I just spent the week in San Francisco at the RSA 2012 security event. All the usual suspects in the security arena were in attendance. It seemed to me that the #1 theme of the show was the issues around bring your own device (BYOD). Enterprise end users are doing everything they can to be productive, and that has lead to buying their own phones, tablets and applications to get their job done. Security professionals are scared as hell about the risks of corporate data moving to unmanaged devices. Every security company is looking for a solution to let employees BYOD while insulating the corporation from risk.

Ironically, I've been using a Blackberry Playbook for a few months now. I actually carried it around the RSA show floor to show customers Frost & Sullivan’s video capabilities. It did that well. Blackberry has bet a lot of time, effort and focus on this device and the hard work is evident in the finished product. Blackberry markets the Playbook as an enterprise tablet, and the hardware is really well done.

When the Playbook was first launched, my initial reaction was that the lack of a native e-mail client was "Stupid". I was flat out wrong. Perhaps the most interesting feature of the Playbook is the Blackberry Bridge. Supporting a breadth of devices is expensive. Employees running around with huge amounts of corporate information on their personal device, then leaving it at Gourmet Haus Stadt, Cava22, or any other bar is a security nightmare. RIM has figured out a way to solve that problem.

RIM has designed the Blackberry Bridge so it can tie a Playbook to a corporate managed blackberry smart phone. A users that buys itself a Playbook simply installs the bridge application on their smartphone, then takes a picture of a quick response code displayed on the Playbook and the devices are linked. Apple is eating everyone's lunch in the IT world largely because all their device "just work" together. RIM has emulated that perfectly, Playbook and my Bold just work.

The process can be further simplified if BES administrators push the bridge application out to all their users proactively. We recommend that BES administrators push the bridge application to all their Blackberry smart phone users. BES Administrators should make it easy for their users to BYOD a Playbook. We feel that tablet users on a Playbook are much less of a security risk than users with another brand of tablet doing enterprise tasks. Why do we say that?

Once a Playbook is linked to a Blackberry smartphone with the Bridge application, all e-mail, files, or other corporate data that is accessed through the Bridge is stored in an encrypted partition of the Playbook. If the user loses the Playbook, but doesn't lose their phone, whomever has the Playbook cannot access the corporate data. If the user loses both the phone and the Playbook, the BES administrator can use the BES tools to disable the phone, and by proxy disable any access to the corporate data on the Playbook. Its the kind of IT elegance that makes administrators happy. It’s the kind of security that lets corporate risk officers sleep at night.

Unfortunately the Playbook isn't without its blemishes. It does a lot of enterprise tasks that I want to do, browse the web, show customers presentations at trade shows, play angry birds on a plane, but its lack of native enterprise apps becomes obvious very quickly.   There aren't enterprise apps available for Frost & Sullivan's CRM system or other leading CRM systems. Major conferencing and collaboration vendors have native apps for iPad and in some cases android tablets. The business application category on the App World cupboard is quite bare. RIM is at a critical crossroads right now, they can't make many more missteps. Additionally RIM has some very strong application development capabilities. We see developers 1st writing for iOS, then Android, then rarely for Playbook. With RIM's focus on enterprise, it may be a good strategy for RIM to develop certain key enterprise applications on its own and give those apps to the relevant stakeholders.

Playbook OS 2.0 was released just before RSA, but the Blackberry Bridge has been solving RSA 2012’s biggest issue for over a year now. To reiterate, Bridge just works. Bridge solves one of enterprise’s biggest problems of the day. Blackberry lets users BYOD, without creating undue risk. Administrators should want end users to BYOD the playbook. The ball is now in RIM’s court to make end users want to BYOD the playbook.

Liquipel announced at CES that it has a nano-coating that will help make cell phones splash resistent.  We've seent that water damage and physically broken screens are two of the top reasons that phones get returned for warranty replacement. 

The big question to me is, "Why?".  It is virtually impossible to buy a man's watch which is not waterproof to hundreds of meters.  I SCUBA dive and I've never been below 100 feet nevermind 100 meters.  Manufacturers of other devices seem to get it.  Pentax makes an amazing point and shoot camera that is more or less everything proof.

When RIM was the #1 vendor of smart phones and its devices had almost 40 buttons it was clearly difficult to build a device that would keep out water.  Now that touchscreen phones with almost no buttons are becoming the norm, a cell phone should be able to laugh off a few drops of water from a cold beverage, I should be able to answer a call in the shower (although I promise I won't), and if my kid drops the phone in the pool, it should survive a trip to the shallow end. 

Smartphone manufacturers, please get with it, we all want our devices to be water resistant.

Is Google's rumored announcement of "very, very large" Google Apps customers the first death knell for Enterprise Hardware vendors like Avaya, Siemens, Alcaltel Lucent, even Cisco?

The rumors are reported here http://www.mercurynews.com/top-stories/ci_19531412

Imagine a world where a typical desk worker uses Google Apps for productivity, Google Talk for chat, UM and video conferencing, and they access those services through an Android phone, an Apple tablet, and either an inexpensive laptop or a MacBook. For voice calls, they use their smartphone’s native calling, or maybe even Skype or a Google talk application. That world may not be that far away. Companies that have relied on comfortable revenue streams from expensive desktop phone products and core systems seem to have missed the boat. Tight integration with super capable employee owned devices, like iPhones or Android phones, may deliver better UM integration than the incumbents can deliver. Low, predictable costs will give employees devices that they want to own and carry everywhere.

Apple's model of native applications frees enterprise of many of the security risks that have plagued Wintel machines for decades, and Google's cloud model, layered on top of these applications allows enterprises to deploy tightly integrated productivity apps easily, quickly and inexpensively.

To me, the missing piece of the puzzle is SalesForce. The various SalesForce tools along with the ability to buy prebuilt force.com applications or build your own enterprise applications is a critical piece that is missing from Google Apps. Were Google to partner up with SalesForce (or even buy them....) companies could run their entire enterprise on a reliable, predictable cost, platform with real delivery of the CEBP that current enterprise vendors tout.  Will Google partner here, or try to develop a platform to compete with force.com?

Although a key watchword of the 1990s was CTI (Computer Telephony Integration) it never really worked right and never recognized its potential. When you next see an ad for a mobile phone, listen for the specs. Dual Core 1Ghz Processors, 64 Gigabytes of Storage, 4G mobile networking, 802.11 b/g/n, it’s not a phone, it is not a limited handheld computer. It is a powerful mobile computer. It makes no sense to think about integrating the laptop to an expensive desktop phone system, the integration is already done and it’s not integration between a laptop and a desktop phone, it is integration of the smartphone with itself by way of the native applications.

We live in a time of economic uncertainty, if you listen to the bears, this will be the case for some time. Enterprises are being forced by young people entering the workforce to provide mobile work solutions so they have to deploy smartphones. Those same enterprises are looking for places to save money, and spending to deploy desktop IP phones, spending to deploy an IP PBX, and then spending on people to maintain those superfluous products will all look like attractive costs to cut.

Is my vision upon us or a pipe dream? My colleague Alaa Sayeed is still quite optimistic about phone shipment growth in his World Enterprise Telephony Platform and Endpoint Markets which can be found here. http://www.frost.com/prod/servlet/report-toc.pag?repid=N942-01-00-00-00 . That said, these deals could be game changers.

All that said, the role of the "land line phone" will never go away completely. Professionals in carpeted environments will demand mobility, but many environments will benefit from fixed devices. Retail, manufacturing, warehouses, hospitality, hospitals all look for tools for mobility, but even ruggedized devices get lost and broken. Many employees and customers in these spaces need a communications device that they can always find and use in a specific spot. The big question is, can our traditional enterprise hardware vendors evolve quickly enough to keep up with the dynamic nature of companies like Google and SalesForce that have embraced tight integration with mobility and deliver it through cloud based services or can they survive on the increasingly niche markets that will still want fixed telephony? 

Thanksgiving is one of the biggest travel days of the year, and for my family that means a weeklong trip to visit the grandparents at their home in Alpine CA. For those that don’t know California geography, Alpine is a very small rural community about 40 miles east of San Diego. While San Diego may be home to some wireless superpowers, the mountainous, rural terrain of Alpine is tough on mobile reception. My parents’ home, a long narrow stucco house perched on the edge of the Cleveland National Forest is a worst case scenario for getting work done using mobile devices.

In the past I have tried multiple solutions to enable work from this hostile environment. They have ranged from using Cisco’s IP communicator on my laptop, to taking advantage of T-Mobile’s UMA calling features on my Blackberry. This year I planned ahead and was able to procure an AT&T 3G Microcell to do things right.

Upon arrival in Alpine, we got the AT&T 3G Microcell out of the box. It is a very attractive Cisco unit, with a striking white and orange enclosure. We followed the instructions carefully and the unit exhibited the flashing green lights as explained in the instructions. Although the quick start guide had easy to follow instructions for the physical connections of the 3G Microcell, there was one key issue. The instructions I received stated to visit “att.com/3gMicrocell-activate”. However, typing this address into the browser bar redirects to the main AT&T wireless page. Perhaps I received an old set of instructions. After some searching, browsing, swearing and guesswork, www.att.com/3gmicrocell took us nicely to a page where the device could be activated.

The quick start guide states that once it is all connected that we should wait 90 minutes while the 3G Microcell configures itself, downloads firmware updates etc. We waited dutifully, and waited and waited. Eventually, nothing happened. We left the 3G Microcell to its own devices for 24 hours and still nothing.   After that we tried multiple iterations of cycling power and different connection Ethernet wiring configurations. Eventually, one final cycle of power and everything worked great.

A brief site survey of the house showed us that the full area of the 3400 square now got a full five bars. Calls immediately connected and voice quality was fantastic.

In my mind, users in rural settings really have two legitimate options for solving poor service issues. One they can use a Picocell solution as covered in Frost & Sullivan’s World Femtocell and Picocell Market study http://www.frost.com/n8ba or they can use a tool to make calls over WiFi like T-Mobile’s UMA feature or Skype. There seem to be pro’s and con’s to both solutions.

Picocell Pro’s as offered by AT&T’s 3G Microcell

• Calls are made on the native 3G network.
• Calls roam seamlessly from the 3G Microcell to the AT&T 3G network.
• You don’t need to pay an additional plan fee to use the Microcell.
• The 3G Microcell has strong security. Only whitelisted users can make calls on your 3G Microcell and use your backhaul.
• The 3G Microcell has well thought out 911 capabilities with built in GPS.
• Device connectivity is managed centrally from a web site without having to touch the users’ phone.

Picocell Con’s as offered by AT&T’s 3G Microcell

• AT&T generally requires the user to purchase the 3G Microcell equipment.
• You use your plan minutes when talking on the 3G Microcell. Good when you are using unlimited minutes, but bad if you are making a call that costs minutes or incurs a toll.
• An additional “Unlimited Microcell Calling” feature must be purchased to avoid using minutes.
• Users need to be careful of their device’s data settings to be sure that their device is using their WiFi connection for data not the potentially more expensive 3G connection. This is always true, but with the 3G Microcell activated, users may now connect to the 3G network for data where they used to only have WiFi service.
• AT&T limits the number of devices that may be simultaneously registered to the 3G Microcell to 10.

T-Mobile UMA WiFi calling Pro’s

• UMA calls do not draw down plan minutes or incur additional toll fees.
• UMA calls work over any WiFi connection. Users take advantage of the service at home, or when traveling.

T-Mobile UMA WiFi calling Con’s

• In my experience roaming from UMA to the 3G network always fails and calls are dropped. Users must plan very carefully when they initiate calls to avoid dropping important conversations. The tools provided on my BlackBerry Bold are functional, but not necessarily easy enough to use in this regard.
• Voice quality is generally good, but does not seem to deliver the same QoS as the picocell solutions.
• WiFi must be configured on the users device for every new site.

All in all both solutions solve the issue of poor 3G network coverage at a given site. In my experience the 3G Microcell is a much better solution for business users who cannot afford to drop calls as they move from site to site. The UMA calling features, or even using a Skype client on a smart phone are a passable option for consumer users who are focused on toll avoidance or minimizing their plan costs. The set-up of the Microcell was no more confusing or complicated than setting up a WiFi router. From a business perspective, the 3G microcell management is attractive because one does not need to touch the device itself.

The AT&T 3G Microcell is a very elegant solution. It solves a real problem faced by many users. It is easy to use and configure. It has huge safety advantages due to the 911 functionality especially for uses that have no land line. All those things said, I think AT&T, and other carriers are being somewhat greedy in how they handle billing. The customer is providing backhaul, and in many cases the customer must buy the equipment. It seems fair to me that since the customer is covering the capex and opex spend that they shouldn’t have to pay for minutes or data.

ZDnet recently wrote a good article about how Facebook passwords aren't entirely case sensitive.  In a nutshell Facebook identified that sometimes users accidentally activate their caps lock before typing a password.  Facebook recognized that since passwords are obfuscated on the screen that the user doesn't know the caps lock is on and their password gets rejected.  Now, Facebook doesn't want to frustrate uses so they decided if a users types in a password where every character is reverse capitalized, but the characters are correct, that it will accept the password. 

Facebook also recognizes that some mobile devices "help" the user by capitalizing the first letter of a sentence so those devices sometimes automatically capitalize a lower case letter at the start of the password

Short story, you have at least two valid, maybe three passwords for Facebook.

From a security perspective, this means that a brute force attack will break the password somewhat faster.  Practically the password security strength hasn't changed.  Facebook has other technologies to help identify fraudlent login attempts that backup the username and password so today Facebook users can be pretty confident in their security as long as they follow password best practices.

What are the long term implications?

Obviously facebook wants to avoid inconveniencing users by resetting passswords.  Facebook as identified at least two instances where the password system issues a false negative.  How many other potential issues are there?

Good passwords have upper and lower case letters, alpanumeric symbols and are at least 8 digits long, or waaaaaay longer if you've read this.  Facebook is my friend and has realized that I access my account from my mobile device so Facebook is already helping me out by ignoring an accidentally captialized 1st letter.  What's next?  On my blackberry the number keys are activated by an alt button.  Is Facebook going to start accepting the letter "w" instead of 1? What if I fat finger the shift key instead of Alt or the "sym" key instead of shift?  What about Alt instead of shift?  The combinations and permutations of accepted passwords jumps from three to many dozens. What other plausible errors can users make?. 

Facebook has really embarked on a slippery slope.  I want good security to be as easy to use as possible and eliminating false negatives is a noble goal.  That said, Facebook is becoming way more than a nice way to share pictures.  Facebook is seeing good traction with its Facebook Authentication service.  It is pretty critical that companies that take advantage of Facebook's federated identity service realize that Facebook has made what (in security circles) is considered to be a strange decision to reduce the strenth of all its users passwords.