Radio Technologies of the Past and the Future

For us technologists, it is easy to assume that a good technology will find market success based on its technical merits alone. Sadly, this is not the case – otherwise we would all be using Amiga computers (yeah, not Macs).

I was at Forrester Marketing event in Dallas a few weeks ago and was invited to a tweetup event. The 80 or so business cards I brought for the trip were gone that night before the event started.  For the next two days I had to exchange information in a very primitive way. What happened to infrared (IrDA)? Back in 2001 I could beam by vCard to everyone at the Palm Developers Conference. IrDA is a well defined standard, the radio is super cheap (less than a buck, I am pretty sure) the vCards are well defined standard. What happened? lack of customer adoption combined with a need to save power?

Then this past weekend at home we changed the arangement in our living room and we got new furniture. The cable box is now slightly behind a sofa. My wireless remote (infrared, coincidentally) is no longer useful. What? this is 2008 – the 21st century! Where is Zigbee?

Zigbee is a super low-power and low-cost RF technology ideal for industrial and home control applications. It has been available for years. Now that most people are buying $1,000 40+ inch LCD TVS it would add a few cents to the cost of the TV and remote. Or maybe not because it would save the cost of infrared. Customers would enjoy longer-range remote controls and would not have to point the remote at the TV or would not even have to have line of sight. Your cable box and stereo could be in a closet and things would still work.

So I went to the ZIgbee alliance website and looked for a remote control – they have to have one. Sure enough, there are a few, like this Niles iRemote, but they are super-high end remotes costing $1,000.

As an entrepreneur/marketer, where I spot an unfulfilled need I see opporutnity. Hello, Logitech, Sony, anyone?

Microsoft buying RIM? 6 reasons why it will happen and 6 reasons why it won’t

A few friends have asked what i think of the speculation about Microsoft buying RIM. It is certainly an interesting proposition. Let me offer a few pros and cons. Keep in mind that RIMM is a company built of three main areas: an operating system and software stack, device design and manufacturing, managed service operations (NOC). 

Why it could happen:

1. At current value, RIMM is cheap, at least compared to what it was worth six or twelve years ago. Not a lot of money.
2. Microsoft is a very competitive organization. Steve Ballmer is hyper-competitive. To an extent, you could say Microsoft is obsessed with winning. They hire type-A persona lites, they like to win. Not being able to beat RIM hurts. Buying your competition is not exactly beating your competition but it eliminates the competition.
3. Microsoft would instantly have a much larger share of the smartphone market and would have a better chance at driving consolidation in a crowded space (iPhone, Windows Mobile, BlackBerry, Symbian, Android, Access PalmOS, OpenMoko, etc.)
4. Microsoft would gain some unique hardware design and usability skills that the company could use.
5. Microsoft is already in the device business. A similar thing happened in the music player business: Microsoft tried a partner-based approach by licensing Windows Media to creative, Sony and other electronic manufacturers and when it became evident the strategy was not working the company launched its own device, the Zune, while maintaining the licensing model for Windows Media, DRM and the player platform. Microsoft has proven it can be good at consumer electronics and hardware with the XBox and with the keyboard and mice business. With the acquisition of Danger Microsoft is already in the smartphone hardware business.
6. Sure, the platform is incompatible – so what? It did not stop Microsoft from buying Danger. DataViz offers a J2ME ActiveSync client that could sit on top of the Danger and the BlackBerry to get both platforms connecting directly to Exchange servers.

Why it will not happen:

1. There is no glory in buying the competition. Microsoft could not never say they beat RIM, they don’t “win”. The acquisition would build upon the bully/monopolistic image of Microsoft rather than the innovator image they are trying to build.
2. The technology is incompatible. BlackBerries are built on a proprietary OS with Java on top. To make it work, Microsoft would have to migrate the entire software stack to Windows Mobile and .Net which would take a lot of time, take a lot of resources and skeptics would say in the process Microsoft would kill all the goodness of the BlackBerry platform. Not because of this goodness is tied in any way to Java or because of lack of capabilities in Windows Mobile (in fact, I believe the Windows Mobile architecture, developer platform and tools are an order of magnitude better), simply because porting a full smartphone stack while leaving it intact from a customer experience perspective is pretty much impossible.
3. Microsoft would become a hardware manufacturer becoming a competitor to all the 45+ Windows Mobile licensees and pushing them to accelerate their Android/Linux investments. Alienating your partners is not a good business practice.
4. Microsoft is not very good at building devices – XBox succeeded because it is a separate division with its own culture and in a different market. The Zune has not yet failed to capture a significant share of the market (even though it is a great product, I love mine). Hardware design is not one of the core competencies at Microsoft.
5. Microsoft has been touting the inefficiencies of a NOC, which I agree on. The iPhone, palm OS devices, Sony Ericsson, Nokia and other players licensing ActiveSync signal the death of middleware. It would be difficult for Microsoft to justify a platform based on a NOC model.
6. The culture is too different. The business model is too different. RIM’s model is fundamentally to please the wireless carriers, give carriers control (with the NOC) and support the carriers as the main channel in selling devices plus service. The Microsoft model is about giving IT organizations control, less middleware, and about partnering with multiple device manufacturers. RIM’s strategy is about controlling the user experience with a proprietary platform end to end while Microsoft’s strategy is to provide a platform on top of which device manufacturer partners, software developers, and carriers can innovate.

Let me clarify that while I used to work at Microsoft in the Windows Mobile team, I have no insight about these discussions at Microsoft. These are conversations that would happen a level or two above where I was.

My guess is that it won’t happen. But who knows? this is what makes the industry so interesting, anything could happen. Especially in this economic climate. It is reasonable to expect smaller, underfunded and companies who have lost significant market cap to be acquired by the big guns. Isn’ t it amazing that Microsoft could buy GM (at current market cap of $2.6B) with the equivalent of roughly two months of profits?

-Gerardo

Please welcome my Blog co-Author!

I am very excited to welcome Patrick Gilbert as the co-author for this blog. Patrick is a good friend, former business partner and more importantly an industry expert. He is currently President and CEO of www.4Smartphone.net which has diversified into www.4iPhone.net and others. He has been at the forefront of SaaS and mobile technologies including Hosted Exchange, Communicator and SharePoint.

Welcome Patrick!

Patrick Gilbert

How Apple Did It

When the iPhone was first announced, I remember exchanging many emails with industry colleagues -as many people did – speculating about the possibilities of Apple hitting the 10 million target that Steve Jobs set during the announcement.

Many emails were based on market research: how many people were buying phones at over $500 at the time, how big was the market for smartphones, etc. I was skeptical given the complexity of the software stack that powers a phone. Most of us had to eat our words.

How did Steve pull it off?

There are amny answers: articles and surely books are being written about it. I found a key piece today while reading a new book “Do you matter? how great design will make people love your company“. In this book, the authors explain how apple and other leading companies are design-driven and how most other companies are metrics-driven.

As a marketer and product marketer, many times I have had to justify my plans with market research: opportunity analysis, market sizing, CAGR (compound annual growth rate) numbers, etc. Most companies financial discipline require this type of financial justification based on hard data and require some kind of proof that an investment will yield results based on research, focus groups, etc.

Not at Apple. The key to design-driven companies is that they place significant value in customer experience. The company is aligned behind it. The problem with customer experience is that it is emotional, therefore not measurable. Steve Jobs has a knack for great design (in the broad sense of the word, meaning how to create products people love) and is able to pull it off because he runs the company and the board of director trusts his investments will pay off most of the time. Or at least he has a success ratio that allows the company to experiment.

If Steve had to justify the iPhone based on hard numbers, or if anyone at Motorola had envisioned the iPhone, they would have more than likely been shut down by senior managers because market research, hard data and market trends do not support the idea of a $600 first-generation smartphone selling 10 million units in the first 18 months.

Intersentingly enough, Motorola actually came up with the idea of the iPhone: they went to Apple and had to convince Jobs it was a good idea based on the fact you don’t leave your house without three things: car keys, cell phone and wallet. Everything esle is secondary. But I digress.

If this is a topic you are interested in, I highly recommend the book. It is written by Robert Brunner and Stweart Emery. I am half-way though but it is well worth it already.

Google Chrome – Advertising Replacement?

I was reading YAGA (Yet Another Google Article) about contextual advertising in Chrome when it clicked:

Back in 2000 I was working for a web applicantion server. One of our customers, a big well-recognized retailer, was thinking about starting their own ISP service (remember when you accessed the internet though a phone line?). The goal was not to  make money on the ISP service, but to subsidize ti to get very broad adoption and then use it as a marketing tool.

The idea – which I thought was brilliant at the time – was to have a server inspect every page being served to customers sing the service to browse the web, understand the context, and replace any banners being served in the pages with banners for the retailer that were contetually relevant. Basically, they would be replacing ads in any page the ISP customers visited with their own ads. The retailer was getting a free, contextually relevant advertising channel to their customer base. The guy who was thinking about this told me it ws perfectly legal. It sounded great but never materialized for reasons not relevant to this post.

Could Google do the same with Chrome? I expect Google to be capturing tons of customer behavior information from the browing history and no question they would use it to improve the targeting of their ads. This is pretty scary if you think an employee could be using Chrome to brose the company intranet or to access company confidential informatioon thorugh the browser and a subset of the data could be sent to Google.

But could Google replace any ads on the pages being browsed via Chrome with their own? for some reason, the idea that seemed really smart for a retailer now sounds pretty scary when I think of Google doing it. Is Google too big? Does Google already know too much about us?

Is this the end of the “Do no Evil” era for Google?

yesterday a coleague asked me what if I thought Microsoft is worried about Chrome. My answer was that I think Microsoft is paranoid of anything that Google does, that new browsers are much less of a threat for Microsoft than in the Netscape era when the internet threatened to make desktop-OS platforms irrelevant, and that Google sometimes seems to be playing blindfolded basketball.

But then I thought – the people who should be worried are the users. Google already collects incredible ammounts of information for each individual because of our reliance on search, and they own an incredible ammount of intelligence about the aggregate searches of the population in general. With Chrome, Google will get even more information about everything you do online beyond what you search for. Don’t be mistaken – Google is not a charity and is not investing in Chrome just to help advance the internet.

In fact, I was surprised to learn the license agreement for Chrome gives google absolute ownership of anything you create, post or submit via the browser.

“By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. “

With the paranoia going on around privacy, I am surprised Google can get away with something like this and that people have not paid more attention to the issue. Google started with a mission to index the world’s information. Now they want to own the world’s information. scary.

The Power Stuggle Between Carriers and Enterprises is an Incredible Opportunty

It is evident there is a gap between what enterprises would like to see and how carriers are serving business customers. Customer’s perception is that “Carriers do not understand Enterprise Mobility and are slowing adoption as a consequence” (actual quote from from a F500 customer).  Carriers want to protect their business and control the customer experience, especially in the U.S.

I don’t mean to be critical of carriers: every unmet customer opportunity is a business opporutnity. After all , the rule for a successful business is simple: give people what they want, make money, repeat. How is this an opporutnity: the carrier that is willing to listen to the market and adapt to the new world of enterprise mobility will have a significant competitive advantage. This change will require a change in perceptions, a strong determination for an unbiased understanding for enterprise customer needs and a bold business plan.

During the last few years, I have had the opportunity to work directly with many enterprise customers through executive brefings, executive summits, mobility workshops and many 1:1 interactions. Here is a summary of what I have heard:

Enterprises need CONTROL over Devices

–          To embark in large deployments, enterprises require more control over the devices they use. Customers would like to see carriers embracing the new world of enterprise mobility versus being over-protective. They need different strategies for retail versus enterprise. Three specific examples:

1.       Carriers are subtracting value by locking-out features that exist in many devices (i.e. GPS, WiFi, Windows Live Hotmail, VoIP).  Large companies do not care what are the carrier’s consumer strategy for up-selling apps like TeleNav.

 2.       Installed software should be kept to a minimum  (operator-specific/custom email (i.e. Xpressmail, VZEmail), home screen elements, TeleNav, demo games, etc.). 

·         A company deploying the same phone model across 30 countries does not want to deal with 30 different versions of the software for that single phone model.

·         In the PC world, this is why DELL launched the Vostro line of PCs without all the pre-installed utilities.

·         Different version of office, explorer and other components (i.e. remote desktop) makes deployment, application compatibility, support and planned upgrades very complex. Companies that want to standardize on a platform must track what software pieces are included in each phone model – and these sometimes change with a new software update!

·         Quote from a company deploying thousands of phones re: a new and very cool phone “We will not look at it because it does not have Office Mobile, which is our coporate standard”

3.       Customers would like to increase their ability to upgrade and downgrade the OS on a phone just like they do with PCs today. This represents large technical, legal and business challenges, here are a few ideas on how to get there:

·         Allowing customer to downgrade or upgrade from a software licensing perspective.

·         Providing tools for companies to do mass upgrades and updates – i.e. Volume licensing, corporate licensing agreements, enterprise deployment tools. In a large deployment, organizations cannot ask individual users to download software, accept license the agreement, install the software and maintain it thorugh upgrades.

4.       Carriers should retain control of Core OS telephony functions and release control of applications, configuration and other software on the device.

·         An example of how this works well is with 3G laptop modems – carrier only controls connectivity software with no influence over the OS or the apps that run on the laptop. the risk for malware and high data consumption is much larger on PCs with 3G cards than on PDAs and smartphones, yet the same carriers want to control everything on a smartphone.

5.       Companies prefer custom ROMs that include their software, configuration and preferences. A custom ROM has the advantage of simplifying setup, lower data costs, and more importantly, surviving a hard reset.

·         Large companies are used to buying from companies like Dell, Toshiba, HP and others who provide custom SKUs that  ship pre-loaded with a custom image specific to the customer. i.e. Dell has a number of Microsoft-specific SKUS that any MS employee can order.

·         HP is taking a big step here promoting custom ROMs for customers ordering as little as 200 units for devices like the iPAQ 910. Bravo.

6.       Enterprises need to have the confidence in the ability to apply upgrades or security patches as needed without having to rely on carrier schedules. Perfect example is the DST patch. Imagine coordinating a worldwide upgrade strategy that is carrier dependent.

Partnering through the Device Lifecycle

7.       Fortune 500 companies should participate in a beta during the Technical Acceptance process to test real-world applications and provide feedback that will result in improved quality and more confidence in deploying devices. They understand it is an unfinished product and will not form an opinion or hold the carrier liable based on a beta product. These companies start working with the core software that is mission critical for them (Windows Server, SQL, etc.) 18 months ahead of commercial release.

8.       Companies with large deployments want to have an opportunity to test a phone before it is commercially available. Worst case scenario is when an employee buys a phone at retail, expecting IT to support it, when the IT department has not heard about or has not had an opportunity to test.

9.       Managing accessories is becoming a nightmare. Carriers need to work with OEMs to set standards for power adapters, audio interfaces, etc. The PC world has matured and there are standards for keyboard/mouse interfaces, ISA slots for add-on cards, USB as a standard for connecting to peripherals. This simplifies dramatically the management of accessories, spare parts and support.

10.   Customers want more visibility into lifecycle of a phone:  Understanding what are the future upgrades that will become available and a 2 year commitment to provide OS upgrades for devices, maybe for a subset of a carrier’s portfolio.

12.   Always paying for subsidies – enterprises prefer a straight device cost with no subsidy. Obviously, a percentage of the monthly wireless cost goes to cover subsidy, yet after the 2 year commitment, the price does not go down and a customer continues paying for a subsidy that they are no longer benefiting from.

International

1.       International roaming is a requirement for global deployments.  AT&T’s 40Mb international data plan is a great step in the right direction and a big competitive advantage for any international company.  Sprint offers free roaming in Canada in Mexico, which again is an advantage for companies who operate in north America. Unfortunately, Sprint does not promote this very vocally.  There is no predictability of what the data cost will be when an employee travels overseas.

2.       Ideally would like a single global wireless contract. This is Nirvana and years away.  Yet companies like Vodafone/Verizon have a chance at making it happen.

ironically, the launch if the iPhone, with AT&T surrendering much of its control to Apple, might be the catalyst the industry needs to start evolcing into a more enterprise-friendly model. Verizon’s open initiative could be interesting but there are still many unkowns, and unfortunately CDMA devices are not very open by definition.

The carriers in the US have really smart people who are trying to do what is best for their customers (and shareholders). I know most of them are listening to the market and I am sure they are thinking about these problems today. Let’s see who is the first mover…

Thoughts on the Symbian Foundation

You may have seen the news that Nokia is buying the parts of Symbian that it did not own, to create a non-for-profit foundation that will offer the OS royalty-free and will open-source it later, unifying the multiple UIs that exist today. I read the announcement and some of the analysis online, which led me to a few observations:

–          I find it very respectable that Nokia recognized the fragmentation in the Symbian ecosystem and took bold steps to unify the platform. Obviously, the fragmentation across UIQ, Series 60, Series 80 and MOAP(S). Still, I am not sure there is a smooth transition plan, especially for the Japanese market, to go to S60.

 

–          It is very interesting that all current shareholders are committed to making the sale except for Samsung. According to the press release “Nokia also expects Samsung Electronics Co. Ltd. to accept the offer “.  Did they not have time to talk to Samsung about this, or was Samsung not very happy about it and they are being forced to sell?

 

–          UIQ will disappear: the foundation promises backward compatibility to Series 60 only, which means developers should stop any UIQ development and start porting their stuff to S60. UIQ just announced they are laying-off half of the staff. This is sad because UIQ was probably the best UI for Symbian.  I am sure Sony Ericsson and Motorola are not very happy to see the multi-million dollar investment they have made over the years in UIQ technology evaporating into thin air. People who invested in UIQ 3 must be frustrated it may never see the light of day.

 

–          As a consequence, Nokia is forcing Nokia and Sony Ericsson to make a decision about their 24-month Symbian roadmap. Their options are:

a)      Launch phones with end-of-life technology (UIQ), or

b)      Wait until the foundation produces the first release, which could be 2-3 years or more (until a phone is in market), or

c)       Switch to another mobile platform. Not really a switch because both already have Windows Mobile and Motorola has significant experience with Linux

 

–          I understand the move to consolidate. But why make Symbian royalty free and why make it open source?  I believe many software companies donate their technologies to Open Source as an exit strategy whey they don’t see a profitable business opportunity in them. I made a controversial post on my old blog about this not too long ago.Nokia may be doing it to demonstrate openness for a technology they own but which they want partners and competitors to adopt.

 

–          The new foundation will have a board of directors and a number of councils to drive architectural, UI and platform decisions. How this works in practice will be critical for the success of the platform. Nokia could (or could be perceived to) have too much control over the platform which will obviously not be taken well by competing device manufacturers. The alternative could be worse: technologies driven by a committee usually go nowhere. The best example is J2ME. The Java Community process has been incredibly ineffective. To illustrate: back in 2001 I was very close to the launch of MIDP 2.0. Fast forward to 2008, the latest version of the MIDP specification is still 2.0.  I was very close to the Java Community Process and I saw major vendors trying to push their agendas in most JSRs. As a consequence, the committee had to compromise, approving specs based on lowest-common denominators. Getting any JSR approved took years in some cases, even for simple things like the vibration API for games.

 

–          Another key question will be the business model behind Symbian. On one side, the business model behind Linux is clear: there is none, most contributions are voluntary, companies usually make money on services (i.e. support). On the other side, commercial operating systems like Windows Mobile have a clear business model as well: there is a license per phone sold. The Symbian Foundation will have a hybrid model where there is no license revenue but Symbian will be the sole provider of funding for engineering, support, marketing, etc.  How much will Nokia continue investing over time?

 

–          Royalty Free does not equal cost-free. I expect some pressure for Windows Mobile, but the cost of the OS license is not as significant as people believe. The engineering cost to create a device is in the millions and millions of dollars. Android device manufacturers are experiencing this first-hand.  In this hyper-competitive market OEMs will question why they would continue investing in a technology owned by their biggest competitor.

 

–          While the move by Nokia consolidates the Symbian operating system, it further fragments the royalty-free and open-source mobile OS industry. Now you will have Symbian, LiMo, Open Moko, Android,and other more obscure Linux-based Operating Systems. I don’t think there is room for so many. Is this UNIX all over again?

 

–          For developers, open-sourcing will be attractive, mostly from a perception perspective as most won’t have the skills or the time to analyze and understand a subset of the 7 million lines of code that Nokia will open-source. While SDK will be free, the tools might not: the Carbide C++ Professional Edition development tools are being sold for 1299 Euros.

 

–          One possibility could be the move represents Nokia bailing out the other major Symbian partners that jumped into the business with them through this $400 million buyout.  Iam sure there were interesting executive conversations in Espoo about spending $400 million to buy a technology that will be free and which will require continued investment. The $400 million investment should be roughly the equivalent of two years of license payments at the current rate Nokia was paying Symbian. Still, Nokia still must invest significant resources to the foundation ad-infinitum. Foundation membership is only $1,500.

A couple lst thoughts notes:

Symbian is a very mature and powerful operating system. I remember when we launched CodeWarrior for Symbian (before it was sold to Nokia and renamed carbide) in early 2002 and later helped Sony Ericsson build a developer community around the P800. It is a good OS. Architecturally, it is very solid – years ahead of the Blackberry OS 4.5 and other new operating systems. From a technology perspective, it is a very viable OS today.

Don’t be misled by the numbers touted by Nokia: surely millions and millions of phones ship with Symbian. But are these really smart phones? They are from a capabilities perspective. In my experience, a very large percentage of Symbian-based phone owners are not aware that their phone is “smart”, do not know it runs Symbian and/or do not use it as a smart phone. It’s like Sun claiming victory with over a billion J2ME phones: most of the users will never be aware and will never use a J2ME app. In other words, the fact these phones have J2ME is irrelevant. The same can be said for most Linux phones, which are not smart phones – Linux is merely replacing an RTOS.

Conclusion: This is a very interesting move from Nokia that will have significant implications in the market overall. The key questions are Nokia’s ongoing investment in the foundation without a solid business model behind Symbian and the balance Nokia will have to find between having too much control over Symbian versus a committee-driven process that inhibits innovation.

Fun times. I love this industry.

the iPhone and IT policies

The announcement of the 3G iPhone has re-surfaced the tension between users and IT organizations because the iPhone is a cool phone that can connect to Exchange email. For IT, cool does not have a lot of value. Yes, it works with Exchange, but it also has a number of drawbacks: unproven security model, almost no business applications, limited implementation of ActiveSync mobile applications, locked to one carrier and two year contracts. All this with no upside for IT of from a business perspective: there is nothing you can do on an iPhone that you cannot do with a Windows Mobile device. But this is getting into my next post, where I will compare iPhone and Windows Mobile for enterprise mobility.

In many organizations there will be a very volcal group of users that want iPhones (sometimes executives) and an IT organization that does not trust the iPhone as an enterprise device and does not (for the most part) trust Apple as a credible provider of enterprise technology.

The success rate will depend on two main factors: how bad do top executives want to use iPhones and most importantly, how strict or controlling is your IT department.

In my experience, there are a few IT departments that have very loose policies, a practice of trusting users and reactive incident control. On the other side of the spectrum there are organizations that will only allow employees to use company-issued laptops, will not allow any non-approved third-party applications to run on it, will probably require two factor authentication (Secure ID or smart card usually) when accessing any resources remotely and will require encryption of all confidential information at rest. I used to work at Motorola who was like this (for example, all files ont he intranet must be categorized based on their level of confidentiality). Microsoft, on the other hand, was leaning towards the trusting/freedom end of the spectrum.

It organizations will lean towards being protective/controlling either because of parania or because of one of many good reasons: the need to handle highly-sensitive confidential information (i.e. military, law firms, or banks), need to comply with government regulations (like HIPAA or SOX), or because they have had bad incidents in the past.

What is important is that IT organizations:

1. Define what are the security and information protection policies,
2. Explain the business reasons behind them,
3. Get executive-level buy-in for the policies and the authority for enforcing them
4. Communicates to all employees and enforces the policies regardless of type of device being used

The last point is really important. Not too long ago I was sitting with a group of people from the IT department of a Fortune 500 company who were asking if a mobile platform provided for encryption of data at rest. Before answering the question directly, I asked what was the company policy for enforcing encryption on laptops and other devices. The answer: there was none.

I contiued to explain that it made no sense to have a different policy based ont he type of device. First, the line between mobile devices and laptops is blurring: compare the Macbook Air and other mini PCs with an HTC Advantage or a Windows Mobile device with a Celio Redfly.

Second, at any given point in time there were probably dozens if not hundreds of company laptops in rental cars, hotels and other public places where they could be stolen. Most people with medium-level technical skills know how to take a hard drive from a laptop and connect it to a desktop computer where they would get access to gigabytes of information.  My phone is protected with a pin password, which combined with the wipe policies (local, self or remote) make it very hard for a would-be information thief: they would have to immediatelly turn the unit off to avoid a wipe, disassemble the phone, separate the memory fromt he surface-mount board (which is almost impossible), download the content to a PC using EPROM reader or electronic oscilator, figure out the file system and access the information. McGyver maybe could have done it in his good days.

For most spies or information thieves, it would be so much easier to go to the garbage dump in the back of the building to get access to the information they want. Which brings me to my last point: Users are the weakest link. Two stories to illustrate:

A government official in Europe was sitting next to a colleague. He was reading a lot of emails – in hard-copy, paper. The government person explained his organization had very strict IT rules which prevented them from using any mobile device, so he printed his emails to read them on planes. Imagine if he lost a page or two, or if  any of these government employees were to forget his emails on a place (people forget books, glasses, laptops and may items tht could be considered more important). There is no security to protect paper. At least not yet. Well, at Microsoft they use so many acronyms that people would have a hard–time understanding any MS-speak.

The second story iread in eWeek I believe. A security consulting firm was challenged by an IT director who believed his systems were absolutely secure. Using social engineering, the very next day they appeared at the fron desk claiming to be on a very important project and requesting temporary badges. They were supposed to work for someone the agency had learned was on vacation, so the front-desk could not confirm their claims. After a few minutes, they proceeded to provide them a badge. During the process, the security offer asked casually if they would be needing access to the company data center. Once they were in the server room, they had full access to all the information in the company. A visit to the CEO’s administrative office during the weekend provided the CEO’s password – on a post-it note under the keyboard, and the key to the CEO’s office in the main drawer. Unfortunately, this scenario could happen in most companies today.

The bottom line: if there is a good reason to enforce security policies in the company and the organization values the confidentiality of their information as well as customer data, a cool gadget is not a good reason to bend or ignore those rules. In fact, it may be against the law.