Since the beginning of the industrial revolution, the industrial society passed thru a huge number of changes, from the limitation of child work in the western societies to the introduction of the lines of production by Ford, passing by the popularization and ongoing decline of the mass newspaper industries. I wonder to know if the buzzword malady was also reality for the early workers and capitalists. Probably yes.

At the moment few buzzwords are more shocking to me than the idea of SaaS & Cloud security are anything rather than pure old security. I confess I try, but every time I stop to read the general discussion about the three subjects I notice a gigantic amount of… well… nothing.

I really try, but I can't read Chris Hoff idea of Economic Denial of Sustainability and see it as something new. In fact, the model Hoff uses to present his concept is a clear and very smart case of DoS made the right way, but calling it by other names, may sound brilliant to some and silly to others.

Those who old enough in the industry will remember that Cray supercomputers where an idealized target for hackers seeking to crack passwords, but once the hacker succeeded into getting an account, he would face the challenge of dealing with a large number of users totally obsessed with their CPU quota consumption. And if this is not convincing enough, I remind you that even Gus Gorman discovered how to achieve "death by 1000 cuts" long before Chris would craft the EDoS term!

And since Chris talks about economy, better we start with the Microeconomics 101 and remember that scarcity is one of the bases of the current economic thinking; so in fact every DDoS attack is an attack on scarce resources. The point is that people on our industry focus on the link, CPU, but businesswise, the question is one and only: Is the hassle (of being online) cost less than the benefit achieved?

Would you call of EDoS a company attempt to take over human capital from a competitor? I guess most of us would call it business as usual, in the same way that keeping control of the CPU quota was business as usual for the supercomputer users.

But if Hoff's EDoS concept is also a very good attempt to think out of the box. My problem with his idea emerges not from the concept itself but from the attempt to create a new class of attacks within the scope of "cloud security", a classical buzzwording attempt.

My impression is that things like cloud security come from the industry habit of seeing security problems with too much focus in technology, and to project our own cultural perspectives on the interpretation of the circumstances. These are people inventing magical solutions to solve models that are confuse from inception and may not survive in the next decades.

It is sad to say, but I have a feeling that the "professionalization" of the security practice is starting to show the disadvantage of specialization, or as put by William Barrett "the more specialized… the more nearly total the blind spot toward all things that lie on the periphery of this focus". No wonder a large part of the industry fails to identify the cloud and SaaS as new names for a model of business that came and left the IT industry several times during the previous years.

The buzzwords are becoming more and more deep-rooted into the information security leadership and this is something concerning after all, even students on Microeconomics 101 learn that when the advertisement leads to increased monopoly power or is self-canceling, the consequence is the good old economic inefficiency.