There can be no doubt that Google’s announcement last week, that its Chrome OS would ship late next year, was timed to distract from Microsoft’s expected announcement this week of Windows 7’s release to manufacturing (RTM). And even though any significant adoption of Chrome OS will take several years, Google’s announcement has proven to be a cleverly timed distraction in terms of internet buzz generation, causing tech writers and bloggers to spend page space on Chrome OS that might otherwise have been spent on the new Windows release.

BusinessWeek makes the point that Google’s announcement also serves as a reminder to the IT community – and to Microsoft – that computing is moving into the cloud. For certain types of users, the browser, and the latest generation of online productivity and social networking applications, is sufficient. The industry seems to be moving toward a world where very few “thick” client applications are needed, since comparable functionality will be available online.

On the other hand, I think we’re pretty far from that. How many businesses use online point-of-sale, office/productivity, or accounting apps for core operations? How many run SAP or Oracle in the cloud? Not too many, seems to me. And while I perceive great pressure among customers to move in that direction – with the anticipated cheaper licensing, deployment, and maintenance costs – there are some significant barriers.

The foremost such barrier is confidentiality. Licensing issues aside, SAP and Oracle aren’t run in the cloud because the technology, regulations, and laws aren’t yet in place for that sensitive business-critical data to live offsite. And the same applies to many every-day office apps and the data consumed by them. Can you imagine a public company storing next quarter’s sales forecasts on a shared virtual hard drive, in some unknown physical location, owned and operated by another company? I can’t, although I admit that the equation is very different for smaller firms (for example, the customers of salesforce.com have clearly faced this tradeoff and decided that offsite storage of sensitive data is an acceptable risk).

Indeed, a lot of the buzz around Chrome OS has centered on its anticipated utility for and uptake by internet start-ups. This is in fact highly likely, if Chrome OS allows “thick client” applications (for example, Eclipse) to be installed and run, and if those apps already run on Linux.

But will Chrome OS be more secure than, say, the more locked-down versions of BSD are today? No, especially if Chrome OS isn’t based on BSD. (As an aside, that point is unclear to me, since I thought at least some of Google’s core operations used BSD, and it would thus be the logical choice for a supposedly very secure new OS. But the announcements have all said Linux, which in theory implies non-BSD plumbing.)

Will Chrome OS be less susceptible to viruses than Windows 7? Almost certainly; hackers go after the highest value targets.

But that’s missing the point, especially since Chrome OS is supposedly all about the browser experience (and the paranoid have always had more secure, albeit fringe, options – see reference to BSD, above). After all, who’s going to use a browser that doesn’t support Flash and JavaScript, even though both technologies are notorious for security bugs (regardless of the platform)? And if Google has a technology that dramatically reduces user susceptibility to phishing attacks, they should (and probably would) release it right now, not wait until next year. Otherwise, from the perspective of the browser-based attack surface afforded by the typical web user, it’s not clear what significant improvements are being made by any vendor, let alone Google.

No Comments »