Crossing Things Off Your To-Do List and Staying In Control While Mobile

Eureka Light Bulb

Now that we understand why it is so difficult to be productive while mobile, in this third post we turn to a potential solution to this frustrating problem.

For several years now, enterprise software has been designed and built to run inside the corporate firewall, accessible from any web browser inside the company network. This made things so much easier – easier for IT to manage and deploy a single installation rather than software on every desktop, easier for a user to be able to use a company desktop, later a company laptop, and now a personal laptop or computer from home.

Those same systems that are so much more connected and convenient than software on our desktops are preventing our mobile devices from being more useful. Mobile devices can’t easily connect to portals and file repositories behind the corporate firewall. The result is that all those systems must be redesigned to work for mobile. So, how can I access the information that I need to cross things off my to-do list when I am mobile?

Redesigning existing systems is costly, complicated and is not feasible for most IT organizations. Fortunately, there is a better way to expose internal systems to mobile devices with a lot less work and effort. Two technologies, when combined, yield the desired functionality without complete rewrites. The first is secure containerization and the second is HTML5.

Secure containers have been in use for several years and are a natural evolution of MDM (Mobile Device Management). MDM enabled IT to lock down an entire device, monitor its location at all times, and even wipe all contents remotely – including any personal apps, pictures, and videos. A secure container enables IT to control just the corporate data on a mobile device, including the ability to wipe and to set policies on its use, without sacrificing personal privacy. This is good for security and is the first part of the solution. However, to be really useful, the container must also provide access to the suite of applications needed to complete the everyday game of Tetris that is our to-do list.

Enter HTML5 – the technology that is already powering many web based portals behind the firewall. With an HTML5 container, accessing internal resources – whether they are documents in a DMS, a corporate intra-net portal, SharePoint, or other web-based technologies becomes much easier.

An HTML5 container is a native app that provides core functionality like offline access and push-notifications. Enterprise web apps run securely inside the container. Very little rewriting is needed, HTML5 is more portable and future proof than native code implementations for mobile. Most IT teams have a good understanding of HTML5 and are able to write apps using it quickly and easily. Many existing apps that run on the corporate intranet run inside an HTML5 container unchanged. In addition, existing legacy systems like Exchange 2003 and SharePoint 2003 have well documented web-based APIs to access them, making it easy for new web apps to be written on top of legacy systems for mobile use.

The world has gone mobile. Now it’s time for corporate systems to catch up. Let me access my files from my mobile phone without sacrificing security. Let me grab a document from DMS and email it to a client over lunch. Let me quickly take an internal attachment, rename it, and send it to an external client while enjoying a cup of coffee. Enable me to get valuable tasks done whenever I have time instead of later when I’m at the office. Let me get more small inter-dependent tasks done on the go – much like I can quickly turn, twist, and move shapes in Tetris. Then I can get more rows cleared from my to-do list and have more time and more patience for my kids.

Thank you for reading. Please comment below and tell us what you think. We would love to hear your thoughts.

Ilya

My Favorite Reads of the Week

From my favorite recent reads, a 13-year old develops a Braille printer which Intel invests in, the legal destiny of APIs, what is COPE and signs that you have found your life’s work.

I. This 13-Year-Old Is So Impressive, Intel Is Investing Hundreds Of Thousands In His Startup

LEGO® lovers alert: Inspiring story of Shubham Banerjee, 13-year CEO of the Braille printer-maker Braigo Labs. Take a look at the terrific photos of the prototype which he made with the LEGO Mindstorms EV3 set. By Eugene Kim, @eugenekim222, in Business Insider. 

II. COPE Offers IT and Workers an Alternative to BYOD

This is an informative piece which irons out the difference between COPE (Company Owned, Personally Enabled) and COBO (Corporate Only, Business Only) and BYOD programs. From what I see in the industry, I have a hard time envisioning most companies footing the bill for smartphones and service packages for all of their information workers. In the BlackBerry era, phones were mainly issued to executives and customer-facing employees. Today, most employees in information-related jobs want and need mobile access. Will an insurance company provide smartphones and service packages for 20,000 employees? Tom Kaneshige, @Kaneshige, provides a clear contrast of these approaches, in CIO.com.

III. 8 Signs You Have Found Your Life’s Work

Does your life’s work feel like “work?”. Is committing to you life’s work an honor? Ask yourself these 8 questions from Amber Rae, @heyamberrae, in FastCompany.

IV. Computer Scientists Ask Supreme Court to Rule APIs Can’t Be Copyrighted

The Electronic Frontier Foundation, @EFF, has filed a brief with the Supreme Court of the United States, arguing on behalf of 77 computer scientists that the justices should review a finding that application programming interfaces (APIs) are copyrightable. This case began several years ago when Oracle sued Google over its use of Java APIs in the Android OS and has broad ramifications in software and hardware development.

–Maureen, @MobileHelix

 

"Design Tools" Miguel Angel Avila

“Design Tools” Miguel Angel Avila

My Favorite Reads of the Week

Each week I post a few of my fave reads related to tech and business. This week: addictive apps, being a minority in tech, what you owe your employer, and why some workers don’t love BYOD.

VW bus

Why Your Workers Hate BYOD

Hoping to get away without sharing your location with your law firm IT department? Using a health-related app on your personal smartphone? Device management by employers is getting some backlash. Tom Kaneshige, @kaneshige, writing in CIO.com, explores these concerns with BYOD. Disclosure: our Mobile Helix Link mobile app does not track employee movements or capture information regarding personal apps.

Five Things You Owe Your Employer – And Five You Don’t

Liz Ryan, @humanworkplace, CEO and founder of Human Workplace, with some solid pointers. For example, you do owe your integrity; you don’t owe your soul.

The Other Side of Diversity

A sobering narrative of Erica Joy’s career moving from “a young black lady to a black woman in the predominantly white male tech industry.” From Alaska to the San Francisco Bay area and points in-between.

Why Messaging Apps are So Addictive

Who doesn’t want to build a habit forming app? Nir Eyal, @nireyal, author of Hooked: How to Build Habit Forming Products, outlines how hooks work in apps. This is good stuff.

–Maureen, @mobilehelix

Who can you trust in a BYOX world?

Apple has long held the reputation as the most trusted device vendor in the new BYOX World. iPhones and iPads are the devices that corporate executives demand most, and, fortunately, they are also the devices that corporate IT is most likely to trust. Generally that trust relies on Apple’s approach to the app store – a supposed “walled garden” that keeps the malware out, and allows only well-written and productive apps in. Although the actual merit of that trust is open to debate , trust in Apple has endured.

On Friday, Apple released iOS update 7.0.6 and iOS 6.1.6 without much fanfare and with the advice that users should install it to “fix an issue with SSL verification”. So far, the patch has been issued for iOS but not for OSX, which is also impacted by the vulnerability. Read the details of the vulnerability, and it is clear that this is a serious vulnerability that merits a serious response. Should this vulnerability be a wake-up call to IT to rethink that trusted view of Apple?

How significant is the problem? Should users be concerned?

The short answer is, very significant, and yes users should be very concerned.

The problem lies in Apple’s implementation of a critical aspect of the SSL/TLS (secure socket layer, or its newer revision called transport layer security) protocol – a key foundation of Internet security that allows sensitive information to be exchanged securely over public networks. It turns out that Apple software isn’t performing SSL certification verification properly. This vulnerability leaves iPhone, iPad and Mac computer users open to a potentially serious man-in-the-middle (MITM) attack.

The flaw is caused by a very simple coding mistake in the SSL certificate verification code in Apple’s Secure Transport library. It appears that this flaw has existed since iOS 6, and was still present in the latest beta version of iOS 7.1. Certificate verification is the implementation for one of SSL’s most fundamental precepts – end-to-end trusted communications. The idea behind the SSL certificate mechanism is that an SSL client (e.g., your web browser) can verify the authenticity of a website that it is communicating with by requesting a certificate. This certificate is similar in spirit to a passport – it is a unique, cryptographically secure mechanism for declaring a website’s identity, and, much like passports, certificates are issued by trusted entities called Certificate Authorities. Certificate Authorities take responsibility for ensuring that certificates are only issued to deserving recipients – legitimate businesses whose intentions are not malicious or illegal.
If certificate verification is not functioning properly, the entire system of chained trust falls apart enabling MITM attacks.

In such an attack, a malicious entity is able to intercept “secure” communications between an individual and the intended recipient or website. The attacker is able to read, insert and modify the data in the intercepted communication. The malicious entity can also impersonate a trusted website to install malware or steal valuable data like login credentials and passwords.

A worst-case scenario would look something like this: An unsuspecting user connects to a public WiFi hotspot. If that hotspot had a malicious listener attached to it, that listener could intercept traffic intended for an e-commerce or electronic banking site and steal usernames, passwords, account numbers, credit card numbers, etc. The user would have no warning that this theft was happening, and from the user’s perspective browsing to the malicious site would appear no different than browsing to the legitimate site. This is a dangerous vulnerability indeed.

So what are the implications of this troubling news?

No software is immune from vulnerabilities, and many serious vulnerabilities are uncovered that receive little or no attention in spite of the fact that their impact may be as severe as this issue in iOS and OSX. Apple is perhaps unfairly held on a pedestal, and from that pedestal even the slightest mistake can easily turn into a media storm. However, Apple has made a serious mistake in this case, and it is not the vulnerability itself.

The difference between those vendors that “get” security and those that don’t is in how they respond when vulnerabilities are inevitably discovered. Microsoft has been down this road and back, and prior to Bill Gates’ “Trustworthy Computing” memo Microsoft was the worst offender of all, both in terms of the number of vulnerabilities in their software and their repeated poor responses to them. However, Microsoft realized that growing their business in the enterprise required trust, and building trust with their largest customers meant getting serious about security. The result is not 0 vulnerabilities – that is impossible. The result is proactive, clear processes for communicating vulnerabilities and their impacts to customers and a patching process that allows IT to update effected software without forcing IT to broadly apply major upgrades that may have other, unintended and unwanted consequences.

Unlike Microsoft, Apple’s largest customers are not corporate entities that demand a robust security strategy. Apple builds devices for consumers, and it is these tens of millions of individual customers who are now forcing IT to embrace Apple devices, regardless of whether or not IT has any relationship with or influence on Apple. To some degree, Apple’s response to this issue shows that they are in tune with their customers, and, unfortunately for IT, IT is not Apple’s customer. Apple is not alone in its allegiance to consumers; Google and the Android ecosystem is the same, if not worse. So what is IT to do?

The Answer:

To keep data protected and secure, IT must retain control of the technology that ensures data security and that means entrusting the sanctity of sensitive corporate data with a company that views corporate IT as its most important customer. This does not mean that forcing all end users to Windows Phone is a good, or even viable idea.

Consumerization is here to stay. That means that IT has to adjust to the reality that end users are making device choices, not IT. Device centric security, however, in a consumer-driven mobile market, delivers a very troubling false sense of security.

The solution? A data focused security approach that remains fully under the control of IT and provides the appropriate level of protection and control that IT needs to keep data safe. In this case, when a security vulnerability appears, which it inevitably will, IT has the necessary tools, relationships, and control at their disposal to diagnose and fix the problem on their own timeline for their own users.

Unfortunately, this won’t be the last time that we see stories like this about potentially serious security vulnerabilities in software that we rely on and use every day. However, we do have the option to retake control of the solutions we use to secure our most sensitive data, and to ensure that our sensitive data is fully protected and under our own control.

– Seth