Chrome OS: Why It Will Fail
The Chrome OS, which basically is one of the best thin client concepts yet to hit the market, has a lot of potential.
The Chrome OS, which basically is one of the best thin client concepts yet to hit the market, has a lot of potential. But like most efforts of its type, embedded within it are the seeds of failure. Fortunately for Google, there is substantial information from companies ranging from Apple to IBM to assure the product's success. Unfortunately for Google, the company is young and hasn't yet learned to use this information; instead it has a history of learning by doing. If that isn't changed, this effort will fail, likely in a rather spectacular fashion and connected to a massive data breach.
First, let's look at the reasons it will likely fail, then I'll follow with a piece on why it could succeed. Let's be clear though, the Chrome OS moves the market and there is little doubt in my mind that the future of computing will likely be something like it, but on Google's current path, the solution that goes mainstream probably will come from a different company. In other words, no one tied to the current ecosystem should take this as a reason to sleep easy.
If you think about what's considered adequate security in the current PC environment, well, it sucks. But it's hard to steal lots of information from lots of people partly because that information is widely distributed, the PCs on which it resides often are not on, and they reside behind changing network security offerings. You can certainly get to information, you just can't seem to get to it massively even with botnets, the best of which have technology that most legitimate IT shops would die to own.
If you take all this information and put it in one place, breaching it becomes a matter of breaking passwords. With a regular PC, you'd typically have to not only get the password to it (if it even has one), you'd have to get the passwords to all the related services you'd want to penetrate. You could do that machine by machine with keyloggers, bots, or by going directly to the services, but then you have to go service by service. If you want to protect the PC, there are existing technologies like the Trusted Platform Module, which can make penetration incredibly difficult. Granted, it isn't used as much as it should be, but the very complexity of a PC ecosystem actually increases its ability to defend against massive attacks.
With Chrome OS, you simply have to penetrate its always-on, always-identically-protected account. Once in, you should have access to cached passwords for every service used on it. In effect, Google is making the same initial mistake Microsoft did, but with an outcome likely to be more dire. It's trading off security in favor of extreme ease of use. Google could mitigate this simply be eliminating passwords and requiring a solid multi-factor authentication method from any hardware manufacturer that supports Chrome OS. But it appears to be repeating Microsoft's mistake of leaving security to third parties (something Microsoft has been correcting most recently with Security Essentials and Forefront Security). IBM never gave up owning security for its offerings, and while it has had some issues, it has a reputation for security. It doesn't matter how secure the back end is, if user access isn't secure, passwords are not secure.
One of the comments made during the Chrome OS launch was that Google didn't have a strategy for it; the company focused on user needs (at end of this post) instead. Not only did this showcase a distinct ignorance when it comes to strategy -- focusing exclusively on needs is one -- but it repeats a common mistake made by those that want to bring to market a revolutionary product. What was really foolish was one of the founders appearing to announce the premature death of Android, an operating system that is just now gaining traction.
The ROKR phone that preceded the iPhone to market was built on customer requirements; the iPhone was not. Now which was the most successful? The reason you don't focus exclusively on customer requirements with a revolutionary product is that the customer doesn't yet know what they are.
Instead, and taking a page from Steve Jobs' book (See "Inside Steve's Brain"), you focus on what you think those requirements will be. Then you get something that stuns the market, as opposed to something that people suddenly see as incredibly inferior. Given Google's CEO was on the Apple board, you would hope he had stayed awake during board meetings to pick this up.