RSSDoes poor security lead to innovation?
That's an over-simplification of the argument, of course, as all title lines are, but when you get right down to it, that's the implication of Jonathan Zittrain's concept of "generative systems," the open and unobstructed tools on which he lays the credit for the creation cool and useful technologies.
The theory is that the open, uncontrolled nature of the PC platform has allowed many applications which did not have any obvious value at their conception to gain traction in corporate environments sufficient to come to fruition and eventually mature into useful technologies to the enterprise; things like the Web, VoIP, and Wikis. This sort of bottom-up adoption can drive those responsible for developing strategic plans and maintaining consistency batty, but Zittrain argues that it has resulted in better technology than a tightly controlled, planned system might have.
Zittrain can do his argument better justice than I can, and you can get a good sense of it from this CIO Insight Q&A. He also has recently published a book on the subject, which I haven't had a chance to pick up yet: "The Future of the Internet – And How to Stop It." The Q&A article is specifically about the iPhone, a closed system that Zittrain disapproves of because, even with the new availability of third party applications, Apple can haul in the rug at any time. But, as I argue after the jump, this is hardly a new issue… and certainly not one that has shut down innovation so far.
It's odd that Zittrain doesn't recognize that the "closed system" is in fact the state of affairs for nearly all PCs due to increasingly restrictive EULAs and increasingly aggressive built-in enforcement mechanisms… he spends a lot of time celebrating something that doesn't really exist. Nor does he consider that one of the platforms which he praises the most, the Internet, came to be and first flourished on centrally controlled mainframe and minicomputer systems, no few of which had controls which demanded a second by second accounting of the use of computing time. I suppose that the argument there is that users were not prevented from trying new things even though the capability was in place to do so; but this disposes of Zittrain's allegation that it is the platform that matters rather than the management of it.
Loraine Lawson at IT BusinessEdge has an interesting take on all this as it relates specifically to application integration, and extends Zittrain's brief comments on how cloud computing may prove to be the ultimate "closed" system which will prevent innovation and stifle adoption of new technologies.
Both Zittrain and Lawson take pains to say that they aren't recommending anarchy, that they recognize some controls are desirable and that security is an important function for the CIO, but both see signs of a disturbing trend that will shift the balance of power in the CIO's favor and result in more secure, integrated systems with less innovation and bottom-up adoption. I know that many CIOs would be jumping in the air and clicking their heels should that prove to be the case, but I don't see it, at least not in the same terms that Zittrain and Lawson do. Looking at many of the same trends, I see them undermining central control and opening up opportunities for users to adopt new technologies and innovate.
Take the iPhone. The big debate in the corporate world hasn't been over the excellent security and lock-in, but rather whether or not it will undermine existing corporate controls and standards. Zittrain sees a closed system, and that may be so, but its a closed system intruding on other closed systems… opening them up, as it were. And as I've already pointed out, PCs themselves (those running commercial operating system software; Windows and Mac OS) have always been closed systems, which also succeeded in displacing other closed systems.
With respect to integration and the movement toward SaaS applications, Lawson points out that integration issues are a symptom of successful technologies displacing those which are becoming outmoded (at least in many cases) and therefore represent a sign of progress rather than a disability. This doesn't dispose of the fact that a lack of integration is not progressive itself; and it seems to me that it's often possible to get rid of annoying side effects without disturbing the beneficial mechanism. I see SaaS and SOA as excellent ways to do this, not ways in which progress will be squashed. I think the average SaaS application is ten times better at exposing once closed information and capabilities directly to users than legacy in-house systems are. While vendor lock in is a real concern, the new availability of web APIs and data interchange protocols made de rigeur by Web 2.0 SaaS vendors makes your data, in practice, far more open than it ever was sitting locked away in an Oracle database in your own server room. Sure, you weren't at the mercy of some remote SaaS or PaaS vendor before… but your staff never had the flexibility which those vendors offered for accessing and manipulating all that data, either.
In fact, SaaS and the advent of closed devices like the iPhone are forcing corporate IT to be more flexible and to allow open systems even as they improve security. SaaS and cloud-based applications mean that IT can get out of the PC management business altogether; as long as your user has a compatible web browser, which they can almost certainly come up with on their own, why should the CIO care what else they are running? Security is handled on the servers, by the vendor, or in the application, by IT. The platform being used for access is almost irrelevant. And devices such as the iPhone and the Blackberry are pushing IT to develop black-box interfaces to integrate with corporate network and mail systems. As long as those interfaces are standardized, then what is on the other side matters not a whit; IT can maintain security and standards inside the corporate network without having to worry about what the users are carrying around in their pockets.
In short, I think that the worry over closed systems stifling innovation is tremendously overblown. The actual innovators, the guys in garages who are putting together the cool applications for the next generation of technology, are doing it on Linux and other free and open platforms as they always have, not iPhones. Zittrain speaks of requiring a critical mass for adoption, but he somehow fails to see that adoption is driven more by feature than platform. Most of the best parts of Windows came from Macs; most of the best part of Macs came from the Xerox Alto. If some hacker comes up with a cool application for an open Symbian mobile phone, you're going to see it on the iPhone not much later. The things that will really stifle innovation are not the platforms themselves or the supposed controls hanging over them, but the courts and the increasingly abused patent system… what you could once attempt to do safely on a genuinely open system, you may still be able to accomplish technically, but that matters little if some corporate monolith can drag you into court and shut you down because they have pre-emptively patented something remotely similar at some point in the past.
I don’t think Jonathan Zittrain was saying cloud computing would stifle innovation. I think you’ve connected two unrelated points here. It was more of a side caution – that this is an area without legal protection at this point. And my point was NOT that integration stifles creativity – although, I can see how you got that idea. I guess I rambled a bit. My main point was more to address the view that the need for integration is a sign of mistakes by IT. Really, IT systems are more organic and evolve and as a result, we have ongoing integration needs.
Hi Loraine, thanks for your response.
As noted, I hadn’t gotten his book yet at the point I wrote this, so I may well have misunderstood his basic thesis.
I apologize for misunderstanding your point as well… that may be an institutional bias on my part, since I would never have considered that integration efforts were a sign of mistakes, per se.