Security Experts:

It Will Take More Than a Few BlackBerry Outages to Kill RIM

Financially, RIM continues to be a healthy company. But if doesn't “think different” about its network strategy, its customers may think different about their choice of handset vendor.

Is Research In Motion in trouble? In the wake of two long outages this month, many commentators believe that the end is drawing near for the Waterloo-based company. The outages affected tens of millions of subscribers in Europe, the Middle East, Africa and North America and have led many to consider alternative products. Customer defections, unappealing products and lagging innovation, the theory goes, will cause the company to go into an irreversible downward spiral. I don’t fully agree with this theory, but the outages do shine a spotlight on the larger strategic challenge for RIM: how to modernize its network, products and services in the face of relentless competition. As we’ll see, the outages, customer loyalty and product modernization are intimately related.

Is BlackBerry Dead?First, the outages. As any “CrackBerry addict” can tell you, RIM’s proprietary BlackBerry delivery network has always been a key strength. Millions of people rely on it for speedy and reliable delivery of email and messages. But the outages showed that the network is now a weakness. As I noted over a year ago, when I was an analyst with Forrester Research, RIM’s network was an advantage in the days when TCP/IP networking wasn’t commonly available on mobile devices:

The BlackBerry was introduced in 1999 as a two-way pager on steroids. Back then, TCP/IP over GSM (and other wireless networks) was just a pipe dream. RIM implemented a system by which all traffic is collected from the mobile networks of the sender, funneled through RIM servers and then routed back onto the recipient’s mobile networks and pushed to the handset. In essence, RIM – rather than the Interwebs – provided the routing capabilities needed to ensure that mail and messages are delivered. That was necessary, and worked well, when Internet data plans were not universally available. It gave BlackBerry instant push e-mail and guaranteed delivery. And critically, it was a competitive advantage that no other wireless vendor had.

As we have seen, the mobile technology landscape has changed dramatically since 1999. Data plans that provide TCP/IP over wireless carrier networks are now ubiquitous, nullifying a key RIM advantage. Moreover, the two Post-PC device leaders that matter most, Apple and Google, already license a push-email protocol called ActiveSync. ActiveSync isn’t as good as BlackBerry push email, but it is good enough for most businesses. But in spite of the ubiquity of the TCP/IP-over-wireless, RIM continues to do its own thing. Again, as I recommended over a year ago:

RIM should dismantle its centralized delivery network for its consumer devices and move to a decentralized model, where (1) the Internet provides the routing and (2) centralized communications monitoring is much more difficult. That is what Microsoft and Apple, in essence, do today because the devices connect directly to company servers [via commodity carrier networks] rather than through a single service provider.

Forward-thinking enterprise security executives tend to think of security as a subset of reliability. That’s why in large corporations you increasingly see information security and business continuity functions reporting to the same manager. It’s also why service providers offer both security and business continuity services for email — because they see security and reliability as two sides of the same coin. As they say in the BC/DR world, “Two is one, and one is none.” For this reason, customers should use these RIM outages as reminders that (1) single points of failure are bad; (2) when you buy from a vendor, you are introducing all of that vendor’s strengths and weakness into your infrastructure as well; and (3) it’s good to be reminded of risks that you may have tacitly chosen to bear, in this case reliance on RIM’s network availability.

RIM’s recent outages have reminded enterprise CIOs that, when they choose RIM, they are making a bet that RIM’s delivery network will be more reliable than those that ride on top of their employees’ cellular data plans. That might have been a safe assumption five years ago, but it isn’t any longer. These two incidents alone will knock RIM’s 2011 uptime down to the three-nines level of reliability, proof that RIM should have switched to TCP/IP three years ago, to (1) give customers the ability to control their own destinies and (2) to save them money. They did not, and customers are now seeing the results of RIM’s non-decision.

RIM MarketshareIt is fashionable in the tech trades to pounce on tactical blunders and pronounce a vendor dead: the abundance of Microsoft-is-doomed stories in response to poor quarterly Windows Phone shipments, for example. We can reasonably expect many premature eulogies for RIM, also. In truth, however, businesses with substantial annuity revenues are incredibly hard to kill. Over one quarter of RIM’s revenues, $1 billion in the last quarter, are from services. Because millions of subscribers sign multi-year contracts that require them to pay every month, RIM has a predictable revenue stream that cushions its revenues from quarterly deal flow turbulence. And because of the way that subscription revenue is recognized on a monthly basis, sudden swings in customer counts don’t show up on the income statement until much later. As a result, it takes a lot of defections over a long time to make a noticeable dent in profitability. On the flip side, many potential customers for RIM’s new BBX platform won’t increase profits for a while, either. Because of the dampening effect of annuity-based revenue streams, changing RIM’s fortunes is like ruddering the Queen Elizabeth—the ship, not the monarch.

Financially speaking, RIM continues to be a very healthy company. The company throws off a few billion in profit every year, has no debt, and maintains high gross margins. RIM also possesses a loyal franchise of enterprise customers that are not yet willing to jump headlong into many-vendor, many-device Post PC maelstrom. These customers have standardized on RIM and won’t give up their BlackBerrys willingly. Of RIM’s 70 million customers worldwide, about one-third of them — 22 to 25 million — are enterprises. These customers are highly profitable. Even if Apple and Google magically lured away all of its consumer subscribers tomorrow, it would still be a profitable company for many years.

Thus, although RIM's current situation might appear to be rather dire, the company's medium term prospects are still quite good. Regardless, customers should listen carefully to what RIM says about these outages in the next few weeks, and what they plan to do to ensure they do not happen again. I am confident RIM will do what it must to fix the short term issues, but not optimistic that the company will do what it should to fix its longer-term problem — migrate its customers to a next-generation routing and delivery service that uses plain-old TCP/IP over carrier pipes rather than its own network. Unfortunately for RIM, it if does not have the courage to “think different” about its network strategy, its customers are likely to think different about their choice of handset vendor.

Related Reading: Failure of the BlackBerry PlayBook Means CIOs Need to Plan for an Apple World

Related Reading: Why the BlackBerry PlayBook Shows Us The Future of Enterprise Security -- Especially if it Fails

Subscribe to the SecurityWeek Email Briefing
view counter
Andrew Jaquith is CTO at SilverSky. Prior to his current role, he served as a senior analyst with Forrester Research where he led team coverage for data, endpoint and mobile security topics. Prior to joining Forrester, he was program manager in Yankee Group's enabling technologies enterprise group, with coverage of client security, digital identity, and web application security. Before joining Yankee Group, he co-founded @stake, a security consulting pioneer, which Symantec acquired in 2004. Before @stake, he held project manager and business analyst positions at Cambridge Technology Partners and FedEx. He is the co-developer of the Apache JSPWiki open source wiki software package, and the author of the 2007 Addison-Wesley Professional book "Security Metrics: Replacing Fear, Uncertainty and Doubt." Andrew holds a B.A. in Economics and Political Science from Yale University.
view counter