Blog archive - Febuary 2012

Over the last few years the key incumbents of the mobility value chain and enterprises have sought to address the issue of mobility adoption in the business segment. This has steadily seen progress and enterprise mobility now steps into the DNA of the technology roadmap for organizations. With the promising advent of mobility in the enterprise space, the ecosystem of mobility has developed in a parallel manner. The networks and devices, which form the key layer of the ecosystem, have become more conducive and dependable for enterprises to conduct business over. Security, at both network and device levels has been addressed to a compelling level. Innovative and cost efficient ways of deployment and implementation have taken center stage in the equation. Cloud hosting and SaaS has driven the required momentum to effect engaging adoption levels. In the last few years, smartphones and their computing powers have become the driving force for the overall growth of mobility and sustainability through the consumption of data products and services. Although, with this newer challenges have arose in the enterprise mobility segment. Companies have slowly, albeit steadily, started to weigh the possibilities of allowing personal liable devices in their premises. This has given rise to growing heterogeneous environment, as not only the form factors, but the underlying operating systems of devices undergo upgrades consistently. Another development that we have experienced in the enterprise mobility situation is the eagerness of business units adding mobility applications for their employees across the board. What was earlier restricted to field employees like the sales personnel or the field service employees, has now permeated into a multi-level user group environment. All these developments in recent times have warranted the need of Mobile Application Management (MAM) – considered to be the next paradigm movement in the enterprise mobility market. With the influx of multiple applications catering to multi-level users has created the requirement of efficiently developing, deploying and managing these applications. The situation of a diverse device environment has only made this need more urgent and extremely necessary. Applications will prove to be the drivers of productivity and ROI for enterprise mobility as work processes get seamless and efficient. However, ensuring that they are developed in an agnostic manner, deployed in an efficient way throughout the organization and managed efficiently – along with policy settings, usage standards, real-time monitoring and reporting, has become of pivotal importance. Companies, both from the device management side and application middleware vendors, are stepping in to provide solutions that will assist IT managers to manage their mobile applications environment. However, the key is to seek a comprehensive solution that can manage the lifecycle of applications and not just pieces or stages of it.

Both Apple and Google are working to merge the computer world (MAC/PC's/Desktops/Laptops) with the mobile world (Tablets/Smartphones) with iOS and Android/Chrome respectively. Over the past couple of years, the world has seen the smartphone and tablet market grow rapidly. At the heart of that growth is three simple factors - mobility, simplicity, convenience. In terms of mobility, smartphones and tablets can be taken everywhere, and traditionally, the smaller smartphone more so than the larger tablet. However, both mobile devices are obviously more portable than a laptop - a factor which has played a large role in their success. The simplicity of clicking on an icon to check facebook or look at email has also played a huge role. In fact, one of the major factors in Apple's success of their iOS products is their ease of use. Finally, most consumers like the convenience of being able to quickly check these things and respond without having to take the time to stop, take out their laptop, and log onto a website. Laptops/desktops differentiate from tablets/smartphones as the focus is on content creation as opposed to content consumption. Although there are some apps that let you edit pictures, work on spreadsheets, create presentations, etc. on mobile devices, most people still need the advanced software (Office, Photoshop, etc.) large screen, full keyboard, and mouse functionality. Finally, we've seen the growth and instant success of "cloud services" through iCloud, SugarSync, Amazon, Dropbox, and others. The general concept behind the success of cloud services is content availability. Consumers want to have access to all of their documents, photos, email, music, videos, etc. available on any and all devices that they own. The idea of "seamless syncability" of content has made it into mobile devices, and through apps like the aforementioned cloud services companies made it into computers - to a certain extent. The next logical question is "Why can't computers have both the simplistic interface that smartphones have, yet still be used for more advanced software?" The answer is "they can". I believe that Apple and Google agree, which is why they're both interested in bridging that gap. Ultimately, we will still continue to have desktop computers and laptops, however, the software running on them will likely change in order to provide consumers the capability to download pictures, work on a spreadsheet, and check email on their home computer, then open up their mobile device and have everything look the same with the same content. What's after that? Likely dummy devices - all with web-based operating system - that anyone can log into and immediately pull up their profile, content, and settings. Similar to what many enterprises have been using for years in "roaming profiles" where multiple employees share office computers. When they log in, their files, desktop settings, etc. all show up. Web-based operating systems could do that on a global scale.

It was recently announced back in March of 2011 that the DMARC (Domain-based Message Authentication, Reporting & Conformance) organization, consisting of AOL, Facebook, Cloudmark, Linkedin, Band of America, PayPal and other leading organizations, proposed a new operational specification for the current email authentication infrastructure. In short, the proposal would ensure that email senders can prove they are indeed the true originator and receivers can take appropriate actions if the email is spam, junk or should just reject the email all together. The grand scheme of this new specification is to simply reduce or even eliminate spam emails, permanently. So will this new email authentication protocol actually work? Interestingly, the new proposed changes are borrowing two fairly old email authentication technologies that have not been widely adopted by many companies and organizations, specifically the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) frameworks. Taking a deep dive approach, I will give you an overview of what they are about, their weaknesses and their flaws as a stand-alone solution: SPF allows owners to specify IP addresses tied to a list of computers that are mapped to a domain name (for example, host computers I designated as authorized email senders on the Domain Name System (DNS) for ben.com, will only been seen by the receivers). However, it has a problem with handling forwarded email messages. This occurs when the sender changes to another ISP and simply begins forwarding emails from their original email address to other non-specified server. With the lack of end-to-end authentication, there is no true way to determine the authenticity of incoming emails as to their origin. Also, spammers can take advantage of SPF’s weakness by forging email addresses and registering those records into DNS servers in order to pass SPF checks. The other issue here is the belief that SPF acts as a spam filter, when it does not. SPF only detects forged emails and so there is still the need to have endpoint security solution on receiving hosts. More importantly, SPF is still considered experimental and is still in its development phase, according to the Request for Comments 4408 (RFC). DKIM relies on public key cryptography based on a sender email authentication framework. This includes the digital signature, a domain name, and email contents (header and body). DKIM (usually installed in the email server) signs or encrypts the message using a private key. The public key is stored in the DNS servers where the receiver can retrieve and validate the signature by using the public key for genuineness of the sender. The whole point is to ensure that the email has not been modified in any manner and trust is attained between sender and receiver. Problem: Forwarding once again poses a problem for DKIM. If an email using DKIM is signed, but then forwarded to another mail server (such as a Blackberry server), the message will become modified with added tags (i.e., “Sent from my Blackberry device.”). The end result will be a false positive flag given to the receiver in that the email was compromised and will most likely result in a rejection of the message. Also, in terms of availability and performance, CPU and RAM resources need to be considered when cryptographic functions are being processed on very large volumes of email. DNS servers themselves are prone to DDoS attacks, causing delays and even worse, data loss. DMARC will attempt to close these two gaps. It will improve the assurance and guidance between the sender and receiver in order to manage failed email messages and reduce or even possibly eliminate spam and phishing attacks compared to today’s current standards. What I see as a problem in the future is lack of adoption and the persistence of spammers circumventing this new proposal. Although many leading companies have joined in, it will take a long time until all mail and DNS servers become standardized with this new protocol, mostly due to smaller organizations with lower capital adopting at a much slower rate. Email attackers could also still create a genuine DMARC complaint email for phishing attacks if crafted carefully. How DMARC will actually address this is yet to come. Nevertheless, this is one positive step in addressing an old problem that has been a thorn for almost everyone in the world.

BlackBerry smartphones with 7.0 and 7.1 operating systems were recently awarded FIPS 140-2 certification by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC). While the FIPS 140-2 and Common Criteria certification were expected deliverables from RIM, there are some important takeaways from the announcement: Security Still RIM’s Bread & Butter. FIPS 140-2 is a security standard used to accredit devices or modules that include both hardware and software components. In both the US and Canada, FIPS certification is required before a device can be used by a government agency. These are expensive processes to complete, both in terms of financial expenditures and resources, and RIM’s recent accreditation demonstrates a continued level of commitment to industries such as government, financial services, and healthcare which inherently disseminate highly sensitive information. With 7.0 & 7.1 blackberry devices and the PlayBook now certified under the FIPS program, government agencies and other highly regulated verticals are more apt to deploy an expanded RIM product portfolio. Reinforces RIM’s Commitment to Government Sector. There has been speculation that some government agencies have become increasingly concerned over the long term viability of RIM. This has been fueled by highly publicized network outages, questions on blackberry’s future OS roadmap, and the company’s overall financial stability. Some analysts have even suggested that RIM may be phased out of certain government agencies as quickly as practical. The reality, however, is that RIM maintains an extremely strong government foothold with over one million active North American government users. Scott Totzke, senior VP of BlackBerry security at RIM, has indicated RIM continues to see 'steady and incremental growth’ in the federal sector in terms of new subscriber acquisition and refresh business. Churn rates are substantially lower in government then other verticals. Moreover, the recent security certifications only reinforce RIM’s commitment to the sector, so RIM’s foothold is unlikely to deteriorate any time soon. Competitive Environment Intensifies. Nevertheless, the mobile device landscape is evolving and it is inevitable that federal agencies will increasingly evaluate alternatives to blackberry such as Android and iOS devices. The Department of Defense, for example, has developed a secure kernel for the Android 2.2 OS with FIPS 140-2 capability and is currently testing a variety of customized applications. Military contractors, Harris and Intelligent Software Solutions (ISS), are actively developing applications for the iPhone, iPad and the Android platform. The diversity of mobile devices and overall competitive environment will only continue to intensify and, although adoption may move slower then what we have seen in other vertical markets, a more heterogeneous mobile environment in government is inevitable. How can RIM Maintain Strong Government Foothold? RIM’s announcement of Mobile Fusion was an acknowledgement that RIM (finally) came to terms with the growing diversity of mobile devices in the enterprise. Similar to the early days of mobility in enterprise, RIM was once essentially the only ‘game in town’ for government employees. However, times have changed. Thus, it is critical that RIM stay ahead of the curve in the government sector and be proactive rather than reactive with respect to evolving trends toward device diversity. RIM currently has a number of enterprise beta customers for BlackBerry Mobile Fusion, however, none yet in the federal sector. So some advice for RIM: Leverage your existing foothold in government by continuing to emphasize and enhance core competencies such as advanced security capabilities and commitments to the most stringent security standards, but stay ahead of the curve by aggressively moving forward with Mobile Fusion for Government.

This blogpost first appeared on Social Media Today. ======================= Janrain and Gigya Ease the Pain of Password Amnesia with Social Login, While Providing Rich Profile Data to Publishers and Brands No doubt you’ve visited some of your favorite websites and forgot your password. And we all know that the ‘Forgot your password?’ is still another nuisance because it requires having to create a new password – which hopefully you’ll remember. Enter social login: the option to ‘Sign in with Facebook’ or ‘Sign in with Twitter’. I recently had a chance to catch up with the two largest providers of this social plugin functionality, Janrain and Gigya, to discuss what this means for marketing, publishing, and beyond. For some insight into consumer adoption of social login, Janrain conducted a study with Blue Research, and learned that a whopping 86% of consumers are bothered by registering at a website, and four in five people are frustrated by the need to create new accounts when registering on a website. Further, 88% admit to having given incorrect information or left forms incomplete when creating a new account at a website (I admit: I’ve done this in the past), and 9 in 10 people (versus 45% in the 2010 study) admit they have left a website if they forgot their password or log-in info, instead of trying to recover their password. The ability to login using an already-familiar username and password – one’s social network credentials, such as those for Facebook or Twitter – could ease the pain. Indeed, according to the Janrain study, almost eight in ten people want social login to be offered as an alternative. The Bigger Picture, and Bigger Data But for marketers, social login is only one small part of the story, as I learned from these companies. Social login, along with its associated plugins, feeds, and analytics, provides access to a rich trove of data which can be used to fuel marketing strategies, advertising creative and ad serving, and content and product recommendations. As we all know, feedback, opinions, and endorsements drive sales, and what better to draw from than a user’s social graph? Social login contributes to a growing set of solutions known as social CRM. While in traditional CRM, sales and customer service professionals are responsible for updating the database and populating it with information that leads to more sales or higher customer service levels, social CRM uses social media, and the information collected from public-facing social networks, to capture data about customers and prospects. Analytics are added to this data to predict behavior, and then the company can decide to engage, interact, and ultimately drive them to sales channels. Counting tweets or Facebook wall posts certainly helps companies understand how their brand and products are received in the market (I recently completed a study on the social media monitoring solutions market, which should be published shortly), but having access to the complete social profiles of the people doing the tweeting or Facebook updating is far, far richer. As such, Janrain and Gigya are on the forefront of the social CRM revolution. As they have advanced analytics products beyond social login, they are well-positioned to integrate their solutions and add a layer of data that can drive overall marketing, content, and product strategy. ‘Social profile data is an emerging category of data, and delivers more insights into registrants and clients,’ notes Lisa Hannah, director of marketing for Janrain. Clearly, marketers have a significant opportunity to increase conversion rates and online engagement by replacing traditional registration with social login. Both Janrain and Gigya have data about increased engagement, interactivity, and conversion by users who have brought their entire social graph into their web experience. Gigya has an infographic here about social login and site engagement. However, if the social networks’ API’s are free (for the most part), why would a company need to engage a provider like Janrain or Gigya? ‘This is not set it and forget it technology,’ explains Victor White, senior marketing manager for Gigya. ‘Clients do not have full-time developers or engineers to ensure that this technology can be implemented and maintained, and it saves them a lot of time in development resources.’ Both companies’ pricing is on a sliding-scale SaaS. Not for Everyone The downside, of course, is that not everyone uses social login – perhaps because they are OK with remembering yet another username and password (23% of the respondents in the Janrain survey think that websites should not offer social login instead of a traditional registration process), or they are aware that their social data would be shared and are concerned with privacy. Another downside is that in certain industries or sectors, social sign-in just doesn’t work. Would you sign in to your online bank account with Facebook? Hardly. The B2B space will see a slower uptake of social login, as personal information scraped from a personal Facebook profile most likely holds little value in B2B or professional services markets. However, a ‘Sign in with LinkedIn’ functionality is available, and while we haven’t really seen much of this – yet – I expect we will. Salesforce.com also has an open API, and interestingly, a ‘Sign in with Salesforce’ option might also become pervasive in the B2B space. Social login is global, too. Gigya has relationships with Mixi (Japan), Orkut (Brazil), and VKontakte (now rebranded VK.com, in Russia) for access to social profiles and data. Fascinatingly, Chinese social network RenRen has an open API, and is also on board. (So much for the secrecy of social networking in China.) Finally, the ultimate purveyor of social CRM is perhaps Google. With the launch of Google+, and including data combed from activities on YouTube, Google Docs, Picasa, Maps, and other applications and sites – all through the ‘social login’ of a Gmail account -- Google is building perhaps one of the largest social CRM databases. As such, Google had social login figured out quite some time ago.