Marc Benioff is the second nominee for my Cyber Privateer Fantasy League team (see his 11/8/2010 nomination here). Oracle's Larry Ellison sends his X-wing fighters into cyberspace to fight against the forces of evil, while Benioff makes a stand with one big fat target I call the Salesforce "Death Star." Actually protecting one entity against cyber incursions may be much more efficient from a security standpoint, since just one service has complete control over security compliance and software upgrades. Compare this with with the problem of protecting every single Oracle (and Java) customer in the Universe. Following is a little fun, a kind of Einsteinian "thought experiment" on a possible future scenario. Imagine Mr. Benioff publicly testifying before an open session of the Select Senate Intelligence Committee.
SENATOR: Thank you Mr. Benioff for taking the time to be with us today.
BENIOFF: Like I had a choice.
SENATOR: [Unintelligible whisper from an aide.] Please, Mr Benioff, this does not need to be a confrontational hearing. In exchange for your unambiguous and truthful testimony, you've been granted transactional immunity. This means that nothing you say here today can be used against you or your firm, even if other law enforcement organizations independently obtain evidence of criminal wrongdoing.
BENIOFF: I just made a statement of fact. I intend no disrespect to this body.
SENATOR: [Clearing his throat.] Thank you for clarifying that. Now, Mr. Benioff, the purpose of this hearing is to dig into a
Wall Street Journal story of Friday, April 1st, 2016 which reported that your company, Salesforce-dot-com, is the only major cloud computing entity in the world that has had no security breaches. Is it correct to assume that this story is no April Fool's joke and that you indeed have no security breaches to report to your stockholders or to the government organizations responsible for overseeing President Obama's executive order setting up voluntary best practices for the industry?
BENIOFF: I can assure you, Senator, that this is no April Fool's story. We have no security breaches to report for all of 2015 and thus far into 2016.
SENATOR: How do you explain this, given the recent heavy losses reported by every industry sector, major technology company, and our banking infrastructure itself?
BENIOFF: We have contracted all corporate cyber security with an offshore entity called CyberPrivateer-dot-com.
SENATOR: Given that the United States of America spends billions of dollars on cyber security, I find it odd that you firm has no line item in your financial reporting indicating expenses related to your own cyber security. According to the president's executive order, you are required to report costs of compliance, whether or not you are following the recommended best practices. Why is it, Mr. Benioff, that you have no such line item in your 10K and 10Q reports to the Securities and Exchange Commission?
BENIOFF: Senator, that's because we don't pay any money for our security. It's free from our supplier.
SENATOR: [An aide slaps the senator on the back to help overcoming a coughing fit.] I beg your pardon! Do you mean to tell me your unprecedentedly effective cyber security is not costing you a penny? Come now, Mr. Benioff!
BENIOFF: Truly Senator. And I understand that my blanket immunity in this proceeding is null and void if I perjure myself. Let me assure you, we do not pay a cent to the organization who provides our security.
SENATOR: How in the name of [explicatives deleted] and Mary does this entity make money?
BENIOFF: They simply insisted on two conditions. First, we provide them with peer-to-peer access to our servers and the error logs intruders trigger when they attempt to violate Salesforce-dot-com secutiy. Secondly, all our customers have agreed to terms and conditions of usage whereby they hold Salesforce-dot-com harmless no matter what our third-party security firm does to recover losses incurred by them due to activity of cyber thieves.
SENATOR: I still don't understand how your security firm, I believe you called them CyberPrivateer-dot-com, makes money.
BENIOFF: Oh, that's simple, Senator. Obeying a strictly enforced
cyber privateer code, what you'd call rules of engagement, they loot the assets of any organization or individual foolish enough to try and penetrate our systems. Those looted assets more than pay our customers for financial losses due to cyber criminal activity.
[An active discussion takes place between multiple senators, some of which is critical to the foul language coming from the questioning senator.]
SENATOR: [Now under emotional control.] What if the penetration activity is initiated by a government entity?
BENIOFF: [Laughing his "got'cha" laugh] Well sir, in the case of our own NSA, for whom we have refused to install back doors into our systems and for whose actions we elect not to confiscate financial assets of the United States of America, our security firm just counterattacks with computer virus modules that causes the attacking computers to melt down. This may be the reason your Utah Cyberwar facility has had such serious fire and power problems.
SENATOR: [To his fellow senators.] I
TOLD you they were responsible for our NSA troubles. [Turning to Benioff.] You're going [expletives deleted] to jail for this!
BENIOFF: I believe not, since my company, our contractors, and I have blanket immunity in my testimony today.
[This rest of this testimony classified as ULTRA TOP SECRET.]