Keeping it real at RSA
Probably one of the more egregious marketing maneuvers employed in the lead up to the RSA Conference (starts 2/14 in SF) is the claim “our product/service/cloud/app could have prevented the WikiLeaks leak.”
Leaving aside the questions of just how much secrecy is needed to conduct US deplomacy (and I think there is a legitimate question as to why so much must be secret in an open democracy) it seems pretty clear that some basic access controls and a little less “sleeping at the wheel” would have significantly reduced the amount of material that got dropped off in the WikiLeaks secure drop box.
I dislike the breathless over statement of a products functionality so that it can be shoehorned into the problem de jour. In particular, I think it is a disservice to the RSA Conference participants to imagine that they can be panicked into considering a product based on a popular news event. Organizations that have proprietary data to protect should, at this late date, already have a data protection plan in place. To be honest, organizations that don’t have a data protection plan will most likely be put out of business by their next service outage, not a lack of security.
As the RSA Conference rapidly approaches, I’m keen to see the really cool stuff that promises to be on display. There are a number of products that are attempting to make cloud computing safer by offering encryption and secure connection services. I think these offerings could go a long way towards making cloud services usable for regulated industries that currently shy away from the otherwise tempting cloud infrastructure options that are currently available. All of this minus the slightly shrill varnish of “we could have stopped WikiLeaks.”