RSA 2018 – Panic

| April 17, 2018

Panic at RSA

While I wandered through RSA today, a song came to mind. You might recognize it, especially if you wore a lot of black clothes in the 1980s.  Its Panic. RSA 2018 is all about panic.

Enjoy my new lyrics to this Smiths song.

Panic on the streets of Frisco
Panic on the streets of Austin
I wonder to myself
Could infosec ever be sane again?
The expo people that you slip by
I wonder to myself
Hopes may rise on the valuation
But honey pie, you’re not safe here
So you run down
To the safety of Moscone
But there’s panic on the streets of Palo Alto
Santa Clara, Seattle, Reston
I wonder to myself

Burn down the RSA
Hang the blessed hardware
Because the products that they constantly push
It says nothing to me about my cloud
Hang the blessed RSA
Because the products they constantly push

Hang the RSA, hang the RSA, HANG THE RSA!
The expo people you slip around
Provincial marketing is dead now
Hang the RSA, hang the RSA, HANG THE RSA!

For cultural reference, here is the original song.

Infectious song. That is because panic is infectious. When one person panics, it is natural for other people near by to panic as well. Put all those people in one place, say San Franciso, for a week and panic will spread.

This panic is not the terror type. Rather, the panic of desperation. That sinking, crushing feeling that you are no longer relevant. You are obsolete. Old, washed up, and losing market share…and your pants do not fit.

I had a friend who worked at Blackberry years ago when they were rapidly losing market share. I remember him desperately trying to convince me that Blackberry would roar back to relevance. After a solid 20 minutes of trying to convince me, he finally admitted “yeah, I know, we are toast.”

In retrospect, I now realize that my friend needed to go through the motions of convincing me. All his posturing and justifying Blackberry was his own descent into reality. I did not need to disagree or refute him. He needed to convince himself.

RSA is not toast, far from it. This is only the opening day. It is RSA’s obsession with “product” that is ending. There is a sick desperation in every booth. “Look at me, I am still relevant!” These are people desperate to justify their high salaries and ludicrous indulgences.

Perhaps RSA itself is a symbol of this. RSA, the company, is irrelevant. Their products are long past their shelf life. Nobody wants another gigantic SIEM (or whatever they call it these days) that will do everything because there are not enough unicorns in the universe to run that product. It does not matter how many threat intelligence dark web AI widgets you jam into that box, if nobody stays employed long enough at your company to run that box, it is a giant waste of money. RSA, and its many competitors, are schlepping buggy whips to an audience of car drivers. Symantec, Juniper, IBM, Cisco…they are all desperate for relevance.

However kudos is due to a few vendors who are *starting* to get it. Namely Palo Alto networks, who realizes there are only so many boxes you can sell. Their recent purchase of Evident.io (for $300M!) shows they are still a smart company and have way too much money to burn. Hey, Mark McLaughlin want to spend $300M the hard way? You must have been something before the cloud. (Say those last two sentences in a Rodney Dangerfield voice, its much funnier.)

And the other one… *gulp* … I cannot believe I am going to say this, McAfee. Ugh. My dislike of McAfee shrunk a bit last night when I noticed their marketing is 100% cloud-centric. Okay, somebody at McAfee gets it. Hats off to Chris Young.

Now, take a look at the Innovation Sandbox winner, BigID. This was a worthy win for the Sandbox, but it is also a panic solution. BigID is a privacy tool for data discovery, classification, and analysis. It is built to feast off GDPR and privacy panic. The CEO Dimitri Sirota began his presentation mentioning Facebook’s Mark Zuckerberg’s recent congressional testimony.  That is about as relevant to current panic as you can possibly get.

I do not fault BigID one bit for doing that. However, step back and think about that for a moment: the most innovative product is a product designed almost exclusively to alleviate privacy worries and panic about GDPR compliance.

I admit, we have needed a BIgID type product for a long time. Anitian has done data classification projects over the years and they are always a messy, complex endeavor because there are no good solutions in this space. Many of the DLP-type products that do this are expensive and lame (except you ForcePoint). And privacy? In the USA, privacy is a joke. This is an area where Europe, through GDPR is exercising some real muscle. Because all these USA companies who want European business are not going to get around GDPR with some checkbox audit.

This is what happens when reality starts to close in on irrational exuberance. Panic sets in. People must face the fact that all their posturing, posing, and pontificating means nothing when the feds are raiding your lawyer’s office. Oh yes, I did just equate Trump’s problems to RSA’s problems.

That is because his problems mirror our problem. Reality is coming down from the cloud and this reality does not care about your fake news (aka “marketing”). You can deny the impact of the cloud (or Europe) all you want. You can cling to your boxes of threat intelligence all day, but this does not change the fact that its over. And maybe we need to hang RSA out to dry.

However, don’t take it as if I want RSA dead. On the contrary, I want its current form to die, so it can be reborn. Death is change. RSA needs some change, now.

How soon is now?

That is another Smiths song. 

Want a big gulp of cloud security reality then come on down to the AWS and Anitian Security and Automation Pop Up on Wednesday. We will be playing Smiths and dancing morosely in our black jeans. Okay, maybe not that, but we will have rad speakers on cloud security and automation.

Share this post: