The reviews are in and they are not especially flattering. In the Wall Street Journal Walt Mossberg suggested the innovative, Google-inspired Chrome OS netbook is buggy, pricey, and just not ready for primetime. In the New York Times, tech columnist David Pogue was, if anything, more brutal; dis’ing the device (he reviewed the Samsung edition but there’s also one from Acer) as a three-pound paperweight … Ouch.
Comments from IT security professionals drive home a different, more favorable view of the ChromeBook and business, maybe, ought to make reviewing the Chromebook for possible adoption a high priority. Why?
1. “The Chromebook is built with security as an inherent concern, not an after-thought,” said Lance James, a security consultant with Vigilant. That’s a crucial observation. Security has been grafted on today’s PC/Apple computing models and the results are spotty. With Chromebook, the device was designed to be secure.
2. Chromebook is cloud-based so there’s no downloading applications and therefore there probably is no downloading malware. (But see the reasons to shun Chromebook for a more expansive viewpoint.)
3. “Chrome OS uses process sandboxing that makes it basically impossible for one app to interact with another,” added James. Apps can’t talk with each other in Chrome OS, that is built into the architecture. This is another safeguard against malware working havoc on the network.
4. Faster boot times, i.e., Chromebook boots like a rocket. “On average, it boots up in 10 seconds. You can see the screen instantly switch on when you open it,” said Sam Alapati, senior technical director, Miro Consulting.
5. Secure transmission of data: “All data, including downloads, are fully encrypted, so you don’t need any anti-virus software,” said Alapati.
6. Automatic updates: “As soon as you switch on the device, all updates are made automatically,” said Alapati. This is big because, basically, Chrome OS eliminates user responsibility for managing updates. The network handles it like it or not. That, however, may be an obstacle in some organizations where IT is unhappy that a third party (Google, in this case) is deciding when to push out updates and to whom.
It is worth noting that this is pretty much the model that applies to smartphones, where carriers call the shots, and, although there are grumbles, most of us have come to accept this transfer of decision making.
7. There’s nothing to lose. “If you lose your laptop, no user data is lost since everything is in the cloud. The Chromebook shifts storage of user data away from the local device. In fact, the Samsung model spots a tiny 16GB internal drive, barely large enough to store cached Web content and the Chrome OS itself,” said Adam Powers, CTO of Lancope.
8. Easy sharing of hardware: “Since all of your data is securely stored in the cloud, you can lend your Chromebook to others and they can use the device through the Guest Mode option, without affecting your own data,” said Alapati.
9. Better battery life: “The average battery lifetime is eight hours; much longer than that offered by traditional laptops,” said Alapati.
10. The ubiquity of MiFi and HotSpots suddenly has made a cloud-based netbook — one with essentially no usefulness when not connected to the Internet — useful despite that limitation. Critics harp on this need for connectivity, but does it really matter? Probably not anymore.
11. Add in enterprise pricing at $30 per device per month for the Samsung Chromebook ($27 for the smaller Acer) and the value proposition gets sharp, especially when software add-on costs will be little or nothing.
Why to shun it
Good as the Chromebook security looks, it may have flaws. Matt Johansen, application security specialist at WhiteHat Security, emailed this round-up of concerns his team found in its poking into the Chrome OS:
1. “Chrome OS can be hacked to open a number of sensitive sites that the user might be logged into and access their cookies or exploit any known vulnerabilities on other sites to leverage and steal sensitive information.
2. Hackers can create a malicious extension and convince a user to install a malicious man-in-the-browser app that can lead to a multitude of difficult to control security problems.
3. Simple vulnerabilities can be exploited in the Chrome OS platform via XSS vulnerabilities and how lenient application permissions can easily be made viral and wormable.
Are those worries enough to cross off Chromebook from the enterprise wish list? It’s too early to say but as good as Chromebook security appears to be, it may not be the magic bullet security professionals have hoped for.
Robert McGarvey – As a busy freelance writer for more than 30 years, Rob McGarvey has written over 1500 articles for many of the nation’s leading publications-from Reader’s Digest to Playboy and from the NY Times to Harvard Business Review. McGarvey covers CEOs, business, high tech, human resources, real estate, and the energy sector. A particular specialty is advertorial sections for many top outlets including the New York Times, Crain’s New York, and Fortune Magazine.