Locked down, browser-centric operating systems will soon be at the center of IT corporate security

A Slow Start

Google introduced ChromeOS in July 2009 as the first browser-centric operating system (OS) where all applications are webdriven and most data is stored in the cloud rather than locally on the computer’s hard drive.  ChromeOS was met with plenty of skepticism and got off to a slow start.  It took nearly two years for the first laptop running ChromeOS, a Chromebook, to be released to the public and it faced similar doubts from the technology world.

Many who criticised it did so by comparing the features of ChromeOS to that of a traditional Windows laptop.  ChromeOS required a near constant Internet connection for features to work fully, consumers had to be willing to upload all of their data to Google, and many questioned why an operating system built around the Chrome browser is superior to the Chrome browser available in Windows or OSX.

These critics had valid concerns at the time, but a lot has changed since the early days of ChromeOS.  The Internet ecosystem which provides the backbone for a browser-centric OS has greatly improved and evolved.  Consumers and businesses have become more comfortable storing their files via Dropbox, Google Drive, and iCloud.  More and more of the applications we use have been adapted to the web and even native staples such as Outlook and Word have web-based siblings or competitor equivalents.  And Internet connectivity has never been more accessible.  Since 2013, the number of wifi hotspots has grown 888% globally to over 200 million and grown 5,000% in the United States to 67 million.   The growth in wifi is complemented by faster cell phone tethering, mobile hotspots in everything from laptops to cars, and even airborne connectivity.  It’s hard to go anywhere today that the cloud isn’t reachable.

ChromeOS found its beachhead in classrooms across the country, offering a platform to educators that was tightly controlled, improved security, and came with a lower upfront cost.  Google invested in services and tools which catered toward education and, as a result, captured an estimated 58% of the K-12 market, far outpacing the legacy offerings from Microsoft and Apple.  Chromebook sales have correspondingly surged in the last few years with estimates indicating more Chromebooks were sold in 2016 than Apple Macbooks.  But by all accounts, ChromeOS, and the Chromebooks that run it, have only been successful in one market of the overall PC landscape.  With consumers largely turning to mobile and tablet devices rather than refreshing PCs, the next, and much larger, competition ground is winning over corporate IT departments.

Going Corporate

Microsoft, the mainstay of corporate IT for the last two decades, has taken notice.  Earlier this month, they announced a new version of Windows built with the same browser-centric design principles called Windows S.   Similar to ChromeOS, users will be restricted to working within the Microsoft Edge web browser and approved Apps delivered via the Windows Store.  Many have categorized this as an attempt to stem losses in education, but I think Microsoft is preparing for (and facilitating) a corporate shift.  Together with the roll out of web-based Office 365 and moving more enterprise services to the Azure cloud platform, Microsoft is developing the ecosystem required for corporations to shift employees away from traditional PCs loaded with Microsoft software running on Windows 10 toward the new browser-centric frontier and Windows S.

The benefits to corporations will sound familiar: tighter control over data and the services employees use, improved workstation security, and lower hardware costs as the strain of complex computing tasks is offloaded from local workstations to the cloud.  The same factors that have influenced the rise of ChromeOS in education.

Windows S has been met with some of the same criticisms as the original ChromeOS and, again, many of these critics are comparing Windows S to a traditional laptop running Windows 10.  Windows S has been described as a crippled version of Windows because of the limitations imposed on users, but that’s precisely it’s advantage for corporate IT.  Only approved software can be installed via the Windows Store meaning users cannot install dangerous, unwanted, or unlicensed software.  Because only limited software can be installed and all applications run in a stricter “sandbox” than traditional Windows, it’s nearly impossible for viruses to execute and take hold in corporate networks.  Finally, by delivering applications via the web browser, IT specialists are able to centrally manage and enforce storage, protection, backups, and access control policies.

As the number of headlines about data breaches, virus attacks, and stolen trade secrets rises, these benefits will look increasingly attractive to organizations and their IT departments.  Most organizations go through PC hardware refreshes every 2 to 3 years, so the shift will not happen overnight, but within this cycle or the next, I believe we’ll see a significant rise in companies issuing locked down devices running Windows S; or if Google has anything to say about it, ChromeOS.

Winners and Losers

As with any shift in standards, opportunities will be created.  Most software written in the last 10 years has had a web focus and is already ready for this browser-centric shift, but there are older applications which have been left behind.  These will either need to be updated to expose web-based user interfaces or replaced with more modern alternatives.  In some cases, these transformation will require huge undertakings to modernize or replace core IT systems built largely on mainframes.

On the opposite side, software which specializes in monitoring or protecting employee workstations like virus scanners, productivity trackers, and data retention software will either become obsolete or centralized to cloud servers where data is stored.