Thursday, March 13, 2014

Gartner Analyst Ben Tomhave missed the point of the RSAC Boycott

Gartner analyst Ben Tomhave published his RSA 2014 Round-up and here is his assessment of the RSAC boycott:
As an aside, it should be noted that the planned protests had no real perceived impact on the event, which is rumored to have had attendance in the 25-30k range (I’m waiting on “official” numbers from RSA). Yes, the Vegas 2.0 crew did run their awareness event on the Wednesday of RSA, and some people were handing out pamphlets around the event, but really, that was about all that people noticed. I spoke to several people who planned to attend the competing TrustyCon event, but most of those people also were RSA speakers or attendees. Basically, the protests seemed to amount to much adieu about nothing…
 It should be noted that Ben was never a supporter of the protest. In fact, he accused me and other speakers who withdrew of "whiny grandstanding" so his assessment of the effects of the boycott is understandable if not predictable. However, the biggest error that he made in his assessment is that he missed the point, much like Bruce Lee's student in this clip from Enter the Dragon:


Just like the student who stared at Bruce Lee's finger instead of the heavens, Ben and many other folks who objected to an RSAC boycott confused the action (the boycott) for the target (RSA, not RSAC). Boycotting RSAC was the finger. RSA's poor judgment around Dual EC DRBG was what the finger was pointing at.

To that end, the boycott was successful because it raised awareness about exactly what happened between the NSA and RSA, and because it forced RSA Executive Chairman Art Coviello to spend much of his keynote attempting to convince his customers that RSA was an innocent victim that the "bad" NSA took advantage of. RSA is truly awful in crisis management.

Most importantly, RSA Security has even less credibility among existing and potential customers than ever before. There's an object lesson in there somewhere for CEOs and their boards who continually choose to sacrifice security on the altar of profitability.

No comments:

Post a Comment