Solution for the Advanced Persistent Threat”. Everyone will have the “Next Generation of Threat Protection” and “Your Weapon for Cyber Warfare”. Companies that went the M&A route will have the “First Truly Comprehensive Security Suite/Platform”. The large, “usual suspect” companies with the huge booths at the center of the floor will promise to plug the massive gaps that studies now show their own products to have.
I remember my first RSA Conference in 2005. I was immediately struck by the signal to noise ratio (very little signal, copious amounts of noise) and lack of clear messaging and differentiation on the exhibit floor. One of the more popular posts for this blog was about the animals you will see at RSA. I can only imagine what 2012 will be like.
At the end of the South Park episode, Kyle points out to the citizens that driving a hybrid is really a good thing, but they have to learn to drive them without being smug. The townspeople go back to their old gas guzzling cars, saying that “it’s simply asking too much”. The RSA Conference could be an excellent place to explore ways to meet the new challenges we collectively face today. Unfortunately, I think for most of my vendor comrades “it’s simply asking too much”, and most will instead take the Gladiator approach and unleash FUD hell.
The Cloud of FUD is coming. Bring your Hazmat suit.