What’s Up Whatsapp?

News of Facebook’s acquisition of WhatsApp prompted me to visit WhatsApp‘s website to get their perspective. What surprised me most was that, rather than featuring an announcement about the acquisition, it had a blog post that boldly proclaimed: “We don’t sell ads.”

This post, written by co-founder Jan Koam, rides high on a self-congratulatory victory lap of a company fighting against the evils of personal information collection and unwanted advertising. However, this is in stark contrast to the fact that they just sold themselves to one of the biggest advertising engines since Google in the digital age. So one has to ask: “What’s up WhatsApp?” Is your supposed raison d’etre as empty and untenable as Google’s “Don’t be evil”?

Koam writes: “At every company that sells ads, a significant portion of their engineering team spends their day tuning data mining, writing better code to collect all your personal data, upgrading the servers that hold all the data and making sure it’s all being logged and collected and sliced and packaged and shipped out … And at the end of the day the result of it all is a slightly different advertising banner in your browser or on your mobile screen … Our engineers spend all their time fixing bugs, adding new features and ironing out all the intricacies in our task of bringing rich, affordable, reliable messaging to every phone in the world. That’s our product and that’s our passion. Your data isn’t even in the picture. We are simply not interested in any of it.”

Well, that is going to change quickly once they are part of one of the biggest aggregators of personal information on the planet. This post and pending acquisition raises two points worthy of addressing.

First, as much as the high ideals of the technocracy would love to shun advertising for ever, it is one of the primary models of business around the globe. It also works. That’s not to say it isn’t without problems, but, if it didn’t work, it wouldn’t attract the money and attention it does. It creates a cycle that connects businesses and buyers. It also allows for the subsidisation of many of the free and great services that have sprung up in the digital age. It is infantile to think otherwise. There is no such thing as a free lunch.

Second, the post supposes an advertising model akin to the dotcom days of advertising. That of banner ads that take up precious screen real estate with limited targeting capabilities. The world has moved on technically and so should our thinking. It conveniently doesn’t address the ability to deliver a contextual experience based on the capability of connected devices. Mobile devices provide a first layer, the internet of things will take this even further.

My issue with Koam’s post isn’t that he wanted to get away from banner advertising, it’s that all he could imagine is a world of dumb, static, barely targeted ads. In fact, his post only further perpetuates this very outdated form of digital engagement. What would be more helpful would be to provide a vision of a company that changes the advertising experience altogether. He would do better to demonstrate a service that matches product and person with such alignment that it isn’t an inconvience or irritant.

This vision for the future of advertising would be for something that wasn’t a constant visual nuisance. These ads, better termed as offers, would appear at the right time and in the right place. Mobile and other connected devices of the internet of things can easily allow for delivery during the correct connected experience.

Your personal data is the new digital currency. It is true, as Koam writes, that “when advertising is involved you the user are the product”. In lieu of paying directly for our services, we are offering our personal information and usage patterns as currency. These services do collect this information and use it to advertise to you. But you should use this currency wisely and give it only to companies and services that offer not only superior functionality but also superior offers.

What we need isn’t more high ideals or more blatant boring broadcasted advertising, but a healthy mix that demands a more intelligent blending of the two. If companies such as Google, Facebook and many others continue to collect more and more information about our every movement then how, when and what they present to us as ads should be more intelligent as well.

Benjamin Robbins is a co-founder of Palador, a mobile strategy and solutions consultancy in Seattle. Follow him on Twitter @PaladorBenjamin. He is a speaker at this year’s Changing Media Summit 2014.

(Originally posted on The Guardian)

The app headache you can’t afford to ignore

It’s Tuesday at 9:13 a.m.—do you know how many cloud apps and services are being used within your organization? I’ll give you a hint: it’s way more than you think. A recent survey by cloud service monitor company Skyhigh found that it is significantly higher than most suspect. As Nancy Gohring explained the findings, “On average [Skyhigh] customers use 545 cloud services. That’s a far cry from the 40 or 50 apps that most CIOs…think their employees use.”

These cloud services with their native apps represent the frontier of the consumerization of IT where employees, emboldened by their ability to dispatch apps and services at will, are en masse changing the landscape of enterprise technology. However, this shift in acquisition of technology by the end user has not let IT off the hook for managing and securing the corporate network and its associative data.

Progressive organizations that want to encourage, rather than hinder, the spirit of consumerization need to cover certain bases to make sure that users are enabled in a secure and managed fashion without limiting the user experience. One aspect of security that should remain firmly in the domain of IT management is user authentication and authorization.

As the number of apps and services increases for the average user, managing app access represents a significant security and convenience issue. There are two major issues caused by this overwhelming use and reliance upon apps that access the plethora of available cloud services. First, it is a pain for users to have to constantly re-enter user credentials. This inconvenience will wear on the users and they will look for less than secure shortcuts to avoid this. Second, and most importantly, it is a governance and security issue for not only IT, but organizations as a whole. Organizations need to maintain a full picture of what is being accessed by who and when.

Many users approach cloud applications in one-off manner. They are often forced to create a user name and password for each service. Oftentimes these usernames and passwords are too simple, get lost, and are forgotten. They are also not centrally managed. Organizations with little awareness of the vast number of services being used by their employees have no idea what data is coming and going. They are also unable to mitigate any security threats for a given service. Lastly, when a user departs an organization it becomes a challenge to revoke access to the myriad services they had access to.

It is precisely these issues that a group of experts in the security industry has come together to attempt to solve. I had the chance to speak with one of these leaders, Paul Madsen of Ping Identity, who will participate in the working group that has formed within the OpenID Foundation. Called the NativeApps Group, or NApps for short, the group is working on developing a Native Single Sign On (SSO) protocol for mobile apps.

As Madsen related, the end goal of NApps is a standardized protocol that would allow a Token Agent on a mobile device to seamlessly manage authentication and authorization across all applications on that device. What Native SSO will mean to organizations is that there will be an interoperable ecosystem of different apps and back-end services, all built by different vendors, that will be able to communicate and leverage the same security protocol for authorization and authentication.

A mobile app that wanted to leverage the NApps Native SSO standard would be designed to interact with the Token Agent on the device and routinely check for the appropriate token to approve or deny access to app functionality. If no agent is present, the app would automatically switch back to the service’s current proprietary capability.

What would the Native SSO user experience be like? The example that Madsen used was that upon accessing your first enterprise app each day, the Native SSO Token, branded with your enterprise look and feel, would open. Users would log in to the Token Agent with their Active Directory credentials. This authentication will happen at the enterprise and not some other third party. The credentials would follow the same strength and expiration policy as set up by the IT department. After users entered their username and password they would be passed securely to the enterprise identity server. After validation the identity server would pass back security tokens to the TA; these would be valid for a given period of time, say twenty-four hours. Once in possession of these tokens, the TA would use them to obtain the necessary security tokens for the business applications, and provide the user seamless access to mobile application services such as Box, Dropbox, Concur, Evernote, or on-prem applications.

This experience differs from current Single Sign On (SSO) standards or deployments in two regards. First, the apps for which SSO is enabled are native applications rather than browser-based. Second, NApps is looking to define an open standard and resultant ecosystem of interoperable implementation. This has a huge advantage in that it doesn’t lock an organization into a single vendor’s paradigm.

So, how soon before something like this is available for enterprise consumption? Madsen told me that NApps is currently kicking off in the OpenID Foundation. They hope to have a draft specification late this year, which a variety of vendors will likely implement against. Madsen hopes to see a ratified standard to follow six to nine months later.

Some of the biggest hurdles that face the emergence of this much-needed service in the enterprise are competing interests by vendors and app developers. Without the availability of a native SSO service, mobile app vendors have little incentive to integrate into this model. This will change, however, as NApps is currently supported by such cloud leaders as Salesforce and Box. Enterprises, with greater control over their own apps, will be able to implement this sort of solution on a much faster basis once it becomes available.

The proliferation of apps and services within any single organization is a security issue that should not be taken lightly. Organizations that have a holistic understanding of information access and flow will be in a position to avoid opportunistic and careless data breaches. Those who fail to position themselves in the modern world of consumerized services in the enterprise will continue to have their risk profile increase.

Benjamin Robbins is a co-founder at Palador, a mobile strategy and application consultancy located in Seattle, WA. He can be followed on Twitter @PaladorBenjamin.

 

Enterprise Mobility is No Game

EA games (Electronic Arts, Inc.) recently released Plants vs. Zombies 2. Plants vs. Zombies has to be one of my favorite games to play on my mobile device. For those of you that don’t know, Plants vs Zombies is what’s known as a tower defense game. The object is to eliminate enemies as they attempt to cross a map. This is done by strategically placing artillery, mines, walls, etc. in the path of the approaching enemy. In the case of Plants vs. Zombies, instead of artillery, players place objects like pea-shooting plants to defeat zombies as they try to reach your house and eat your brains.

 
This follow-up to the extremely popular first version achieved over 16 million downloads in less than a week. However, there is one catch—it’s only available on iOS. For those of us on the Android platform, which by the way has almost 80% of the global mobile market share, we are out of luck. And with no Android release date in sight, non-iOS users are left in the lurch (bad zombie pun intended).

There are definitely financial reasons for this approach with consumer apps. For example, iOS users spend more money on apps and in-app purchases. Also, many organizations are allowing consumerization practices to influence business methodology and decision making. However, this single OS approach to app development should, categorically, not be followed by the enterprise.

Enterprise app development must take a very broad device approach. In the world of Bring Your Own Device (BYOD) there is no guarantee what devices employees will show up to work with. In order to achieve the most return on your mobile investment you should aim to support the most number of users. The allure of the simplicity and controlled nature of devices’ homogeneity is a limited strategic approach. The popular device of today will be replaced by the next cool device of tomorrow. This will lead to a never-ending cycle of playing catch-up that will be cost prohibitive.

Enterprises need to anticipate supporting the vast array of ever-changing devices on the market. Combine BYOD with the notion of the Internet of Things, and enterprises have even stronger justification for a diverse mobile approach. Anything short of a heterogeneous approach to mobile devices, apps, data, and management will paint your mobile strategy into a digital corner where you will be stuck waiting for the paint to dry.

When it comes to mobile app development, how can businesses overcome and address an ever-expanding ecosystem of device proliferation? There are platforms available for developers that do a decent job of bridging the gap between the different mobile operating systems. Platforms such as PhoneGap, Appcelerator, and Sencha allow developers to write the application in a single language that then compiles to a native app. There are some drawbacks to this approach. As much as we love the development process to be write once, use many times, cross-platform development tools still require some tweaking per OS. However, these platforms will get you 95% of the way there.

Your device management strategy needs to be heterogeneous as well. While Samsung and the upcoming iOS 7 release will offer device management and enterprise services, a single platform approach to managing devices is a step in the wrong direction. This convenience of built-in services that are vendor-based is greatly outweighed by the need to have an enterprise mobility management strategy that is flexible for the future. Organizations would be better served to explore one of the many mobile management solutions available to support a wide variety of devices, have app management, and ultimately provide information management.

As hardware diversity increases, organizations need to not only display data on various devices, but also collect data from an ever-increasing range of devices. This could include IT infrastructure, manufacturing equipment, and even display cases. The cost of embedding Internet connectivity is approaching negligible. With this hurdle removed, the matrix of connected devices in an organization is only going to grow. Is your organization prepared for this sort of dynamic addition of mobility? Are you thinking A to Z or just Apple and Android?

The consumerization of IT does not have to mean that the enterprise takes every aspect of the consumer approach and translates it directly into a business strategy. Enterprises that approach BYOD as BY-iOS-D will find they have a left-out and frustrated user base alongside an inferior position for the future. Like tower defense games such as Plants vs. Zombies, organizations need a broad heterogeneous strategy to anticipate and manage the onslaught of mobility. The inability to predict new devices and methods of connectivity necessitates this approach. There is and will be no single dominant mobile end point. Why play like there is?

 
Benjamin Robbins is a co-founder at Palador, a mobile consultancy located in Seattle, WA. He can be followed on Twitter @PaladorBenjamin.

Adoption is Not the New ROI

Recently I have attended several conferences that have focused on mobile and consumerization. A recurring theme has come up, either onstage or in conversation, that when it comes to mobility, “adoption is the new ROI.” There is this sense that if we can just get people to use a particular app or service, it will be good for the business, and a return will just invariably follow. It is also often claimed that, in the case of mobility, measuring success or return is too difficult or not possible. Therefore, it is believed, we should focus our efforts instead on just getting people to use the technology and not concern ourselves with establishing a return. However, using adoption as the measuring stick of enterprise mobility spend and success is nothing short of fiduciary recklessness buoyed by sheer laziness.

Measuring return of a technology project isn’t just the practice dictated by the outdated IT department. It is the natural output of a well-thought-out project. It is simply the quantitative correlation to the qualitative question of why. Any technology project needs to be able to answer the question of why. Why is this a viable project for the business? What is the desired outcome? How is this going to make end users more productive? If you can answer why, it can be measured. The technology that follows consumerization cannot be used as an excuse to abandon asking why.

The sole purpose of an enterprise is to make money. Consumerization has not changed that. It has made great strides in altering how we go about supporting that purpose, but it has not, and never will, replace it. Getting people to use technology is not enough. It has to be the right technology. It has to support the overall business goals and objectives. A lot of people performing a particular action is not the same as the right people performing the right action. Technology has to advance the underlying business objective. No amount of adoption will overcome misdirection.

Using adoption as a measure of return is an indication of piss-poor planning. Projects should include your end users from the start. If you are wondering whether your users will adopt what you’ve built then you’ve already failed. There should be no question in your mind what you are building will be adopted because the decision to do so wasn’t done in a vacuum. This fact alone should make adoption a silly measure of return. If you have thought through the why, then adoption will be a no-brainer.

Also, just because the reason for return is difficult to measure doesn’t mean we should abandon it altogether or offer up a poor substitute. In the end, mobility, or any consumer tech, is technology just like any other. Enterprises have a responsibility and a right to demand an accounting of how budgets were spent and how it affects the bottom line. Your project may not have a direct impact on the bottom line, but it can’t just be technology for technology’s sake. It has to support a business process or users that do. It should make a difference and improve how users get their job done.

Measuring ROI is going to take a partnership between business units and IT. This is because the lines of business seldom have the technical expertise, analytical skills, or monitoring capabilities to measure a return on a technology project. Even adoption itself can rarely be measured by an individual business group with any more accuracy than a show of hands or gut feel of how many people are using the new solution.

As much as BYOD and the consumerization of IT have meant a new frontier for businesses, it can’t mean a mobile and technology free-for-all. In the end, consumerization is not about relinquishing all sense of technical and financial responsibly to the end users, but about partnering with those in the know to build the right solutions. The lines of business end users know what they need and IT should (hopefully) know how to support and measure it.

Consumerization shouldn’t drive organizations to fall into the average consumer’s irresponsible spending and tracking habits. Instead it should demand an ease of use of technology in the enterprise that aligns with the goals of the business. It should encourage a partnership between those with the business need and knowledge and those who have the technical competency. Both IT and the line of business should, without hesitation, be able to answer the “why.” Most importantly, when a business spends a dollar it should understand the return.

 

Benjamin Robbins is a co-founder at Palador, a mobile consultancy located in Seattle, WA. He can be followed on Twitter @PaladorBenjamin.

 

 

ICYMI – Panel: Mobile Apps – The Danger of Making Security an Afterthought

The BYOD phenomenon has resulted in the need to accept personal mobile devices on corporate networks with the expected security risks. Listen to the panel of experts as they discuss the top of mind issues for security officers:

– technical approaches to identifying security vulnerabilities
– methods of embedding security into the application life cycle
– research efforts to ensure application security technologies keep pace with latest threats and vulnerabilities
– approaches for scaling testing across an enterprise

The panelists:

Benjamin Robbins, Principal, Palador (moderator)
Diana Kelley, Application Security Strategist, IBM
Brian Katz, Director and Head of Mobility Engineering, Sanofi
David Rogers, Founder, Copper Horse Solutions Ltd

I’m Not a Mobile Freak After All

Last week I lamented in the The Myth of the Mobile Worker that working mobile-0nly at a mobile conference was akin to being in the freak show at the circus. However, as luck would have it, I got a chance to speak with not one, but two individuals who work almost exclusively mobile this past week. From these conversations I was able to glean some great insight and commonalities between our approaches to working mobile-only. Check out Collective Wisdom – Mobile-Only Strategies  on The Enterprise Mobility Forum to see what I learned. Post a comment and let me know how you approach working on your mobile device.

Benjamin Robbins is a Principal at Palador, a consulting firm that focuses on providing strategic guidance to enterprises in the areas of mobile strategy, policy, apps, and data. You can follow him on Twitter or connect on LinkedIn.

Live from MobileCON!

I am in sunny San Diego this week for the newly branded MobileCON (formally CTIA App and Enterprise conf). Stay tuned for news and updates!

Symantec – Delivering the ‘Easy Button’ of Mobile App Management

As organizations mature in the mobile space and realize that they need more than the bludgeon of device management, they begin to look at more refined solutions of app and information management. A distant cousin to device management, but functionally more refined, app management allows organizations to control the portals to corporate information; mobile apps. Today at MobileCON 2012 , Symantec is making announcements that further remove barriers for enterprises and mobile app developers to develop, deploy, and support mobile app management. These announcements will continue to enhance Symantec’s position as a mobile app management leader.

The first announcement is Symantec is rebranding Nukona App Center to Symantec App Center Ready. (If you are unfamiliar with the Nukona solution, check out the three part interview I conducted pre-acquisition with then CEO, Chris Perret of Nukona; Part I , Part II ,and Part III.) Symantec App Center Ready allows app developers the ability to add enterprise security without any source code changes. This is a massive advantage in enabling a hassle –free security solution. Symantec App Center Ready provides app developers global visibility of their efforts, while at the same time assuring enterprises a secure context. This rebranding will take effect immediately.

Second, Symantec is creating a way for partners in their ecosystem to gain recognition as a mobile solutions provider. Symantec announced the Mobility Solution Specialization for partners. This will provide partners with training, marketing, and funds to deliver trusted mobile solutions. This partner specialization will be multi-tier (gold, silver, bronze) giving partners a way to distinguish themselves in the marketplace. The Mobility Solution Specialization will be available for partners in Q4 of this year.

Lastly, Symantec is helping enterprises remove the confusion of purchasing decisions around enterprise mobility management. Instead of organizations needing to choose between device or app management, enterprises will now be able to have a single, comprehensive security solution for the device, app, and data layers. Called the Mobile Management Suite, Symantec will offer a single package that will deliver all those mobile management pieces under a single license. The Mobile Management Suite license will be on a per user basis rather than per device. This will mean huge savings as mobile devices per user, such as a tablet and smartphone, grows. Symantec will offer the Mobile Management Suite starting now for $122 MSRP per user per year.

Enterprise mobile initiatives, such as BYOD, are quickly driving organization to identify and implement refined approaches to mobility management. End users are no longer content with the draconian and heavy-handed device management approach to security. In this more civilized age, organizations that can find an easy and adaptable path to a secure environment will flourish. Symantec is providing the means for developers and IT to quickly and easily deliver that refined experience to the enterprise for the secure environment of the future.

What do Dr. Seuss and Enterprise Mobility Have in Common?

Dr. Seuss imagined some fun and zany worlds that kids for generations have enjoyed. This fun filled world provides the backdrop for this weeks mobile-only post. Check out how our real world approach to mobility often mirrors that imagined world of Dr. Seuss in There’s a Data Socket in Your Pocket on the Enterprise Mobility Forum.

Benjamin Robbins is a Principal at Palador, a consulting firm that focuses on providing strategic guidance to enterprises in the areas of mobile strategy, policy, apps, and data. You can follow him on Twitter or connect on LinkedIn.

When Android, Apps, and iOS Collide

Mobile apps and operating systems have come a tremendous way in the last several years. However, we are still a ways off from a consistent and seamless ecosystem as we move from device to device and app to app. For my mobile-only post for this week I discuss the challenges I face when moving large files between Android and iOS and how we need to arrive at an ecosystem where getting the task done shouldn’t  be hindered by OS or apps. Check out The Square Peg Round Hole Mobile Ecosystem here on the Enterprise Mobility Forum.

Benjamin Robbins is a Principal at Palador, a consulting firm that focuses on providing strategic guidance to enterprises in the areas of mobile strategy, policy, apps, and data. You can follow him on Twitter or connect on LinkedIn.