Thursday, January 12, 2012

UK 4G - Too little, too late?

Ofcom has announced new plans to auction the 4G mobile phone spectrum, but will it deliver the windfall the government is hoping for, will operators invest in the coverage expected, will customers actually use it and will the operators therefore make their money back?

Well, I don't know.

You can read about the Ofcom announcement here but let's look at it from the users' point of view.

I own a phone, iPad and computer - all able to use the Internet.  They are generating and downloading lots of data, all day whether I ask them to or not, sometimes you just try stopping them!  There's no doubt that the amount of data I and my family are transmitting and consuming is growing, not least as emails are being sent to all three devices simultaneously as they all try to keep synchronised.  I've written before about the automatic downloads of new TV episodes from iPlayer, there's surely no doubt about the growth in traffic.

We also as consumers want it to be ever faster, higher performance, no waiting, HD-quality and whatever is the best way next to consume content; IMAX or 360 degrees with multiple projectors coming out of your Mac in a few years?  Who knows?

But, do we need 4G?

Today's devices can connect to a multitude of data sources, of course this being communications we have a huge bunch of acronyms to confuse the enemy - GSM, 2G, 3G, Edge, CDMA, UTMS, WiMAX and 4G, and the devices are smart enough to pick and choose the best available system and switch between them without bothering the user.  Maybe they don't always make the best decisions, but as the algorithms get smarter and they can take into account maximum throughput, reliability, signal strength, achieved throughput and continue to keep connected while making incredible leaps between systems, we users can be oblivious to the technology underpinning the data.

So, what is in it for the operators?  Why should they invest in 4G?  Well, to give the fastest connection to their users and steal customers from the other operators, as almost everyone has a connection today, they have to compete on either performance or price (or a bit of both).  Sadly, the up-front investment costs could be huge, as some 4G signals don't travel as far, they may need more aerials or have greater "not-spots" for 4G than 3G.

OK, but how much will we pay?  I am currently on a PAYG deal that costs me £10.00 (USD$15) a month, I get unlimited texts, unlimited data and 250 minutes of UK calls.  (If you'd like the same deal, just let me know).  Prices are coming down, so can the operators make any money?

But it gets worse for the operators, what do I connect to the most?  Actually none of the above acronyms - I use Wi-Fi.  I find Wi-Fi spots in so many places today and a huge number are free or available in a package with a single provider (BT's deal where you can share other consumer's Wi-Fi for example) or offered by cafes, pubs etc. - even local councils are starting to cover the area at limited or no charge.  You can download free applications for your phone or iPad that lists over half a million wifi spots globally and simply walk to the nearest one.

I can see 4G becoming a little like satellite phones from years ago.  I remember a few folks with them telling me how great they are "as I can make calls from the top of Everest ... anywhere, no patchy connections".  In those days, there were a huge number of areas where cellphones didn't work at all, but I always wondered when I would actually be at the top of Everest and, as each new cellphone antenna was installed, the need for the satellite phone reduced.

So, I welcome 4G, anything that improves connectivity is great, but the operators are smart (hence the legal challenges over the last couple of years) and they can see the consumer pricing going down, so where's the ROI for them?  But the big one for me is that as each new wi-fi system is installed, the need for 4G technology will reduce and unless the same operators are getting revenue for the wi-fi connections, where will the money come from to make the investment that the government wants them to sign up to?  (Actually, as an aside, perhaps they will get MORE revenue from rural areas and not less, as cities covered in Wi-Fi might mean less 4G revenue).

There's a lot of other aspects to take into consideration, not least coverage distance, but essentially it was coverage that was the great selling point for satellite phones - now used in very remote places around the world but you wouldn't expect to see one in most business meetings, personally I doubt I have seen one for 5 years or so.

So, there better not be any more delays, the height of the price that the operators will pay has possibly already passed.  The UK treasury may be hoping for a £3B ($5B) windfall, and perhaps they will get it as the operators don't want to have no 4G service, but on the other hand.... maybe not.  We just have to wait and see.

Monday, January 9, 2012

Ten Mistakes in Web Security

Web-based threats are constantly changing, yet I see people who's installations and policies have stayed the same for years, ageing and providing poor overall defences.  So, the beginning of the year seems a good opportunity to review the mistakes I see time and again, let's hope you read this and say that you aren't suffering from any of them.

1. I have desktop anti-virus, that is enough.  Well, hopefully enough information has been shared to remove this misunderstanding.  Employees can be fooled by phishing attacks, can inadvertently send out confidential information and sadly the constantly-chaning nature of malware means that anti-malware systems are constantly playing cat-and-mouse to try to keep up with changes from the bad guys.

2. Web filtering if for blocking only.  Web categorisation systems can block, but can also report, coach users, IT can set priorities based on categories, users can be redirected to other sites and can selectively identify and control particular aspects within a category (such as allowing reading but no downloading of executables from untrusted sites).

3. I only need one simple policy.   The "One size fits all" advocates can often set a simple policy (Eg. block adult content, phishing and known malware) and then leave it for years.  Almost all organisations have different users who need different access and policies should be reviewed regularly to make sure that they are up to date.  Suppliers tend to add new categories and enhancements each year, make a note now to review your policies every few months.  (Such as block all older browsers that have known vulnerabilities - go on, do it now).  With thousands of application within Facebook, some for business and many not - you can define policies that see inside social networking and give you the control you need.

4. Reputation systems are enough.  Security systems based on reputation are good, for email!  Looking up an email sender is a great way to start reviewing whether an email is likely to be spam or infected.  However, web pages are so dynamic that reputation systems can only offer one of many pieces of information needed to review content.  In tests, those systems based on reputation have performed poorly on real-life web threats.

5. I don't need to warn/train my users.  Making a new employee sign an Internet Acceptable Use Policy when they have many other concerns on their mind is hardly going to change behaviour and even irregular update courses don't achieve much.  But make sure that users receive splash pages when they access the internet and warning pages when they attempt to access a page with restrictions and they have a constant reminder of the organisation's policies.

6. My organisation isn't a target.  Every organisation has confidential information in it, every employee can be a target even if just for their own knowledge or personal data.  We are all targets.

7.  I cannot control remote users, so I won't try.  With almost every user taking company information outside the offices on tablets, phones or laptops - every organisation has to work out what to do for their mobile workforce.  Encrypt devices, sure, but also look at the policies that can be implemented on mobile devices, make this year the year you investigate all the mobile security options, you know you want to... :-)

8.  There's too much in the logs, so we just keep them in case anyone asks.  Your logs can be very useful information, showing users behaving oddly (how many hundreds of MB downloaded from your cloud-based CRM system?) the most popular categories of the web, the loading at particular times of day or week and this can help you plan new policies, advise users and design a better, stronger network.  Just one example; logs can show which PCs are already infected and a policy implemented to take them off the network and the user informed when they run the browser "Go and get your PC cleaned".

9.  IT define all the policies on their own. Appropriate policies should be designed together with senior management, employee or user advocates, legal and HR departments together.  Get together and ask each other "what-if" questions, the flexibility available now to define policies by group, by office, by time, different policies based on applications within web sites means you really can target appropriate policies.

10.  New applications and systems make it impossible to keep up.  You can't just throw up your hands and say that you can't control Facebook, Twitter, LinkedIn, Foursquare, Skype and all the other newer social networking applications - there are many different controls that can be implemented.

Web control is all about balance - allowing users to access those areas that they need to, but keeping them safe online from those areas they shouldn't.  But the security target is constantly moving, keep yourselves up to date and your users will be safe, your data will be secure and employees kept productive.

Anyone can reuse this top ten list as long as I am quoted as the source.

Friday, January 6, 2012

Content rights in 2012 - time for a bold move online?

I have written about the move to from TV to online content for many years - with time-critical content (sports & news especially) being watched more online as each year passes.  See previous articles on the 2010 World Cup, the BBC iPlayer statistics, LONAP graphs etc.

The content-owners obviously want to maximise their revenue and in the past this was best done by splitting rights by country - if you own the rights and can sell it over 200 times, you can negotiate your best deal in each individual market.

When a broadcaster relies on subscriptions for its revenue (such as Sky in the UK), they need to keep buying the most popular content to keep their subscriber base with them and the content owners have managed to use this to keep the revenue flowing.

So, the major sports have continued to grow, reinforced by a circle of more PR leading to more press, higher salaries for the sports stars, higher rights payments and the money keeps flowing around and everyone is seemingly happy, even the consumers keep paying, though perhaps with grumbles.

Meanwhile, non-subscription-based broadcasters find it more and more difficult to compete, either dropping sports altogether or slowly drifting down the scale (a bizarre manifestation of this being the shared rights between the BBC and Sky for this year's F1, my guess is next time around there BBC will drop out altogether).

I believe that the current model is unsustainable and the balance of power will shift in part by technology and partly due to multi-country deals.

Firstly, the European Court of Justice has ruled that any EU citizen can get their TV service from any provider - see the case brought by Portsmouth landlady Karen Murphy.  If content-owners continue to negotiate country-by-country, then the cheapest buyer/broadcaster can undercut others to broadcast its content outside its normal area, bringing down all prices - the content-owners (and other broadcasters who have paid a higher price) aren't going to want that, so they are likely to try to negotiate wider rights - perhaps the whole of the EU or even a global deal, if a single or group of broadcasters can afford it.

From the technology-side, it is ever easier for consumers to jump around the web (spoofing their IP addresses, using proxies in other countries etc.) and find the content wherever they want it, as long as someone is broadcasting the content on the web somewhere, it can be found and watched or listened to.  As this is the case, why should a broadcaster in one country keep paying an ever higher price at each renegotiation when some of their customers might be siphoned off to someone showing it on the web in another country?

Meanwhile, YouTube and other broadcasters are looking around for new ways to bring in eyeballs.  This article brings in Google/YouTube and al-Jazeera as possible bidders for the English Premier League with Apple (perhaps) on the sidelines.

So, what will happen in the future.  At risk of making a prediction that has many vested interests fighting against, I think that we may be at or near the top of the right-holders price-curve.  I believe that a mixture of technology, legal rulings, economic concerns and ever-greater leakage of content onto other platforms will reduce the overall prices for content owners.  It will be interesting to see what happens when a major sporting event moves to a non-traditional broadcaster - maybe 2012 will take us further down this road.