By Charles King, Pund-IT, Inc. September 8, 2014
Apple typically dominates the news during the days leading up to a major new iPhone launch but last week’s headlines were probably far from what the company planned or hoped for. While any security breach begets severe headaches for vendors, dealing with the fallout of high-profile victims, including recently-minted Oscar winner Jennifer Lawrence, Kirsten Dunst and Kate Upton having their intimate photos stolen and posted online for all to see pushes the pain into nuclear migraine territory.
This confluence of events may be one of the reasons Apple’s response seemed so ham-handed. From the oddly self-congratulatory “40 hour” investigation the company claimed exonerated it of all wrongdoing to CEO Tim Cook’s carefully legalistic “nothing’s broke but we’re going to fix it anyway” apologia in an interview with the Wall Street Journal, Apple’s response seemed deeply off the mark. That’s especially the case since it looks like a combination of established iCloud policies and known yet tardily repaired flaws made it far easier than it should have been for the thieves to hack their victims’ iPhones.
But as my colleague Rob Enderle noted in his commentary on the events, Apple has never been a company that takes criticism terribly well. Instead, it tends to vocally deny that problems exist, then settles quietly with aggrieved customers (see the iPhone “antennagate” bumbling for an example). That is a serious problem given the enterprise-centric strategy behind the company’s recently announced partnership with IBM. Why? Because while putting Cook on camera may be enough to placate Apple’s diehard consumer customers, businesses are considerably more demanding, and with very good reason.
The Enterprise Difference
Before jumping into why businesses are and should be concerned about Jennifer Lawrence’s embarrassment, consider first the position of the iPhone in most companies. The fact is that Apple pretty much changed the game in mobile business communications; wrecking the market carefully built by BlackBerry and ushering in the “bring your own device” (BYOD) revolution. In fact, crafting a BYOD strategy only became a necessity after executives demanded that IT support their shiny new iPhones (and, eventually, iPads) in corporate networks and IT processes.
That has never been easy and, in fact, due to the security shortcomings of iPhone and other smart phones, it’s unsustainable in organizations where security is a paramount concern. That’s the reason you continue to see high profile politicians and executives still using their trusty BlackBerries which, dowdy though they may be, continue to deliver levels of security that Apple and other vendors can only dream of.
Today, a primary concern for enterprises is that security threats are growing, not shrinking, and that mobile devices pose an increasing risk threat. The reason for their fear is pretty simple—businesses have plenty of valuable information to lose, ranging from unique intellectual property (IP) to competitive market and sales data. That’s the reason these same companies are being subjected to increasingly sophisticated, elaborate corporate espionage by hackers whose sponsors include competitors, organized crime and foreign governmental agencies.
It’s unlikely that many businesses care much about the leaked private photos of young celebrities. In fact, some in the entertainment industry are likely trying to leverage the event for its PR value. But the last thing that the vast majority of enterprises need just now is evidence that the iPhones their executives and managers tote around are inherently insecure. And the possibility that thieves might publicly post embarrassing documents or photos they steal from business phones isn’t the real problem.
A far larger and more dangerous issue is whether phones have already been hacked and are being used to surreptitiously funnel valuable data away from users and organizations. This data isn’t ever likely to be posted publicly. In fact, like all good spies, the success of hackers conducting corporate espionage is measured by how few people know that it’s taking place. But that’s a critical point for victims who, like people unaware that they are suffering from cancer, are unlikely to seek treatment and regain their health.
That’s why Tim Cook’s response to the current hack seemed so underwhelming. Instead of using his interview to underscore Apple’s understanding of the situation’s gravity and clarify how it would pursue more aggressive and effective security practices, he simply borrowed a well-worn page from Blunder Management 101. That won’t cut it with many or most CIOs who, we expect, have already ordered reviews of how employees’ iPhones are being secured and managed within their organizations. If they aren’t, they could be placing their companies’ security and their own jobs in jeopardy.
Though Apple is handling this situation with less dexterity and gravitas than it might warrant, the cause is not lost. In fact, the company’s partnership with IBM could and should provide Apple valuable insights into understanding and working with 21st century enterprises. It’s hard to think of any other vendor besides IBM with the experience and street cred necessary to accomplish the task, and Apple would do well to look to its new partner for guidance on getting into the good graces of business customers.
But whether that will happen is anyone’s guess. Apple has achieved much of its enormous success without seeking outside counsel and, I expect, there are many in the company’s executive corps and on Apple’s board who believe that playing the game it always has will be enough to see the company through these latest difficulties. If that is the case, we expect vendors with a greater understanding of enterprise customers’ security concerns and expectations will be happy to pick-up and run with the ball Apple fumbles.
© 2014 Pund-IT, Inc. All rights reserved.