Why “Faster Than the Bear”?

...I don't need to be faster than the bear...

The title is the punch line from a joke that I first heard years ago. The version I heard went something like this: there were two guys camping in woods. Just after they had crawled into their sleeping bags and nodded off they were awaken by the sound of their campsite being torn apart, punctuated by the frightening roars of an irate and hungry wild animal. Through the tent they could see, cast by the light of the full moon, the shadow of a bear standing upright on its hind legs lumbering towards the tent.

As the bear’s claws began ripping through the canvas the first guy throws off his sleeping bag and yells, “It’s a bear, run for your life!” The second guy rolls out of his sleeping bag and calmly begins to put on his sneakers. The first guy says, “What are you doing? Are you crazy? Bears can run at 30 mph! Your sneakers won’t help you run faster than that bear!” To which the second guy replies, “I don’t have to run faster than the bear, I only have to run faster than you.”

This is very much like the situation we have right now in the security realm. There are bears out there. Lot’s of bears. They run fast. They are hungry. And, very frankly, nothing you read here or anywhere will help you run faster than these bears. If they want to catch you, they eventually will.

It may sound heartless or defeatist or cynical, but the truth is we don’t have to outrun these bears, either. We only have to outrun some of the other campers out here. We only have to make getting into our network or our applications or our website or our laptop a little more difficult than the camper with the IP address adjacent to ours. We only have to make our authentication or our authorization or our access control just a little bit better than the guy who hasn’t gotten out of his sleeping bag yet.

And, oh, yes… there is no shortage of campers who feel the same way about us.

