The Chrome OS, which basically is one of the best thin client concepts yet to hit the market, has a lot of potential. But like most efforts of its type, embedded within it are the seeds of failure. Fortunately for Google, there is substantial information from companies ranging from Apple to IBM to assure the product's success. Unfortunately for Google, the company is young and hasn't yet learned to use this information; instead it has a history of learning by doing. If that isn't changed, this effort will fail, likely in a rather spectacular fashion and connected to a massive data breach.
First, let's look at the reasons it will likely fail, then I'll follow with a piece on why it could succeed. Let's be clear though, the Chrome OS moves the market and there is little doubt in my mind that the future of computing will likely be something like it, but on Google's current path, the solution that goes mainstream probably will come from a different company. In other words, no one tied to the current ecosystem should take this as a reason to sleep easy.
If you think about what's considered adequate security in the current PC environment, well, it sucks. But it's hard to steal lots of information from lots of people partly because that information is widely distributed, the PCs on which it resides often are not on, and they reside behind changing network security offerings. You can certainly get to information, you just can't seem to get to it massively even with botnets, the best of which have technology that most legitimate IT shops would die to own.
If you take all this information and put it in one place, breaching it becomes a matter of breaking passwords. With a regular PC, you'd typically have to not only get the password to it (if it even has one), you'd have to get the passwords to all the related services you'd want to penetrate. You could do that machine by machine with keyloggers, bots, or by going directly to the services, but then you have to go service by service. If you want to protect the PC, there are existing technologies like the Trusted Platform Module, which can make penetration incredibly difficult. Granted, it isn't used as much as it should be, but the very complexity of a PC ecosystem actually increases its ability to defend against massive attacks.
With Chrome OS, you simply have to penetrate its always-on, always-identically-protected account. Once in, you should have access to cached passwords for every service used on it. In effect, Google is making the same initial mistake Microsoft did, but with an outcome likely to be more dire. It's trading off security in favor of extreme ease of use. Google could mitigate this simply be eliminating passwords and requiring a solid multi-factor authentication method from any hardware manufacturer that supports Chrome OS. But it appears to be repeating Microsoft's mistake of leaving security to third parties (something Microsoft has been correcting most recently with Security Essentials and Forefront Security). IBM never gave up owning security for its offerings, and while it has had some issues, it has a reputation for security. It doesn't matter how secure the back end is, if user access isn't secure, passwords are not secure.
One of the comments made during the Chrome OS launch was that Google didn't have a strategy for it; the company focused on user needs (at end of this post) instead. Not only did this showcase a distinct ignorance when it comes to strategy -- focusing exclusively on needs is one -- but it repeats a common mistake made by those that want to bring to market a revolutionary product. What was really foolish was one of the founders appearing to announce the premature death of Android, an operating system that is just now gaining traction.
The ROKR phone that preceded the iPhone to market was built on customer requirements; the iPhone was not. Now which was the most successful? The reason you don't focus exclusively on customer requirements with a revolutionary product is that the customer doesn't yet know what they are.
Instead, and taking a page from Steve Jobs' book (See "Inside Steve's Brain"), you focus on what you think those requirements will be. Then you get something that stuns the market, as opposed to something that people suddenly see as incredibly inferior. Given Google's CEO was on the Apple board, you would hope he had stayed awake during board meetings to pick this up.
Latency and Mobility
There are a number of thin clients on the market, and while this market continues to grow compared even to Apple's market share, it is tiny. The reason is that they aren't mobile and require a focus on network latency that PCs don't require. In addition, users like to have a certain level of control that they simply don't offer. Take an application like Tweet Deck that many of us have become wedded to. That application will not work in an environment like the one Google imagines because it runs locally and appears to function even if the network connection is spotty.
Most networks experience bottlenecks a number of times a day. The one I'm on is not only massively asymmetrical when it comes to speed, but it tends to have serious problems several times a week. Browsing slows to a crawl, but I can still get work done. When you add to this the problems of a world that is highly mobile and revisit why Apple backed away from Web-based applications after the launch of the iPhone, you'd realize that Chrome OS will initially only be viable in a few places like Korea, which have the needed infrastructure initially. And even there, you'd want to make sure you didn't overset expectations and kill the effort.
Companies have a nasty habit of not learning from history, looking at a world that only exists in their own minds and building solutions that won't stand up to reality. Chrome OS does anticipate a likely future in which computer services are entirely hosted. But we started from such a world and had it been that great, we'd likely still be there. There is a reason we went to PCs in the first place, and if Google doesn't find a way to take all we have learned in the past 40 years and blend the advantages of a hosted solution with the needs that originally created the PC market, Chrome OS will fail.
Google feels itself largely invulnerable (it's not as today's news seems to indicate) and that it doesn't need to follow the footsteps of aging companies that came before. We all exist in a veritable minefield of mistakes made by others, and by not at least looking at these mistakes, it's assured of eventually stepping on a mine. Right now, Chrome OS appears to be on that path.
Google has a year to fix this and it still could, but if it doesn't -- and most companies don't -- act, the future of this effort, which has massive potential, will be disappointing. Very disappointing.