An open letter to Apple – a change of heart

overcome-regretDear Apple,

I wrote to you back in 2012, deriding your decision to remove the lock lead security hole on your laptops. I may even have been a little rude.

An epiphany of sorts has happened to me at some point over the last few years though, and I think it stemmed from your decision to remove the security hole. Back then, I argued that physical loss of an asset was still bad, even with encryption enabled, because of downtime, replacement costs etc.. It also, I argued, helped to instill a culture of security in people as the physical act of locking their laptop would also remind them of their other security obligations, a constant reminder pif you will.

I was wrong.

The lock lead has been seen as barrier to productivity as our workplaces have changed and our people have become more mobile. People have avoided using them, or evened cursed them because their offices didn’t take the relevant logical step of ensuring there were adequate anchor points to be used. People were moving from one room to another on a regular basis for their meetings, and locking and unlocking their laptop reminded them of how out of touch security was with the realities of daily life.

I even did a back of a napkin calculation; a company with 10,000 laptops would spend (roughly) about $500k USD every three years on lock leads. That same company may experience thefts that could have been prevented by a lock lead that would total less that $10k a year. Financially this no longer makes sense. My inner chimp was scared that laptops would simply be stolen regularly from our offices and if I didn’t do anything about it I would get fired. In fact, decisions like this are costing our companies hundreds of thousands of dollars off the bottom line. So much being a “business enabler”.

So I take it back, all of it, and I want to thank you for setting me on the right path (and saving us all lots of money).

Your sincerely,

Thom “with regret” Langford


Open Letter to Apple – Why Have You Forsaken Me?

Dear Apple,

Your new MacBook Pro’s rock… the screen alone is just like moving from black and white to colour, and with the Air-like instant on, solid state disk and all round grooviness I nearly sold a kidney there and then (thank goodness the market in kidneys crashed; this could have been a very different letter).

And then, I saw it. Or more accurately I didn’t. The lozenge shaped hole of hope, that sliver of sanity, the goddam lock lead hole… It wasn’t there; in fact I looked again and it still isn’t there!

WTF Apple? What kind of insane douchebaggery is this?

You have strived and toiled and driven to be accepted into the enterprise. You have integrated with Microsoft Exchange, AD and even licensed ActiveSync for the iPhone. You have built in full disk encryption into your OS(X), allowed corporate Microsoft into your walled garden and introduced Employee Purchase Programs. In fact, you sounded like my hip godfather; all grown up and wise and everything, and yet still somewhat cool and groovy.

I even use a MacBook Pro at work for goodness sake! You make ME look cool and hipster like, and THAT is hard work I can tell you…

I tell people about how much more stable OSX is, how much more consistent the hardware is and how much more intuitive the interface is. Sure, your enterprise hardware support isn’t as good as say HP’s and Lenovo, but it is good enough, and at a pinch I just wander up to Oxford Street and chat to a Genius and they fix it anyway.
And then you announce the retina display, and all the other coolness that goes along with the new MacBooks; everyone in the office is talking about how they need one, my work and productivity depend on it, and you know what?… I ignored them because I needed one and my productivity suddenly depended on one as well…

And when I didn’t see that hole of hope, I think I died a little inside, and not just because I couldn’t lock my laptop up now, but because I will never be able to lock it in the future. This is obviously a design decision, one that was actually thought out, not just forgotten.

I have fought and fought to get my people to understand the importance of basic DLP, that is, lock your frickin laptop up, and your data will not literally walk out of the door. And in one fell swoop, you have told all of my MacBook users that it’s OK not to have a laptop lock. “If Apple don’t think it is important, why should I listen to you?”.

Godammit.

I now have to fight for extra budget for a case that screws into the chassis of the laptop that I can lock a lead to (ugly) or pieces of metal to slip between the hinge for the lock lead to attach to (screen crunchingly efficient) to get a basic security control in place. And I bet the answer will be “no” – these new Macs are expensive enough, we have encryption, why bother? Ummm, downtime, productivity, overhead of security incident reporting, cost of hardware replacement and just generally lax security practises (or “risk homeostasis” – a topic of a forthcoming presentation).

You have two choices; either reintroduce said hole, or introduce the most amazingly designed and fabulous looking security device for these laptops that I will spill £50 of my own money to buy one.

Do you dare to “think different” in this regard…

Yours sincerely,

Thom “lockless” Langford