Many Apple observers like to talk about how Apple has lost its innovative edge, how Tim Cook can't carry on without Steve Jobs, how Apple has lost market share in tablets and smartphones and other various and sundry items of complaint. But what would really damage Apple is a breach of the company's Apple ID accounts and credit card data. The planet would rock on its axis.
The recent eBay hack and the Target incident before that got me thinking about Apple, how fortunate the company has been, the lengths Apple must go to secure its servers, the example it sets, and what the result would be of hacking Apple.
First, we know that giant companies that have information about us, our history of purchases and credit card numbers on file like Amazon and Apple, have to take extraordinary measures and be especially adept at defensive tactics. One small mistake amidst a daily multitude of assaults is all it takes to fail.
For example, I've been told that Oracle has developed an especially secure database system in which, among other things, the front end application servers are isolated from the back end database servers. It's an expensive system — not one, perhaps, every company trusted by us thinks it can afford.
Another essential is a realtime threat center. Graybeards and other experienced UNIX and security professionals are required to build analytics so that both the machines and the humans, working in concert, can watch for assaults or, in some cases, unusual pre-attack activity.
This goes counter to the current atmosphere in business, from what I've seen, to minimize costs and hire less experienced people who can't expect to earn much. In the case of corporate Internet security, wise CEOs and CTOs know that won't work.
Because every large tech company wants the privilege of having a lot of information about us, they become juicy targets and are faced with significant costs, costs they should be as eager to pay as what they pay for golden parachutes. The CEO of Target recently lost his job because of what happened to his company last year. His punishment? About US $61 million in total compensation.
For this reason, I think there's a juicy sweet spot in the middle where companies that aspire to bigger things have not yet developed a robust security architecture. Executives get very focused on temporary success and compensating themselves for it to the extent that money is rolled up to them and away from an essential security architecture.
In turn, the difficulty we as customers face is that no company likes to reveal the extent and sophistication (or lack thereof) of its security measures, and so when we sign up for accounts, all we see is a statement of how the company would like to secure our privacy. We don't actually get to size them up technically. We cross our fingers.
The result is that customers, by default, have to trust a company until it fails, and then it's too late. In some cases, their services make them too big and too essential to fail.
Plus, in this interconnected, highly socialized technical era, every company believes that the best way to offer a service, even some hardware, is that the customer must first sign up for a supporting online account. It's hard to avoid and, perhaps, mostly inadvisable for smaller, less well funded companies to approach business that way. Yet, the practice endures.
There's an old pilot's adage. "There are only two kinds of pilots: those who have landed with the gear up and those who are going to." One might think the same applies to companies that have massive customer data and think they'll never be hacked. But it's only a matter of time for many who don't commit the extraordinary funding and measures needed to protect their customers.
Back to Apple. It appears that Apple is about the business of setting up a next genration payments system that could be very disruptive. If Apple were to suffer a major hack of its systems, not only would that effort collapse, but Apple would be under enormous attack and quite deservedly. It wouldn't be at all like the lame fantasies we read about these days criticizing Apple for one small thing or another. The shockwave would dwarf the eBay and Target incidents.
In Apple's case, a hack just cannot happen. It would be a catastrophic event to have 800 million accounts, a significant portion of which have credit card numbers associated with them, compromised. The measures Apple has to taken in order to ensure that a breach can never happen must be breathtaking and awe-inspiring.
Perhaps, someday, when it becomes possible, we can come to know the full story of how Apple did it. Assuming, that is, Apple maintains its perfect record.
Next: The tech news debris for the week of May 19th.