Category Archives: Information Management

ICYMI – Panel: Mobile Apps – The Danger of Making Security an Afterthought

SecurityAfterthoughtThe BYOD phenomenon has resulted in the need to accept personal mobile devices on corporate networks with the expected security risks. Listen to the panel of experts as they discuss the top of mind issues for security officers:

– technical approaches to identifying security vulnerabilities
– methods of embedding security into the application life cycle
– research efforts to ensure application security technologies keep pace with latest threats and vulnerabilities
– approaches for scaling testing across an enterprise

The panelists:

Benjamin Robbins, Principal, Palador (moderator)
Diana Kelley, Application Security Strategist, IBM
Brian Katz, Director and Head of Mobility Engineering, Sanofi
David Rogers, Founder, Copper Horse Solutions Ltd

Leave a comment

Filed under Apps, Ecosystem, Information Management, Mobile, Security

What do Dr. Seuss and Enterprise Mobility Have in Common?


Dr. Seuss imagined some fun and zany worlds that kids for generations have enjoyed. This fun filled world provides the backdrop for this weeks mobile-only post. Check out how our real world approach to mobility often mirrors that imagined world of Dr. Seuss in There’s a Data Socket in Your Pocket on the Enterprise Mobility Forum.


Benjamin Robbins is a Principal at Palador, a consulting firm that focuses on providing strategic guidance to enterprises in the areas of mobile strategy, policy, apps, and data. You can follow him on Twitter or connect on LinkedIn.

Leave a comment

Filed under Apps, Information Management, Mobile, Mobile-Only, Security, Strategy

The Desire for Enterprise Mobility

Yesterday there was a prolific (almost heated) exchange on Twitter regarding the correct use of enterprise mobility acronyms. Enterprise mobility has introduced an entire slew of acronyms into IT speak; BYOD, CoIT, MDM, MAM, MIM, EMM, etc. (*see below for the key).  However, the specifics of the Twitter exchange, and who is right and wrong, is not what I want to focus on. Instead, I want to take an historical approach as to why these new terms are emerging and how we should respond.

The dominant compute paradigm is changing. The birth of enterprise computing began with mainframes. A mainframe was a mysterious beast that was housed in an unknown place and did unknown things.  It was the ultimate black box. It was almost magical. The mainframe and our relationship to it was wonderfully personified as HAL 9000 in the film 2001 A Space Odyssey. A mainframe was cold, distant, and powerful. It acted in ways we didn’t fully understand.

As the dominant compute paradigm changed from the mainframe to the PC, so too did our relationship with computing. The PC was something we physically could see and touch on a daily basis. Computing went from something we shared to something that we individually owned. When it didn’t do what we wanted it to do we could swear at it and bang on the side of it. However, the PC was something we left at the office each day as we drove home “packed like lemmings into shiny metal boxes” (virtual high five to anyone who can name that reference without using Google). We had a relationship with our PC, but it was bounded by office hours.

But now, with mobile devices, we never part with our computing device. We live in an anytime, anywhere always connected world. My relationship to this device is more intimate than ever. Not only is it physically with me at all times, but the device itself carries social status and social value. What phone you have says as much about you as the clothes you wear or the car you drive. The social circles you are a part of are determined by what apps you use. Your ability to keep connected to friends is dependent upon your mobile device. Many of us are in constant fear of losing our mobile device because of the pictures we’d lose of our kids or places we’ve been. The list goes on and on of how personal the mobile device has become. This will only increase as time goes on. We have stumbled into a culture that is intertwined with our new devices and in turn these devices are stumbling into the enterprise.

This desire for mobility is turning enterprise computing on its head. Not just from the fact that the devices are different but precisely because of our intimate nature with it. The desire to have these mobile capabilities and connectivity in our places of work represents the prime mover in our need for new acronyms. It is the spark that has caused the flame. The terms and idea behind BYOD and CoIT are desire driven. I want my device with me. I want to use it to do work. I like the device I have – hence BYOD. Beyond that, I believe my mobile device and apps makes my life easier and therefore I want it to displace clunky, confusing, and complex IT – this is CoIT.

This desire for mobility in the enterprise is also driving a second ideological change; enterprises and their IT staff want to must manage and secure digital assets in a mobile milieu. Since mobility easily breaks down and dissolves our traditional notion of a network, aka a fence, we are struggling to keep up with building new fences that keep everything properly corralled. Every time we think we have the right size fence, mobility busts through and we chase on after it. It is precisely because of this that we have the second half of the alphabet soup – MDM, MAM, MIM, EMM. At first we thought we could just corral the devices – MDM, then the apps – MAM, then the data – MIM, and so on. We have to keep setting the posts further and further out.

I do think that precise definitions are important, but expecting everyone to be on the same page with terminology for a paradigm so new is not practical. For better or worse, most people have connected BYOD with the desire to have our mobile devices at work and MDM to represent the need to manage the aftermath of that desire. The job of those of us who have a higher than average interest in the industry should be to first, focus on guiding enterprises in the most efficient and cost effective way to meet the desire for mobile devices in the enterprise and second, help identify all security threats so that enterprise management vendors can build the correct fence(s). I think constructive debate around these motifs is healthy and worthwhile. We should share what we know of success and failures. We should be at the forefront of recommending best practices. We mobile champions should work together to bring this new compute paradigm to maturity.

*Acronym Key

  • BYOD – Bring Your Own Device
  • CoIT – Consumerization of IT
  • MDM – Mobile Device Management
  • MAM – Mobile Application Management
  • MIM – Mobile Information Management
  • EMM – Enterprise Mobility Management

Benjamin Robbins is a Principal at Palador, a consulting firm that focuses on providing strategic guidance to enterprises in the areas of mobile strategy, policy, apps, and data. You can follow him on Twitter or connect on LinkedIn.

6 Comments

Filed under Apps, Information Management, Management, Mobile, Security, Strategy

Enterprise Mobility – Data in the Driver’s Seat – Part I

This is Part I of a two-part series on the importance of data in an enterprise’s ability to effectively enable mobility for users. The first part covers the necessity of a solid data management foundation and the second will explore how that foundation drives the app ecosystem.

Besides email, can you name your three most valuable data sets in your organization? If a new data set is created do you have a process to bring it under management? Do you have audit capabilities? Do you know who is accessing your data sets? When discussing the various popular topics of enterprise mobility such as BYOD, Consumerization of IT, Mobile Device Management (MDM), and Mobile Application Management (MAM), the topic of security – especially data security – is always top-of-mind. The idea that one of your most valuable corporate assets is potentially running around on insecure devices is enough to induce a panic attack for many IT professionals.

A lot of mind-share has been devoted to the idea that data, not devices, is of paramount security and management importance to enterprises. Lost or stolen data represents the greatest risk to your organization with mobility. Mobile Information Management (MIM), as a technological solution, is seen as a pinnacle of enterprise mobility management. While I subscribe to the idea that MIM is the desired destination for mobility management, MIM must sit firmly atop of the best practices of data governance. Data governance is often assumed but not discussed or, at best, only briefly mentioned. It is a practical house-keeping exercise that, while mundane, will produce the optimal atmosphere for the success of Mobile Information Management. Data governance is the idea that data is formally managed in an enterprise and adheres to a life-cycle process as would any physical asset in your business. The idea of data governance seems almost too obvious and simple to bother to discuss, but I am always amazed at the number of organizations that I help advise that have very limited data governance practices. Perhaps it is the seemingly ever-changing nature of data. Perhaps it is due to rogue data creation. Perhaps it is just sheer laziness. Whatever it is, mobility presents an opportunity to only compound the effects of poor data governance. That is why this is so important to raise as an issue. Mobility represents another technology layer for access, consumption, and creation of data. Without the proper data governance processes in place, organizations are at risk of piling additional complexity on top of an already lacking process. This will only create more opportunity for data dispersion and exposure risk.

Data governance should be approached as a process issue and not as a control issue. It is far too easy for users to create their own data sets. This is exacerbated further with the services available to users through mobility. If you create a process that works for users rather than against them, your chances of success are greatly increased. Where data resides and how it is conceived might change, but a robust process will be flexible enough to adapt to these changes. This doesn’t need to be an over complex, heavy-handed process. Communication and education are your best and primary tools. Your goal shouldn’t be how to tightly control data but rather developing a network of those who take an active part in ‘owning’ and curating the data.

If you currently lack any process for data governance you could easily begin with performing a high-level data inventory – better to start simple than have nothing at all. A simple data inventory consists of:

• A central record of all data sets
• Who currently ‘owns’ it
• Should it be backed up

There are many more elements that one could collect but this basic data inventory will get your organization to a baseline. Once you have this baseline established you can begin to collect more refined attributes, but more importantly, develop process and community around adds, edits, and deletes to data.

It is most important to remember that a technical solution is a poor substitute for a process. Mobility has activated our imagination and allowed us to see just how easy access and exposure of data has become. It has jolted our senses and brought data security to the forefront of the mobile discussion. But, MIM, as it is often discussed in the public sphere, is a solution and not a process. Its effectiveness is heavily reliant upon good data governance being firmly in place. MIM should be the technology applied to a well conceived process. Technology will never be the solution to bad process. When it comes to your data this is no exception. How good of a handle do you have on your data? Where do you think the process could be improved? Do you think that data governance is overkill? Post a comment and let me know what you think!

Benjamin Robbins is a Principal at Palador, a consulting firm that focuses on providing strategic guidance to enterprises in the areas of mobile strategy, policy, apps, and data. You can follow him on Twitter or connect on LinkedIn.

6 Comments

Filed under Information Management, Mobile, Uncategorized

Nukona brings Mobile Information Management to the Enterprise

I stopped by the very busy Nukona booth at CITE and got a chance to catch up with their CMO, Brad Murdoch. Nukona, as of last Thursday, has introduced Mobile Information Management (MIM) into their platform. This is fantastic news for those of you who are following the evolution of mobile devices in the enterprise as MIM is the next logical step.(see also Brian Katz’s coincidentally timed post on MIM)

Nukona’s Mobile Information Management functionality is currently limited to viewing content such as PDF’s and videos (sorry no Office docs yet), but it does so in the same secure container that the apps run under. Best of all, it does so in the same container that apps are managed under. This means that you can dynamically apply policies to documents the same way you can apps.

Nukona’s MIM functionality has lots of room to grow, however this is definitely a step in the right direction for enterprise mobility. You can expect to see some great additional features in this area in the future. Nukona offers a free version -so you have no excuse to not check it out: http://www.nukona.com

Here is a screenshot:

image

2 Comments

Filed under Apps, Information Management, Mobile