Making the Cloud Safe for Consumers: Time for Apple To Step Up [Updated]

iCloud illoThis has been the Year of the Cloud.  Apple, Microsoft, and Google, the three companies that matter most to consumers, have all been rushing headlong to establish personal clouds that will link consumers’ data across multiple devices, making it available anywhere, any time. What could possibly go wrong?

We learned the answer in dramatic fashion this week when a hacker, apparently just out for kicks, wreaked havoc on the digital life of journalist Mat Honan, wiping his iPhone, iPad, and MacBook, deleting data from his iCloud and Google Apps accounts, and sending out a stream of ugly tweets from the account of his former employer, Gizmodo. Honan’s Wired account of just what happened and how is long but well worth reading.

A watershed event. It’s rare that a single incident marks a true tech watershed, but this may well be one. The personal cloud is definitely looking like the Next Big Thing. But the problems raised for cloud purveyors including Microsoft, Google, and above all, Apple are not just issues of public relations or marketing. They are going to have to make some real changes to assure safety.

Apple bears the biggest initial burden because of the ease with which the still unidentified attacker winkled Honan’s password out of Apple technical support and the company’s utterly incompetent handling of the issue once Honan discovered his problem. (Amazon played a relatively small but critical role in the attack, which relied entirely on social engineering rather than a technical assault. Wired Gadget Lab reports  that Amazon has quietly plugged the hole.) But Apple, as it its wont, has remained stonily silent on the matter. According to Gadget Lab,  Apple appears to have shut down telephone iTunes password resets, the crucial point of attack against Honan, but the company has announced no policy changes.

UPDATE: Apple spokesperson Natalie Kerris confirms that the company has stopped providing password resets over the phone. It plans to resume the service at some unspecified point in the future, but when it does so, users will be required to provide stronger authentication.

By his own admission, Honan made several serious mistakes in this episode, the most serious being the way he linked his Apple iTunes, iCloud, and Google accounts. That allowed a successful attack on one to be used against all. But if a savvy and experienced tech journalist couldn’t get this right, how much greater is the risk for the average consumer? Apple all but forces you to use the same username and password for iTunes and iCloud; the password you use to secure 99¢ song purchases can open the way to someone wiping out the data on a Mac.

Friction isn’t always bad. Apple’s goal in setting up iCloud was clearly to make transactions of all sorts as frictionless as possible. But friction is by no means always a bad thing, especially when it slows down an attackers. There is nearly always a tradeoff between convenience and security, and its clear that the dial is going to have to be turned toward security.

Keeping the focus on iTunes/iCloud, iTunes itself does not require a very high security barrier. Although you have a credit card on file, it’s hard for an attacker to buy very much very quickly. The main change needed is that Apple should greatly speed up the process of sending email purchase notifications. On Amazon these are nearly instantaneous, but I sometimes don’t get iTunes Store or App Store notifications until a day after the transaction. Your best protection is to get immediate notice if someone is making unauthorized use of your accounts.

Changing account settings, especially the email address associated with the account, should require a much higher level of protection, as does access to any iCloud data and the Find My Mac, iPhone, and iPad features. These features are used infrequently, and introducing a little, or better yet, a lot of friction will provide protection with minimal inconvenience. And password recovery procedures need a top-to-bottom reconstruction. For example, an individual who cannot produce acceptable credentials online or on the phone might be required to go to an Apple Store with government-issued ID and a credit card to establish identity. Yes, it is inconvenient; it’s supposed to be. (In Honan’s case, stronger passwords would not have helped in the least since the attacker was able to obtain his password.)

Unintended consequences. Another issue the industry as a whole has to come to grips with is unexpected interactions among different cloud services. This is an old and very difficult problem in security. Amazon’s policy on revealing information on existing credit cards when you entered a new one was mildly dumb. But combined with a totally unrelated Apple policy that let anyone use the last four digits of a credit card number to recover an iTunes password, it became catastrophic. Honan thought linking iCloud to Google was an innocent choice, but it, too, proved to have disastrous consequences.

The personal cloud is far too valuable to put it at risk through stupid security practices like those that clobbered Honan. It’s time for the services to take the lead and fix the problems in a public and transparent way (I’m looking at you, Apple.)

Final bit of advice to users: Honan says his biggest regret in this episode was the loss of photos of his child’s first year. As useful as the cloud is, it is no substitute for a secure local backup or backup to a dedicated service. Sync is great, but it is not backup. You should understand how different sync services work. I’m a big fan of SugarSync, which not only stores data in the cloud but, for important files, creates up-to-date local copies of files on multiple PCs. For important data, a belt, and suspenders, and maybe a second belt isn’t too much.


A Digital Insider Scoffs at Townshend

As an industry insider – on way more than one level – it’s hard to take Pete Townshend’s comments as anything more than another great artist railing at the system.  Look, in the end, we all have to admit that the system is broken.  That’s one thing that Townshend got right in that interview.  After that?  Well, it’s all up for debate.  But the fact that the debate was called to the floor again, that’s a good thing.

Let’s look at what he probably got wrong.  Apple is not the villain here.  In fact, probably the opposite.  Apple is responsible for 75% of all LEGAL music downloads.  And there’s no way that this makes them a vampire.  It makes them a hero, of sorts.  By creating a closed system, where one download went to ONE machine, Apple stopped the bleeding of way more than royalties. It addressed a cultural shift that it was OKAY to steal music.  “Sharing.”  So there’s something else that Townshend got right in that interview.  Stealing and sharing are not the same thing – and the mere idea that music should be free is an utter insult to the millions of people who give their lives to create it.

I should disclose here that I was part of Apple way back when and helped launch digital music before it broke wide open, but my 13+ years in digital consultancy have certainly shown me every side of this equation (and argument).

Whether or not music should be free has gone where it belongs. It’s gone to artist-controlled DIY.  DIY creation and DIY distribution. The indie artists have unlocked the code.  Give away great material to build a tribe, and get that tribe to adore you.  They’ll show up with the money, for sure, but only after the love affair has begun.

Here’s the other problem with Pete’s point of view – it assumes that Apple controls the digital distribution industry, and quite simply, it does not.  In the world of Spotify and MusicShark and locker systems, Apple is only one giant float in the parade.  Let’s clarify, they may even be leading the parade, but after a brief initial claim to the universe, way back when, they’re far from alone.  Having said that, it’s obvious that the consumer, overall, loves Apple.  Quite simply, in the words of futurist Gerd Leonhard, it’s easy.  It’s a plug and go solution.  It meets busy consumers where they want to be met, and serving the consumer IS the end game on the business side of music (and anything digital).

The artistic side?  Producing great content and hiring mentors to aide and abet that?  I wish I could ask Townshend why that is at all iTunes’ responsibility.  That is a model that we see fading at every label, sadly (& that’s me wearing my hat as a former A&R exec at one of the majors).  From this insider’s viewpoint, however, it will fade, but not die.  There is a space for grooming artists, from a label’s point of view – otherwise we end up with the music industry’s version of Yentl for every project.  (The same Editor, Producer, Writer and Actress, if you needed me to spell out that comparison.)  Without label support, bands have limited objectivity of their work, at best.  But we KNOW what percentage of artists get signed.  So this new world of digital DIY is an amazing opportunity for artist AND consumer. Which brings us to Townshend’s issue with gatekeepers – one that social media and DIY will summarily trump, given enough time. Spaces like iLIke and Facebook will level the playing field.

Finally, it’s NOT Apple’s job to bridge the gap between labels and DIY. They are, like it or not, a retailer.  Why should they be expected to fix what’s broken in music?  The business model for direct sales/acquisition of recorded music in the traditional sense is collapsing.

But with all of the GREAT minds in the digital and music space, of course we’ll find a new model.  Music does far more than soothe the savage breast, it is the most vital language of unification.  Ask the millions of Chinese listening to Gaga or Beiber – or just look at the worldwide recognition of Mozart.  Or the global domination of Idol.

Yes, there are definitely parts of the foundation with cracks, or worse, but I have full confidence from my life experience of consulting with the industry leaders and artists, that we’ll find a new and more powerful model to propel us forward. Until then, in the immortal words of Sonny and Cher, the beat goes on.

Kelli Richards
The All Access Group, LLC


iTunes and Consumer Share of Wallet

I recently read an interesting article in the Harvard Business Review which proposed a theory that consumers give more share of their wallet (money) to brands they rank highly.

The premise of the article was that companies need to focus more on their brand identity in the minds of consumers if they want to command more share of consumers wallets.

I’ve had a similar theory but it wasn’t related to brand loyalty, although that makes sense, but more directly tied to a brands ability to be sticky.

Granted, I am looking at this as it relates to the technology industry where the HBR article was focusing more broadly.

From a technology industry perspective, companies who have more sticky solutions have a higher chance of maintaining or growing consumer share of wallet.

To test my theory I researched and then plotted out my own annual spending in iTunes. I figured I was as good a test as any since I have used iTunes since the beginning in 2003. And I believe Apple has created one of the more sticky ecosystems on the market.

Take a look at the chart below which we will call exhibit A.

If you notice my annual spending in iTunes either stayed steady or grew on an annual basis. As Apple introduced more products into their ecosystem both in terms of hardware, new forms of media, and then apps, my iTunes spending went up significantly.

Once I was committed to the Apple ecosystem and as Apple provided me with more value as a part of that ecosystem; they continued to get a steady share of my wallet.

There are some essential points to understand as a part of this theory. First of all, I may very well spend more than most people in iTunes but I would still argue that annual iTunes spends would stay steady or grow the longer a consumer is in the Apple ecosystem.

Second, the more products or “touch points” in that ecosystem either owned by a consumer, or by a family, contributes to the ecosystem loyalty as well as the overall opportunities to spend money.

Of course brand is important and plays a role but perhaps not quite as much as the HBR article points out–or at least not as much in realm of tech.

For example, if brand was directly tied to share of wallet then Google or Microsoft for that matter would have a larger share of wallet. I use those brands as an example because they are both ranked on the top 10 list of brands, both ahead of Apple according to InterBrand.

I would argue, more important than brand in the mind of consumers is brand trust when it comes to share of wallet–especially in tech.

The most important observation about this theory of brand loyalty equalling share of wallet in my test is that the obvious first step is to get consumers into the brand ecosystem so that brand can compete for share of wallet.

In retail for example the common saying is “the first step is to get the consumer in the door.”

For Apple they got consumers in the door with the iPod,then iPhone, iPad etc. This strategy continues as they offer more products at attractive price points which continue to get consumers into Apple’s door and more importantly into Apple’s ecosystem.

Amazon has a similar strategy with the Kindle and now the Kindle Fire. These products, or screens, are the things that get consumers into the door and into the Amazon ecosystem. Amazon wants to provide as many touch points as possible for consumers to utilize their retail services.

Similar to my iTunes spend history I would be willing to bet that folks who examine their Amazon history find a similar pattern. Namely that the longer you are committed to that service the more your annual spending goes up.

In both my examples Amazon and Apple have a strong share of consumer wallet. Companies like Google and Facebook and others who want to drive commerce are having a harder time–even though they have strong brand rank in the minds of consumers. This is because they lack consumer trust.

Companies who want to own a larger share of wallet need to create compelling products that get consumers into their door. Continue to create a trusted brand experience with their products, offer a vast array of products or services, is a sound strategy to keep consumers loyal to their ecosystems.

Apple’s iCloud Will Be Great for Families

As the dust has settled from Apple’s WWDC Keynote and iCloud announcement, I have taken some time to reflect on the full implications of iCloud. One of the conculsions I have reached is that there is not just a great deal of value for individual consumers but also for families.

iCloud will be the glue that ties all of a consumers Apple products together. What’s more is that it will be the glue that will tie all of a families Apple products together.
Continue reading Apple’s iCloud Will Be Great for Families

The Amazon Tablet Opportunity Could Be Huge

I have fielded a lot of questions recently regarding the rumors of Amazon making a tablet of their own to bring to market. Right off the bat there is enough data out there to support this rumor, so I am certain Amazon is bringing a full featured tablet to market.

I make the distinction of full featured tablet because of the rise of the term “feature” tablet. The current Kindle as well as the B&N Nook Color are examples of feature tablets. A feature tablet is a tablet that focuses just on certain features like e-reading, navigation, gaming etc. Where a full featured tablet is a more general purpose than feature specific device.
Continue reading The Amazon Tablet Opportunity Could Be Huge

Why Apple Has a Strong Competitive Advantage

One of the primary things about being an effective technology industry analyst is that I have to clearly communicate our perspectives about the technology industry as a whole to my firms clients. This requires more than just the regurgitation of information as we gather it in the field. It requires explaining more fundamental elements of what is happening and why. It is because of this that we seem to get one question common to many of the companies that we speak with and provide services to. That question is: “Why is Apple doing so well and what can we do to compete?”
Continue reading Why Apple Has a Strong Competitive Advantage