Peter Christy

RSA is a puzzling event. On the one had it's a very successful meeting, fun to attend, and brings together the IT security industry for a week. On the other hand, when we saw old friends and exchanged the traditional show greeting "What have you seen that's exciting?" and the answer in general was "not much." That's paradoxical, or at least troubling. All the vendors were there and they were spending money like Persian Princes. And the security problems are as important as ever, if not more. So if the spending is there and the problems exist, why wasn't there much new? It's a puzzlement. Part of the problem is that it's a lot harder to solve today's criminal attack problems than it was to stop worms and viruses. And the customer now wants to talk in terms of intelligent risk mitigation rather than just "preventing bad things from happening" and that's difficult too. Maybe most of the vendors neither know how to prevent the modern problems nor how their customer should justify the expense. We can hope that things will improve by next year.

Cisco held a press/analyst day just before RSA that included a very interesting customer visit to (and dinner with) Esurance, the Web-based auto insurance company with the flashy cartoon ads. The event started with a "big" announcement of a partnership with RSA (specifically integrating information from EMC's Infoscape technology -- where the Tablus DLP content analysis stuff ended up) with the Cisco Security Agent (so the user would be notified when they were about to do inappropriate stuff with sensitive files). The cooperation makes sense and the basic ideas are noteworthy but on balance the discussion seemed sort of premature because what was actually being committed to was vague and sounded more like a "Barney" announcement ("I love you, you love me, we're a happy family!). There was more than enough "side story" to make up for any holes however. Richard Palmer, the long term Cisco security SVP and GM is moving off to run the edge router group (a $6-7 B business!) and Scott Weiss, the GM and previous head of IronPort is going to take over the larger security effort. The IronPort guys certainly think of security well out of the network box so it will be interesting to see how they change direction and speed.

At RSA Microsoft (with great fanfare) introduced the notion of "end-to-end trust" featuring a White Paper by Scott Charney, VP Trustworthy Computing, and featured in Craig Mundie's keynote, shown here in dialog with Chris Leach, Affiliated Computer Services' CISO. The paper and the topic are thoughtful and meaningful, but the tenor of the paper is very academic and not at all prescriptive. My MS friends explained that there is still a good deal of remembered pain from Hailstorm, Microsoft's web authentication effort from some years ago which was too prescriptive. Trying to resolve this tension I went around and polled some wise men in security on whether they thought we were winning the war (making the Internet safer) and sadly few feel very optimistic. In the past Microsoft has been a real industry leader in trying to drive collective change. Maybe it's just that Mundie isn't very comfortable wearing the shoes he inherited from Gates. With no blame meant toward Microsoft (they're still out in front of the pack in leadership) it sort of feels like the bad old days of Spam "control" -- Fiddling while Rome burns. I wonder if the bad guys buy analyst services.

In the last month John and I took separate (but equal!) vacations in Paris. John completed the Paris Marathon while I took my high-school daughter to visit this wonderful city on her Spring break. On our way back we were routed through Heathrow and had the bad luck of experiencing British Air's now infamous Terminal 5 on its first day of attempted operation. The BA planes were full of wonderful and expensive propaganda about how amazing and wonderful T5 was going to be (reminded me somehow of those olds jokes about a computer salesman who never consummates his marriage instead spending each night telling his new bride how great it's going to be). It took over two hours for our luggage to be unloaded into the new and marvelous baggage hall that was designed to be so efficient that it doesn't have any food or even anywhere to sit down (because the baggage will come so quickly!). Only the Brits can screw something like this up so badly (all those old British Leland auto assembly workers must now work for BA). Anyway, as they often cheerfully say "Sorry!"

You probably believed it was true anyway, but now using expensive modern brain imaging technology Stanford researchers have now gathered real evidence that sex does in fact help sell products (in this case motorcycles). To quote from their news release "The study showed that when heterosexual men are exposed to positive emotional stimuli—in this case, erotic photos of a man and woman—an area of the brain associated with anticipation of reward is stimulated. In the immediate aftermath of that stimulation, men are consistently more likely to take bigger financial risks than they otherwise would, said Brian Knutson, assistant professor of psychology."

Malcolm Gladwell Blinks at RSA: Malcolm Gladwell (who I must confess is probably my favorite author) was one of the paid keynote speakers and gave a really excellent 45 minute talk more or less on the subject of his most recent book Blink! Whether or not you've read the book I really recommend the movie (in this case the keynote replay available from the RSA website). The book and the talk are all about how humans make good decisions (contrary one might say about the McKinsey consulting approach) and how important this problem is now that we are swamped with information to deal with (it turns out less is more). And Gladwell is very entertaining to boot.