Sunday, January 27, 2013

Want to avoid data leakage from mobile enterprise apps? Use the cloud


You know the conventional wisdom:  if you’re using mobile devices, the best way to secure enterprise application data is some combination of locked-down devices and strong data security measures.
However, both IT and users know the truth that comes with these approaches:  they ratchet up hidden costs while killing user experience and productivity, all in the name of avoiding data leakage.
So what are the better options for mobile access to enterprise applications?
The problem is that there haven’t been too many.  But there is one you might not have thought of:  use cloud computing.
Hold on, you say, isn’t the cloud inherently insecure?  Plus, why would I add another wrinkle in communicating back and forth with tablets -- something that's already pretty iffy over mobile networks. Isn’t that a big gamble?  Actually, it's not -- if you do it right.  With a smart approach (and a technology partner who can deliver on a couple key components), cloud computing can be a surprisingly effective technique to solve the security, performance, user experience, and cost issues plaguing enterprises in providing mobile access to enterprise applications.
Intrigued?  We’re doing a free webcast on the topic with InformationWeek at 10 a.m. Pacific on Tuesday, Jan. 29, 2013.  Join us and we’ll walk you through what I’m proposing here.
The speaker, our CTO and co-founder Stephen Vilke, will look at existing approaches and the trade-offs that enterprises are currently making in application mobilization. He’ll detail the architectural components (both pros and cons) of a cloud-based approach.  And, he’ll show how IT can deliver both secure application data and a UX that employees rave about through the use of a cloud-based architecture.
Stephen will discuss:
  • New architectural ideas that mean you don’t ever put any data on the mobile device
  • A way for applications to communicate with tablets that’s fast and secure – even over unreliable mobile networks
  • How smart use of the cloud can enable the security and usability required by enterprise mobility
  • How IT can enable BYOD and still maintain control
  • A way to future-proof your development and cost structure
If you're interested in hearing more about this approach, especially given existing application investments and tight application development budgets, join us on Tuesday.  We’ll cover how to pull it off.
Stephen will also leave time to take live questions during the event.  And we promise to keep the vendor sales pitch (yes, Framehawk can help you solve a lot of these issues) to a bare minimum.
Hope you can join us.
Click here to register for our InformationWeek webcast "How to Avoid Data Leakage from Mobile Enterprise Applications: Use the Cloud" at 10 a.m. Pacific (1 p.m. Eastern) on Tuesday, Jan. 29, 2013.  The event will be moderated by Erik Sherman (@ErikSherman), blogger for CBS MoneyWatch and Inc.com.

This post also appears on the Framehawk blog.

Friday, January 25, 2013

Making mobile user experience ‘tablet-y’ for enterprise applications


We’ve been checking off the various dos & don’t for bringing enterprise applications to iPads and other mobile devices.  There are a lot of them.  So many that our CTO Stephen Vilke did an entire webcast about the topic (summarized in this white paper).
Last week I brought up mobile security.  The issue that goes hand-in-hand with that is user experience (UX).  In fact, mobile user experience is usually what suffers when IT operations and corporate compliance get their way.
Stephen, however, is not one to just say, “Oh, well, the users are just going to have to deal with it.”  In fact, avoiding that mistake is core to his CTO tip this time around:
DON’T underestimate the importance of building a rich user experience.
From Stephen’s perspective if security is king for tablets in the enterprise, then user experience is certainly next in line for the throne.  IT departments simply must deliver a strong user experience, says Stephen. If the (albeit brief) history of mobile has taught us anything, it’s that if people don’t like it, they won’t use it.
"How many times have you heard, 'our sales team, managers -- insert group here -- are not using a new system because it’s not easy to use'? Or 'the users hate using the application because it’s hard to do anything with it'? 
"The more time you spend at the beginning of a project making sure there is a rich user experience, the more user satisfaction will increase. This does not have to mean a full re-write for your legacy applications, but rather it is about researching how your audience interacts with applications on their current hardware (PC and laptop) and adding some iPadness to that application when you deliver it on a tablet.  Make it tablet-y!  No one wants a PC experience replicated exactly on a tablet. 
"In fact, at the core of this 'consumerization of IT' revolution inside the enterprise is user experience -- employees asking to use their own iPad at work because it’s easy to use, and easy to be productive with. The only reason employees use the IT systems at work is because their job depends on it. If workers weren’t forced to execute expense reports with scanners, scissors, and tape, and instead could execute it faster with an iPhone app, they would likely opt for the quick route and actually spend a little more time doing their job. Moreover, they might even enter information into a CRM system more frequently if they could do it from their iPad wherever they happen to be."
User experience drives user adoption. And, as Stephen has noted more than a couple times in his career, good news travels fast. The more people use something, the more they will share their experiences with others, and the faster the rate of adoption.
Moreover, building a strong user experience is going to drive productivity across your range of use cases. Technology should not get in the way of a user’s productivity. Virtual desktop infrastructure (VDI) solutions are notorious for letting the user down when it comes to the user experience. A salesperson, physician, investment advisor, or whatever the role, does not want the mobile version of their virtual app to slow them down. Conversely, creating native applications unique to the user’s job can increase their productivity as well as their effectiveness, but can also be time consuming and very, very expensive.  Says Stephen:
"Try to make it simple. If done right, UX can drastically decrease support costs. Leveraging a simple user experience, one that is intuitive and user-friendly means that there will be fewer knots to untangle down the line. The up-front costs distributing applications to tablets are one thing, sustaining their upkeep and performance is something else. 
"Companies with successful implementations spend roughly 25 percent of their implementation costs on delivering user adoption – for things like training, communications, and change management. Larger implementations can spend roughly 30-35 percent on user adoption. Spending time at the beginning of a project on the user experience can lower these costs."
Think about it.  Says Stephen: “no one trained you to use Google, Craigslist, or CNN.com.”  He’s not saying to just drop all of those mobile security concerns.  But remember this:  UX is worth more time and effort than IT has been used to devoting to it.  And in this more tablet-y world, that’s going to have to change.

This post also appears on the Framehawk blog.

Thursday, January 24, 2013

On second thought, maybe Microsoft Surface is worth a look for enterprises


Our CEO Peter Badger had a chance to play with a Microsoft Surface tablet the day they announced it.  As we noted here and on Twitter, he wasn’t impressed.
However, that didn’t stop him from buying one and running it through his paces alongside his other tablets here in the Framehawk office “proving ground” (AKA Peter’s desk).
But here’s the interesting part of the story.  After spending some time using the Surface, Peter changed his mind about this new tablet, especially in considering what the interest and impact might be for enterprises.  Here’s his quick, verbatim run-down from a note he wrote to us here internally, after 2 hours on the Surface RT:
“Great hardware. Sturdy, good power, nice screen/keyboard format.
“Reasonably good operating system UI, although everything is a second slower to launch/react than iOS.
“Terrible browser.  It’s confusing and slow.  You can't click on links accurately. It reminds me of Blackberry browsing.
“Interesting 'desktop mode.'  I see what they did.  They put a desktop on a tablet. I can see how the desktop/tablet experience can start to gel, although most of the desktop apps are hard to navigate using touch. It’s impossible to manage windows without a bunch of constant pinch/zoom actions. A Bluetooth mouse would be awesome.”
Overall, Peter said, “I’m still forming an opinion.  I haven't outright rejected it yet.”  And that’s saying a lot from Peter, someone who has been called an Apple fan boy before (with good reason).
Other positive ‘insider’ views of the Surface – including mine
Our CTO Stephen Vilke also got his hands on one, and as he indicated in his post a few weeks back, it impressed him.  Early indications (including this Gizmodo pre-review from CES) are that the Surface Pro is also pretty interesting.
Over the holidays, it was my turn:  I also got to play around on a Surface.  It took a bit of getting used to, but after a little bit of trial and error (and the owner kibitzing over my shoulder), I figured out the UX paradigm.  And I found it pretty easy to hop around and get some things done – in applications I recognize and have used for years.
One odd thing: Surface thinks of itself as a PC.  It even calls itself one on various start-up and settings screens.  And there are moments when it is.  There are other moments when it’s a tablet.  And there are still other moments where I feel like it doesn’t know what it is…leaving me a bit confused as to what to do next.
But, in general, the Surface was usable.  And quite appealing.  And after 30-40 minutes of poking around, I felt like I knew how to be productive on it.  The PC/tablet confusion is probably more a result of Microsoft trying to strategically blur the lines between those devices for their own gain than a serious problem.
However, it should be noted that my comments and the ones above are responses by people in the mobile business.  So, even more interesting to me was the view of some folks I know quite well, but who are outside the industry bubble.
A pragmatic choice for everyday users
Along those lines, the most interesting thing about my test drive over the holidays was that it was mother's new Surface that I was borrowing.  She, my brother, and my father are buying Surface tablets for personal use plus daily work on our family farming operation (check out Mohr-Fry Ranches…home of the grapes that go into award-winning Lodi Old Vine Zinfandel and artisan beans recently featured at Williams-Sonoma).
When they told me they were jumping on the tablet bandwagon and had selected the Surface, I was actually quite surprised.  What about the iPad and its elegant, easy-to-use interface?
It turns out that the major selling point for them is legacy investment protection.  They were comparing the Surface to their PCs.  They liked the less-bulky and mobile form factor, plus the ability to use the productivity apps they already know and use every day.
Not that my family is necessarily a great tech bellwether.  However, I found it interesting that despite all the buzz from Apple, they made a pragmatic choice based on a pretty specific use case.  It makes me think that many small, medium, and even large enterprises might come to similar conclusions as they weigh similar choices.
Don’t consider this any sort of definitive information or final word, but rather some additional data points from both mobility insiders and relative newbies – several of whom seem to be finding what they’re looking for with the Microsoft Surface.

This blog also appears on the Framehawk blog.

Sunday, January 13, 2013

What last year tells us about enterprise mobility in 2013


People turn to vastly different sources to predict the future.  A crystal ball.  Tea leaves.  The Mayan calendar.  Industry analysts.  Those sorts of things.
For IT trends, I like to look at patterns from the past year.  It may not be 100% foolproof, but we all know how the predicted Mayan end-of-the-world thing turned out, so I figure it’s worth a shot.
Here are some things we wrote about in 2012 that I think are going to play a big part in shaping enterprise mobility in the year we’ve just started.
In 2013, I think:
Mobile device innovation will be marked by incrementalism.  Tablets and touch-based smartphones already exist as categories, and they now seem to be evolving, rather than shaking the industry to its foundations with every new announcement.  The iPhone 5 announcement didn’t revolutionize the phone.  The iPad Mini filled in a form factor that someone else had tried first.  Neither shocked the world.  In fact, they both drew some collective yawns at the time.
This trend will continue.  Devices won’t create new categories, but rather fill in all the holes and niches in the market that look like they might work.  Some actually will.  Given some of the sales numbers I’ve heard, the iPad Mini is already proving this to be true.
New ways of looking at enterprise mobility will get increased visibility. The existing approaches weren’t built with mobility in mind.  It’s going to be rough to retrofit.  Application development for new platforms isn’t free.  So, organizations will look for compelling new alternatives.
For example, Gartner helped coin a term for a new category last year – workspace aggregators – for one of the new software approaches to mobilizing applications.  It’s still very early days, but 2013 should see a bit uptick in interest and attention for new alternatives to things like VDI and existing attempts at enterprise mobility.  I'm betting workspace aggregators will be one of the innovations in the center of that discussion.
Microsoft will begin to make its mark on mobile, but not necessarily how the market – or they – expect.  The folks from Redmond announced and delivered the Surface last year to a bit of fanfare as well as a bit of skepticism (including from some of us here at Framehawk – though not our CTO).
It’s a pretty tricky offering.  It’s certainly not as simple as the iPad, but maybe that’s the point.  2013 will be the year that Microsoft has a real impact on this space.  We’ll start to find out whether they are playing the right game, or whether it’s going to be rough going.  I’ve seen at least one glowing review of the Surface Pro coming out of CES already.  I’m betting on a slow but steady bit of progress into enterprise mobility for them, as they try to weave mobile into their existing business model.
Actual usage of the new iPad, iPad Mini, Microsoft Surface, and others will begin to make some waves -- industry-shifting waves.  While the tablet category isn’t brand new, it’s having a real impact:  PC sales are down.  And, tablets are causing workers themselves to evolve and change the requirements for how they want to use their devices and do their work.  IT is facing a choice as to whether they want to just “pave the cow paths” by simply letting things happen, or do a strategic re-think about what these devices mean – and how they can best be included in the enterprise environment, regardless of whether they are corporate- or personally-owned.
Speaking of ownership, BYOD will continue as a red-hot topic.  Enterprises will have to give up ignoring it or going through bizarre contortions.  IT will have to address BYOD head-on.  Phones are one thing, but it will become especially important to sort out BYOD policies for tablets.   It might take lawyers.  But IT will be best served making the answer low-touch for the employee and non-disruptive.  These employees of theirs are just trying to do their work in new, more effective ways, after all.
The question for 2013 will be how to make untrusted devices secure enough.  “Trust” for mobile devices was certainly on peoples’ minds last year (and definitely goes hand-in-hand with BYOD), but some clear paradigms will likely shake out this year.  Mobile device management (MDM) in its current form will be seen as only an early step into mobile-enabling an enterprise.  Eventually.  I’m betting the MDM vendors will still have a great year, but enterprises will start to realize that a broader answer would be better.  The MDM vendors already realize this.
When it comes to mobile application development, there will still be lots and lots of questions.  Organizations will continue to question whether they should re-build or modify existing apps for mobile access.  And what approach they should take for brand-new applications.  There are lots of options that need evaluating still.
Oh, and the  HTML5 honeymoon will be over.  Facebook very publically turned its back on HTML5 this year and decided to build their system as a native app.  Salesforce did the opposite.  Many, many enterprises will be able to get a lot of benefits out of HTML5.  They certainly would like to.  They just have to realize it’s not the silver bullet they crave for mobile application development.
As for Framehawk in particular, we have big things planned.  In 2012, we came out of stealth, picked up a “Peoples’ Choice Award” at the Under the Radar event, and one of our customers (UBS) had some great recognition for the work we’re doing together.
Hopefully, this is all just the beginning.  We have big plans for 2013 and expect that when it comes to mobility, most enterprises do, too.  Watch this space for more details about us, and commentary on the fast-moving enterprise mobility space as the year progresses.
And check back next year at this time to see if we were at least more accurate in our predictions than the Mayans.
This post also appears on the Framehawk blog.

Tuesday, January 8, 2013

One thing enterprises can't compromise on: mobile security


The latest in our series of 7 dos & don’ts for bringing enterprise applications to iPads is likely so self-evident – and important – that it probably should have been listed first.
The topic is mobile security.  No surprise.  In fact, not thinking about how to avoid unauthorized access and data breaches would indeed be a serious (and job-threatening) confession from anyone in IT related to a mobile project.
Here’s what our CTO and co-founder Stephen Vilke recommended in our recent webcast:
DON’T even think about it if it’s not secure.  That goes for both hardware and data.
While IT is often driven by end user expectations – especially when dealing 
with mobile devices – security is still an
 IT mandate. Naturally, enterprises wanting to make use of tablets, smartphones, and the like will
 have more stringent security requirements than those provided automatically by consumer devices.
Stephen went to great lengths to emphasize that it is an absolute must for IT to properly secure both an organization’s data at rest and data 
in motion.
 Ideally, no data should be stored on the mobile device itself. Instead, newer technologies can ensure that no data leaves your data center. Sophisticated communication protocols should be leveraged to provide a mobile connection to enterprise systems without the physical transfer of data between device and network.
On the hardware side, because most tablets lack USB ports and DVD drives, at least
 one element of security is easier to manage than for conventional laptops (although this may change in the future). However, in addition to being easier to misplace, tablets’ portability and desirability make them obvious targets for theft.
As a result, robust encryption and password enforcement are critical to ensure data security, and tracking and remote wipe can be important to make sure that lost or stolen devices do not lead to major breaches of confidentiality or disclosure of sensitive information. And given the rate of change, IT has to be on top of the latest, while remembering a few of the things from the past.  Says Stephen:
 “As companies develop security and mobility strategies to deal with these devices, it is worth bearing in mind the lessons we learned from managing laptops, and how we thought about securing those devices way back when. 
“There are now more attack vectors than ever for the bad guys, so having policies, standards, and guidelines around security are a must.  Education is key only if it’s enforced. This goes from two-factor authentication (2FA) to sensitive client data to VPN connections to credentials storage. 
“The tablet is forcing us to build on what we’ve learned before and to rethink what needs to be secured – and when.  Tablets won’t be powerful enough for the foreseeable future to run edge-point analysis, intrusion detection, anti-virus and yet still supply the user with app functionality. We (IT) crippled hugely powerful machines to the point of 10-minute boot times – these tablets have no chance. However, their simplicity offers new strategies – these need to be thought out.”
If it’s not obvious from these comments (or previous blog posts), Stephen sees security as one of the most important issues in enabling tablets in your enterprise IT environment.
It’s no surprise, then, that we’ve wrapped strict security measures into everything we’re working on here at Framehawk.  In fact, we've taken some new approaches to enable a whole new level of security for applications that will be mobile-enabled.  For more on the architectural differences that make security a big differentiator for Framehawk, you can start with this white paper (registration required).
To read more of our CTO Stephen Vilke's perspectives on enterprise mobility, you can download “Confessions of a CTO: 7 Dos & Don’ts for Bringing Your Existing Apps to the iPad,” the companion white paper to this series of blog posts and our recent webcast (registration required).
[This post also appears on the Framehawk blog.]