Bring your own device (BYOD)

October 23, 2012

The 10 Danger Signs of a Failing IT Project – webinar on Oct. 30

Learn the red flags you should watch for in major IT projects. I’ll share with you insights about identifying and responding to problems in management of IT projects.

Join me in this free one-hour webinar on October 30 at 10 AM Pacific time.

Register here

“Bring your own device” (BYOD) is the latest watchword in corporate IT. For mid-sized companies and organizations, how should we think about mobile Apps? Are we ready to embrace them?

Back in the good old days (before the iPhone, for example), companies only worried about laptops and their applications, and about lost BlackBerrys. Applications did not change more than once every 3 to 6 months at the most frequent, so IT departments could spend a fair amount of time vetting the applications before deploying them for use at the office and away from the office.

Now, everyone has a smartphone and everyone wants to use one for access to the company’s databases. This opens up a lot of security and usability issues. Here are some of them:

Security – Can unauthorized people get access to the databases?

Portability – Will access from a smartphone compromise the effectiveness of the data because input is less reliable?

Accessibility – Will access from a smartphone make it difficult for the user to read or use the information?

Now that the Apps are in a small portable device, we have to worry about both old and new threats to security:

Spam – unwanted messages coming into our network

Phishing – malware injected into portable devices and crooks getting access to valuable data or login information

Data leaks – loss of valuable data by accident

Lost devices – loss of the mobile device itself, together with its data and login information

Should I try to control the Apps? The answer is yes and no. Yes, make sure that you thoroughly test Apps that are to be used to access corporate data. And no, don’t prevent people from downloading what works for them. If and when you run into problems with a particular App, you can always ban its use. Of course, this means that you should monitor which Apps are being used.

How can I avoid disaster? Here are a few general principles:

Develop a list of trusted partners & suppliers for mobile Apps. Also develop an in-house capability for testing and verification of operation (and problems).

Also develop a program of training for everyone who uses a mobile device for accessing corporate databases. Make sure they understand the company policies about access and sharing of data.

Perform regular review of security policies and procedures. The policies don’t have to be extensive, but they should be clear and enforceable. Don’t try to enforce policies related to activities that you can’t monitor.

When introducing new capabilities, start by rolling out a new App on a small group first. Monitor the new App more closely than you do for mature Apps, and make quick corrections when there are problems.

We are at the beginning of the mobile device era. PCs will have less and less influence on the future of IT interactions, while mobile devices will have more and more influence. There is no way to stem this tide, so you may as well embrace the mobile devices and their Apps.

Filed Under: Agile Management, Painless IT Tagged With: cloud, collaboration, IT business alignment, IT management, IT operations, mobile, Operations, risk management, smartphone, software

What do I need to know about mobile devices and social networks?

October 10, 2012

Mobile devices and social networks are the fastest-growing trends in today’s world of IT. Even though most of us have a smart phone and may have a Facebook account, we may not have perspective on what’s happening inside the device & the network. Here is a review of key things to know about mobile & social, and a list of security issues to think about.

Mobile devices

Smartphones are still telephones, they allow you to communicate by voice with people on other phones using the cellular telephone network. The cell network covers most of the world, but not everywhere. There will be places where you get “no signal.”

In addition, a smartphone is a complete personal computer, with all the complexity that this implies. There is an operating system, a network data interface, and all of the application software (apps) that you have decided to run on the smartphone.

Your voice and your data may or may not be carried over the same network. For example, when your smartphone is near a WiFi base station that it can connect to, your data will be sent and received using that WiFi path rather than the cell network.

Your basic phone subscription fee doesn’t include data transmission, so you’re paying extra to get data service for your phone. And unless you’re very lucky, you don’t have unlimited data access. If your data usage goes over a limit, you will pay extra.

The designers who made your smartphone have worked hard to overcome the constraints of the phone, compared with a PC: the small size of the screen, the absence of a keyboard, and the need to maximize the battery life. As a result, you’re learning to deal with the digital world using your fingers in a new way.

Extra security issues:

Your smartphone is connected to the cell network all the time. As long as it’s switched on, even when you’re not talking, it is communicating information about where you are back to the network every minute or less.

While you’re using data services of your smartphone, it may switch from a WiFi network to the cell network and back automatically. This may have implications for how much you’re charged for data, particularly if you’re overseas.

Communications with WiFi networks may be vulnerable to being overheard by other devices and are not as secure as the voice network.

Everyone who uses a smartphone has a certain amount of personal usage. After all, we all get personal phone calls, receive personal emails & text messages, and browse websites that are not business-related. So if you’re concerned about employees using their company-provided smartphones for personal goals, quit worrying – they will.

Personal usage also includes music listening and video viewing which can load the data network greatly. You may need to consider limiting the amount of bandwidth (data network usage) that people in your company use – at least while they’re connected through the cell network.

Your smartphone has a GPS device built in. So it “knows” where you are all of the time. In addition, the location information it has can be shared with any App running on the smartphone. Make sure you want your location information to be shared in this manner. If you don’t, change the settings on your phone to turn off the GPS location sharing.

Similarly, pay attention to the fact that the web browser on your smartphone keeps a browsing history. This history may be visible to running Apps on the smartphone.

There are some new apps that have strong security boundaries (see, e.g., a new startup called kumoso.com). Explore apps like these if you are concerned about the security of your communications.

Coming soon: ads & spam

Have you noticed that you’ve started receiving junk text messages? I have, and I’m sure it won’t be long until we get spam in many forms on our phones. Beyond emails, it will include text messages, unwanted pop-up ads in the browser, maybe even unwanted calendar items.

If you’re managing a corporate network of smartphones, you’ll need to add the mobile devices to your list of possible targets for spam and malware. Get filters (software) that will help keep this stuff off of your mobile devices.

Social networks

Social networks, including Facebook, Twitter and LinkedIn, are now being used by nearly everyone who has either a PC or a smartphone. There can be many advantages to using social networks, including:

• having quick access to status information on your colleagues

• posting short information to a large number of connected colleagues who need it (such as via Twitter)

• connecting with new people using colleagues who are already in your network (such as through LinkedIn)

• sharing articles and notes with people who may find it interesting and useful

Here are few things to consider as you indulge in social networks:

1. You have decided that your need for connectivity exceeds your need for privacy. You actually want to hear from your friends & colleagues about what they’re up to, what they need, what they’ve done or read. You don’t mind if what you share with them can be seen by anyone who cares to look you up or to Google your name.

2. You don’t mind that your history (what you’ve posted, poked, tweeted & connected to) is a public record. Always assume that you cannot erase anything you’ve posted or tweeted. The online record of social media is now a popular way for exploring vulnerabilities or skeletons in the closet of people who are lawsuit targets. Potential employers may search for your tweets to see what you’ve been saying before they offer you a job.

3. You don’t mind being open to well-targeted ads. The more you share online, the more the advertisers have access to what you’ve expressed an interest in. They will use this information to make their ads closely match your interests.

Summary of security issues

Be willing to receive all the incoming messages, texts and tweets that are in store for you.

Make sure you want the exposure in a public record of what you’ve shared with others. Think before you tweet – this may be a permanent record.

New webinar series

October 30, 10 AM: free one-hour webinar, “The 10 Danger Signs of a Failing IT Project”

November 13, 10 AM: free one-hour webinar, “How to Save a Failing IT Project”

I’ll share with you a lot of the insights I’ve gained over the last 30 years in identifying and responding to problem in project management and other aspects of getting things done in implementing IT capabilities.

Join me in a two-webinar series on IT Projects, coming up on October 30 and November 13. The first webinar covers the red flags you should watch for in major IT projects, and the second one gives more details about how to save a project that looks as if it’s headed for failure.

Filed Under: Agile Management, Painless IT Tagged With: browsing, GPS, IT business alignment, IT operations, malware, mobile, public record, risk management, security, smartphones, social networking, spam, text messages

What’s different about mobile apps?

August 27, 2012

The adoption of smart phones across a wide cross-section of the world has opened up a new arena for business application software: mobility. This article outlines what’s different about mobile “apps” – and what remains the same as desktop PC software.

Small screen

In the world of media (such as movies), the big screen is in a movie theater, the small screen is a television set, the smaller screen is on a PC, now the tiny screen is on your mobile phone. While you may be able to watch a movie on a mobile phone, you can’t expect to interact with business software the same way on this tiny screen as you do on a PC.

On the other hand, you’re not always sitting in front of your PC. But your mobile phone is nearly always at hand, so this makes it attractive as an “always on” device that you can use for interacting with your business.

Since the introduction of the Apple iPhone, the underlying operating system software of the smartphone has had nearly all of the capabilities of a PC operating system, with one exception: only one app can run at a time (up to now).

Aren’t mobile apps and PC applications the same?

Some characteristics of apps are the same as for PC. For example, apps must be developed to match the specific operating system found in the smartphone. This means that a iPhone app has to be deliberately designed for the Apple IOS system, an app for a Samsung phone has to be designed for the Android system, and so on for Nokia and Blackberry apps.

The people who develop apps have to use a development environment (a bunch of software tools) specific to the target OS, or else use an environment that is “cross-platform,” so that their resulting app is adapted to the target OS. There are many of these cross-platform tools. If you’re interested in them, see http://en.wikipedia.org/wiki/Mobile_application_development .

Other restrictions

Each target operating system may have other restrictions, such as the requirement that all apps for the iPhone be reviewed and approved by Apple. This makes the job of the developer harder if he is trying to make an app that runs on any phone.

A mobile app is software that runs on the phone and uses the underlying operating system to perform certain functions, such as interacting with the user and communicating with a website or the telephone system. Some of the functions available in a smartphone are unique to the mobile environment, such as being able to find out where the phone is right now from the GPS.

Browser-based interactions

Just as with a PC-based user, one way to implement business functions is to use a browser to access a server offering the functions. In fact, a server can implement both PC and mobile versions of its user interface in order to offer the same – or nearly the same – features to both PC-based and smartphone-based users.

One of the current developments in browsers is the HTML5 language, which allows a single software package to offer adaptable results that can make mobile/PC apps easier to move around to different phones and/or PCs.

Of course the designer of the user interaction has to be aware of the size of the screen.

What about security?

Whether an app is PC based or smartphone based, security is still an issue. And moving the functions into a browser-based app in a server does not take care of all the security issues, either. We’ll take up the question of security in a future blog entry.

For more information about app development, here’s a link to one of the commercial companies that do mobile application development.

Filed Under: Painless IT Tagged With: apps, development process, IT development, mobile, operating system, product development, smartphone, software, user interaction