The Cloud Completes the Connected Experience

Owners of iPhones are probably tired of hearing all the AT&T “network issues”, dropped calls, or other user experience degrading issues. I’m certain AT&T is also tired of hearing the complaints. I know the customer service agent who took my call last week had a fair bit of experience with iPhone customers calling in to complain. But this post is not yet-another bitchfest about AT&T’s network or how I love the iPhone…except for the phone! In experiencing the stellar experience with the iPhone platform and its extreme dependence on the network, I’m reminded of just how important the carrier experience is for the overall positive user experience.

Google’s CEO, Eric Schmidt, agrees with this. He delivered an engaging keynote appearance at Mobile World Congress stating the importance of the cloud, i.e. operator network, in the device and application experience.

“We feel very strongly that we depend on the successful business of operators globally,” he said. “We need advanced, sophisticated networks.”

Eric was reacting to an audience member’s statement that Google would basically make the operator network a “dumb pipe” and all the value would be over-the-top. But I disagree with this mindset. The connected experience that we are increasingly engaging with our smartphones, app stores, data, and social media would incur a tremendous amount of friction and dissatisfaction without the right networks in place and operating properly. Good session and roaming management will yield great experiences to end users, and that results in sticky, ARPU-rich subscriptions to all kinds of services and applications.

“Applications are sharing-intensive, and the cloud is all about sharing and replication,” Schmidt explained. “An application that does not leverage the power of the cloud is not going to wow anybody.”

It’s hard to find a successful application on an iPhone or Android device that does not have some sort of persistent or recurring network connection. Whether it’s location, gaming, messaging or productivity, the application experience is enriched with a great network. It seems that I’m stating the obvious however the notion of Over-The-Top has been on the minds and desired of users and application developers ever since the first walled garden went in place. Yes, many mobile computing platforms will have a variety of applications on them and accessing services in the cloud that are relatively transparent to the billing platform of the wireless operator (maybe the application specifics, but not the bits). The ultimate Always Connected User Experience will happen only with the integration and cooperation of the end-to-end value chain elements. This includes the pipes!

Cellphone ‘o Cellphone, Where Art Thou?

ABI Research recently conducted a survey on the security issues of mobile voice calling. Specifically the concern that cellular voice calls can be either intercepted and decoded, or that the cellphones themselves can be infected and infiltrated with malware that can render it remotely accessible by a hacker or someone who wants to eavesdrop on conversations.

In Dark Reading, an article titled Most Enterprises Ignoring Mobile Voice Security, discusses the findings of the survey from ABI. It states that while mobile voice interception and its vulnerabilities are a high concern to the people surveyed, only 18% of respondents have actually implemented mobile voice encryption. One of the key triggers to this concern seems to be around the announced cracking of the A5/1 encryption for GSM voice from a hacker conference earlier this year. In addition, there will be equipment in the sub-$1000 range available to intercept and decode the over-the-air conversations.

I think there will be issues in the deployment of end-to-end mobile voice encryption.

1) The link layer encryption and authentication protocols will be in place and heavily invested by the carriers and handset OEMs.
2) Additional application layer encryption must be resident and match both ends of a voice conversation, especially in a cell-to-cell call. This will be a challenge given the plethora of handset OEMs and the additional plethora of handset models and OS variants they support.
3) The user experience will need to be completely transparent, including all the key exchange and mgmt. If the user has to doing anything more than pick the number and press Send, there will be significant user dissatisfaction. Ultimately the user just wants to have a call, not worry about security or encryption.

It seems to me that the true security concerns do in fact lay in the shoulders of the enterprise as the report states. The enterprise, whether a govt agency or a corporation, has sensitive information and communications that they can allow to be exposed due to regulatory or governmental policies, or even national security. Until the technology completely solves itself, evolves, and becomes easy to use and pervasive enough to be fully relied upon, all enterprises with this concern need to take the following measures.

A) Identify the physical areas throughout your offices and locations that represent the greatest threat if information or communications at those locations were to leak.
B) Implement a No Cellphone policy at those sensitive locations. They might include boardrooms, trading floors, stock exchanges, classified information facilities, call centers, security operations centers, executive offices or suites, etc.
C) Deploy a Cellular Location and Analytics system or service, such as from AirPatrol Corp., to detect, locate, and perform detailed analytics within a geo-fenced environment, i.e. the sensitive areas. This system can be deployed as an in-house system or service for 24×7 monitoring. Or can be selected as a one-time vulnerability assessment to take a snapshot over a short period to see how bad the problem may be.

At the end of the day, the enterprise needs to do what they can do. There will be an awful lot they won’t get the wireless operators to do for them. Security is most definitely one of those things (the enterprise services “SI” part of a carrier corporation notwithstanding). Security adds friction to increasing ARPU. The enterprise needs to take ownership over everything occurring within the confines of their domain.

Do you agree with this? Would love to get point and counterpoint on this topic.