I wrote last week that I'm concerned that Apple and its copycats will use Flashback malware as an excuse to push a desktop walled garden model, raising IT costs while solving nothing. But if Apple and its groupies were to share control with IT, that approach would be palatable. Here's why.
But first, allow me to offer a comparison. I'm a frugal guy, which plays well with the CFOs I've worked with. I grew up with Depression-era parents and six siblings, so reuse and recycle were more than hipster terms in our house. To this day, I won't lease a vehicle. I buy cars used and drive them to 200,000+ miles, happily investing in maintenance and repairs from independent shops. Sadly, those days may be coming to an end now that auto makers are taking a page out of the software vendor playbook and pushing to make vehicle repairs proprietary.
My concerns about the cost of vehicle repairs will be replicated in the IT organization if the desktop walled garden and secure boot are implemented in a way that fails to recognize IT as an authority over that hardware. Under the current desktop model, IT leaders have their pick of "independent computer repair dealers," both from a software and hardware perspective.
Anybody who's been watching this industry knows that Apple's going to go walled garden on its desktops, whether or not it blames Flashback malware. And if other suppliers follow, it's just a matter of time until IT has fewer choices for repair and software distribution, all of which will mean higher prices.
But if IT organizations apply their considerable buyer power and influence to Apple's smaller competitors, those suppliers may relent and let IT control at least some of the walled garden--and thus Apple may be influenced through Michael Porter's "rivalry" force.
Which concessions should IT organizations pursue with Apple rivals? They need two important keys to the walled garden gates.
Part of Apple's walled garden is the notion of authorized or signed code. One reader of my column last week took me to task because he perceived that I was against signed code. I'm not. Signed code is OK, and can even be preferable, because if you don't know who someone is, you don't want his code running across 10,000 desktops at your organization.
What I'm against is creating conditions whereby only your desktop supplier can authorize a signer. If Apple would let IT organizations register "known good" code suppliers, that's the first key to a more acceptable desktop walled garden. Apple already lets enterprises registered with Dun & Bradstreet distribute their own enterprise apps for a mere $299 annually; they just don't let enterprises buy apps from anyone but Apple.
That model isn't good enough. We need to make it very clear to Apple's competitors (and thus to Apple) that CIOs will prefer hardware and operating system suppliers that provide conditions whereby IT organizations can, on an ad hoc basis, add a software supplier as an authorized signature for that enterprise's desktops.
The other key to the walled garden is the approved and legal notion of jailbreaking a device. Nobody would ask manufacturers to provide warranty or support for a jailbroken product. But manufacturers that incite our lawmakers to make jailbreaking illegal should feel our collective buyer power wrath.
The stakes are high, as noted jailbreaker and open hardware advocate "Bunnie" Huang related to me earlier this year with this example. If a car maker such as Ford were to get locked down with secure boot on critical computers that run its manufacturing robots, and the robotics controller software maker were to go out of business, Ford would have a huge problem. It would be faced with either turning to a new support supplier that's breaking the law by reverse engineering or jailbreaking the software, or buying a new assembly line.
But plant managers don't know enough about computers to advocate for open systems and keys to walled gardens. They rely on us, the IT pros, who shouldn't fall for some mythical notion that wall gardens keep our equipment and data safe.
We work for our employers, not for our IT suppliers, and we're the experts our colleagues and bosses will turn to if something goes wrong critical systems. IT leaders at the table with suppliers would do well to remember which side they're on.
From clouds to mobile to software development, threats may be everywhere, but they're not equally dangerous. The new, all-digital IT Strategic Security Survey issue of InformationWeek will help you prioritize. Also in this issue: IT must decide how to deal with consumer cloud storage being used in businesses. (Free registration required.)