Big Rocks, Big Ideas and Big Opportunities

From Monday’s Innovation Sandbox to Friday’s keynotes, innovation was a central theme of this year’s RSA Conference 2012  in San Francisco. As Hugh Thompson said in his final remarks, the Innovation Sandbox proved that innovation is alive and well in cybersecurity. Perhaps 2012 will indeed be, as Hugh suggested, “The Year of Innovation”.

But as the entries in the Innovation Sandbox showed, innovation is not a monolithic concept. Over the course of the week, I heard of at least three different kinds of innovation. The winner in Monday’s Innovation Sandbox fell, for me, into the category of “Big Rocks”. That is, the problem that Appthority addresses – the difficulty of assessing the security of applications in the mobile space – is a significant issue that can affect not only the personal security of individuals but also everyone’s confidence in online commerce via mobile devices. It was the importance of this issue that was cited as the primary reason why Appthority was chosen as this year’s winner. The issue that it addresses is a big one, requiring creativity and invention in its solution. Though Appthority isn’t the only capability that’s needed, both the technical innovation in Appthority and the problem it addresses are significant.

The “is this a big rock” point of view was generally voiced by the IT and enterprise representatives on the Innovation Sandbox panel of judges. The venture capitalists on the panel, on the other hand, brought the perspective of “is this a big opportunity”. Hugh had suggested in his opening remarks to the Innovation Sandbox that third-party certification of mobile applications could be a viable business. The proposal isn’t ground-breaking from a technical point of view. But it may be significant because of the opportunity for commercial success. Innovation for “big opportunities” expresses a different (though not mutually exclusive) focus in assessing the value of an innovation compared to the focus in “big rocks”.

The third area of innovation that I heard at the conference, though not particularly in the Innovation Sandbox, is “Big Ideas”. For me, the best exemplar of this was in the keynote by Sal Khan, one of the most enthusiastically received keynotes in the conference. Sal expressed what I heard as two fundamentally transformative ideas. The first of these was the core idea of Khan Academy: as he expressed it, “free world class educational videos for anyone, anywhere”.  The other was the transformation of classroom education: as he put it, from a focus on fixed time with variable mastery, to fixed mastery with variable time. The prototyping of this idea in the Los Altos classroom, with its collaboration among the students, and the change of the teacher’s role to mentor rather than lecturer and grader, brought the idea to life in new and exciting ways.

Recognizing the different kinds of innovation can help in understanding what you are trying to accomplish. But in one respect, all innovations that I saw at the conference were fundamentally similar: that is, even if the innovation clears away an old model, as Sal Khan did in Los Altos, the innovation is fundamentally constructive. They create new solutions to significant problems; they create value in addressing major opportunities; they transform educational models, security paradigms, and old ways of doing business.

This constructiveness in the innovations at the conference seems to me a much more effective way of thinking about our roles as security professionals than the hawk/dove paradigm that was suggested in the HP keynote. In preparing the foundation for a new building, you clear away the old cement and steel girders. But the goal is to build a new structure. And that constructiveness is our role as well, a role in stark contrast to the destructive forces that we are striving to combat.

“Why would anyone want to destroy my laptop?” my daughter asked me when we were confronted with an infection that turned her computer to a brick. I don’t know the answer to that question. But I do know that what we are doing in cybersecurity is not only trying to prevent that destruction. We are builders, at the best of times infused with that sense of purpose that Art Coviello called for in his keynote. We are participating in the very biggest of big ideas, pushing the biggest of the big rocks, addressing the most essential of all opportunities: protecting the trust that underlies our economy, our political institutions and our personal relationships.

No Comments