Jay McGregor, Forbes, 11/24/14
Tethering. A sublime idea that’s hindered by some major drawbacks.
For short term use, tethering makes perfect sense. You can turn your smartphone into a Wi-Fi hotspot with a few swipes, and stream some much needed browser time to your laptop in lieu of a proper connection. But in practice, it’s stifled by a limited data plan and battery drain.
Mobile carriers are perhaps the worst offenders when it comes to tethering, they simple don’t want you to do it. Some carriers flat out don’t offer tethering on their pay-as-you-go voice and data plans (Three in the UK for example). Even on unlimited data plans, it’s likely that your connection will be throttled if you start rapidly absorbing huge amounts of data.
Very few people genuinely have an unlimited data plan, too. “Unlimited” often means ‘unlimited until you reach your limit’. So when you’re wondering why your connection is so slow when your laptop is tethered to your phone, chances are that your connection is being throttled.
This is where a mobile hotspot steps in. Yes, before you shriek away from your screen in disgust, I know carrying more devices is regressive. But tethering is the one instance where your smartphone doesn’t reign supreme. Here are three reasons why hotspots make a good alternative.
Consumers can pick and chose between different carriers and plans. So if you’re travelling, and you want to move to a carrier that has better coverage in that particular area, you can do that by switching out the sim card. Or you could pick up the Uros Goodspeed hotspot that can hold up to 10 different sim cards at once.
This is where a mobile hotspot steps in. Yes, before you shriek away from your screen in disgust, I know carrying more devices is regressive. But tethering is the one instance where your smartphone doesn’t reign supreme. Here are three reasons why hotspots make a good alternative.
There’s also some good innovation in the mobile hotspot arena. Pay-as-you-go provider Karma Go offers 100MB of free data to everyone who connects to your Karma hotspot. So if you share your signal, you’ll earn data, and the strangers who join will only pay for what they use – your account won’t be impacted by their usage.
An important reason is that dedicated hotspots can be more reliable. The point at which you need that guaranteed connection will be different for everyone. But it still exists, and, sometimes, being let down by your smartphone simply isn’t an option. Speaking to The Wire Cutter in a comparison piece of hotspots, mobile analyst Sascha Segan said “The hotspot function on smartphones is often not as reliable as a dedicated hotspot”. She continued “We’ve seen a lot of phones with hotspot mode tend to drop [signal]. [It] has to do with firmware of phones; the signal doesn’t drop, but the connection is less reliable.”
Using your smartphone as a mobile hotspot will rapidly drain your battery. And if you’re working remotely, chances are you need your phone charged and ready to receive calls. This is where a dedicated hotspot becomes handy, especially if you’re going to need a good connection for a few hours. One of the top rated hotspots – the Verizon Jetpack MHS291L – lasted 14 straight LTE streaming hours in PCMag’s review.
Of course, dedicated hotspots have their flaws too. Typically, data-only plans are more expensive than home broadband and costs can easily spiral. But it is usually cheaper than hotel or public Wi-Fi. Upfront costs for the hotspot device can be steep, too. For example, the Karma Go will set you back $149 upfront. Whereas the Verizon Jetpack will cost $39 upfront, but that comes with a two year contract and a pricey monthly payment.
There’s also the issue of having to carry around the extra device. We’re supposed to be reducing the amount we carry with us, not adding. These dedicated hotspots aren’t small either. If, however, you’re happy walking around with a 4G hotspot then you could save money by getting a cheaper data plan for your mobile, and using the 4G on the hotspot when you need it.
Tom Warren, The Verge, 11/24/14
Microsoft first unveiled its Dropbox support for mobile versions of Office earlier this month, but despite the iOS apps getting updated soon after, Android has lagged behind until this week. The latest update to Office Mobile for Android adds Dropbox as an online storage application, allowing Office users to save and edit documents from Dropbox on their Android phones. Effectively, Android phone owners can edit Word, Excel, and PowerPoint documents stored on Dropbox without ever paying Microsoft anything as Office Mobile is now free to use.
This latest version of Office Mobile for Android phones is still a very limited and basic offering. Office Mobile for Android is identical to the previous iOS version, and similar to the experience offered on Windows Phone. It’s surprising to see Microsoft update this particular version of Office Mobile on Android, while killing the same product on iOS in favor of a combined tablet and phone version that’s far superior. An improved version for Android is on the way, and the tablet part of that update will enter preview in the coming weeks. Once Microsoft ships an updated touch-optimized version of Office with Windows 10, all three mobile operating systems will offer a similar Office experience that doesn’t leave Windows users out in the cold.
, GigaOM, 11/24/14
As the consumption of mobile data continues to soar, carriers are hard-pressed to serve the needs of end-users via traditional macrocell networks. As an alternative, businesses, municipalities, and other organizations look to small cells to provide voice and data services where legacy towers fail to provide optimal service.
While various flavors of small cells meet a number of increasing needs, growth inhibitors could derail mass adoption if left unaddressed.
Key findings from this report include:
- Small cells clearly fill a need in mobile telecommunications. Data consumption and user mobility continue to grow, but the traditional model of macrocell-based systems is not a viable solution for delivering data indoors, in high-density areas, and in some rural regions.
- The term “small cells” refers to a variety of devices and technologies, and enterprises looking to leverage these new technologies must understand its unique problems and needs before considering which devices and technologies are best suited for them.
- While the market for small cells is enormous, some substantial hurdles — both technological and operational — must be overcome. The market won’t explode overnight, but will grow steadily over the next few years.
, GigaOM, 11/15/14
Cards are an emerging way to structure web information so that it’s easier to for mobile devices to parse and display in a stream — when you simply like an article online and its headline and art appear on your Facebook in a neatly organized module, that’s an example of what cards can do.
Wildcard, a New York-based startup, has built a browser for iOS where cards — not HTML webpages — are the standard unit that users interact with when surfing the internet. The first version of Wildcard is now available from the App Store.
Cards aren’t just a design innovation for marketers — many people believe they could become one of the default design elements for computers with smaller and smaller screens. It’s not hard to see the start of the card takeover on mobile devices: The latest version of Google Android displays notifications as a set of “cards,” each with information and potential actions the user can take. Apple Watch, expected early next year, probably won’t have a full browser, but well structured cards could be one of the best ways to show a little nugget of information on such a small screen.
Some are hopeful that cards could become one of the primary ways that apps interact with each other on your phone. But developing for cards is harder than simply adding tags to existing content and systems. “Think of a card as a native receptacle for structured information,” Wildcard co-founder and CEO Jordan Cooper told me in an interview. “Cards are a data effort.”
Of course, cards don’t matter if users don’t end up interacting with them. So Wildcard’s mobile browser, which pulls its cards from third-party APIs — an example of what Cooper calls a “third-party card interface” — is the company’s first step to making cards mainstream.
When you first open the app, you’re confronted with six trending searches, and when you scroll down, you find other cards you might be interested in — for instance, a “collection” of cards about brewing great coffee, or a recent article from a publisher who supports cards. In many ways, the app resembles Google Now, which is perhaps the most famous card-based interface currently in wide use to date. Browsing is snappy, with new cards loading immediately.
I didn’t find the automatically surfaced, editorially picked content in Wildcard particularly compelling — and there’s a little too much emphasis on commerce at the moment (one of the first card actions most people implement is a button to buy or install something) but as it is right now it could be a great lightweight feed replacement for Twitter for many people. Wildcard generally looks and feels very slick. It is designed by Khoi Vinh, who was a New York Times digital design director and founded Mixel.
Wildcard’s non-consumer facing projects could end up being even more important to the company. For now, various card implementations, like Facebook‘s Open Graph, or Pinterest’s Rich Pin, don’t really work with each other. Until there’s a standard for cards, Wildcard’s own standard wants to fill that gap. Many websites have already implemented cards, for services like Twitter or Facebook, and Wildcard will provide tools and an SDK to translate those cards and make them interoperable.
There are other companies looking at the same problems with cards: CITIA is another startup with an advertising focus for cards, and the big tech companies are working on their own card technology too.
Wildcard has $10 million in funding from various investors, including General Catalyst Partners. For revenue, it doesn’t plan to monetize the commerce that takes place in its browser, but rather hopes to place ads against its card search that it’s developing in-house.
“The worst user experience is the mobile browser,” Cooper said. “We’re aspiring to replace Safari or Chrome with something better.”
In the last few years, Google has been communicating the need for mobile ready sites. Forward-thinkers are already reaping the benefits of creating a mobile-friendly website. If your company hasn’t taken the plunge, Google has publicly stated its intent to make mobile-friendly websites standout in its search results, which may lead to a new ranking factor. Google has always strived for the best user experience and, clearly, mobile-friendly websites are front and center when mobile search volume is starting to pull ahead of desktop search.
Ultimately, Google can’t control whether a website is mobile-friendly or not. It also takes time to develop a mobile ranking factor that provides the best user experience and doesn’t alienate important websites that may not have become mobile-friendly yet. With this challenge in mind, Google began testing an icon that alerts users to mobile-friendly websites in their search results. This icon may prove to be valuable in driving search traffic to mobile-friendly websites. Along with the trend of mobile search growth, it is imperative that every website implements a mobile-friendly website.
Is mobile Internet taking over desktop usage?
According to recent research provided by comScore, the majority of consumers are multiscreening. It doesn’t mean that mobile alone is winning, but multiple devices are being utilized by the same visitor at the same websites. This is a key reason to have consistent experiences across multiple devices.
It is clear a standard site on a mobile device provides poor user experience: fonts are too small, there’s an overwhelming amount of information on one screen, and it’s very difficult to navigate. Unless the standard website is the only source of information the user is seeking, they will definitely bounce and choose a mobile-friendly website to visit.
A colleague provided a great example on how you can get an edge on a competitor by being proactive with a mobile-friendly website. He was on the runway at JFK and remembered a birthday for his friend was coming up. He did a search for “gift delivery New York.” As most users would, he immediately clicked on the top result and thought this would be quick and painless. The company he was directed to didn’t have a mobile-friendly website and his frustration brought him right back to Google to find another company with satisfactory user experience. The second result was a Belgian chocolate gift delivery service with a mobile-friendly website, so guess what his friend got for her birthday? And guess who just missed a sale (and who knows how many before that)?
Google has stated that a website should offer the same user experience regardless of the device used by the viewer. Larry Page, Google co-founder and CEO, expressed strong feelings against having multiple sites for multiple devices and believes webmaster shouldn’t be designing for mobile. Thus, Google officially endorsed responsive design as the preferred method of building a mobile-friendly website. Responsive design is a web design approach aimed at crafting sites to provide an optimal viewing experience — easy reading and navigation with a minimum of resizing, panning, and scrolling — across a wide range of devices (from mobile phones to desktop computer monitors).
The emergence of mobile voice search
Another reason to have a mobile-ready site is mobile voice search. Mobile voice search is an emerging technology that combines the power of mobile with a voice recognition algorithm. This algorithm gives users the ability to search Google by speaking their request in a conversational manner. Google has made great progress on this by utilizing the Knowledge Graph to power the search results. Google hosts the largest informational dataset in the world, and providing the correct answer to any question is integral to their success as a search engine.
To feed the Knowledge Graph for local search results, Google uses both information from Wikipedia and the business website. Consequently, it is very important to keep the following information up-to-date: logo, address, phone number, key people and other important information related to be business. Implementing schema on your website is ideal for providing search engines with this important information. Schema markup helps search engines understand the context of information on webpages, allowing them to provide richer results through the Knowledge Graph.
Google also announced a new search platform in September 2013, Hummingbird. The name comes from being “precise and fast” and is designed to better focus on the meaning behind the words. Hummingbird is paying more attention to each word in a query, ensuring that the whole query — the whole sentence or conversation or meaning — is taken into account, rather than particular words.
In a recent survey commissioned by Google, teens have overwhelmingly integrated voice search into their normal search behavior, whereas adults have yet to adopt it into their search lifestyle. Most of the voice searches noted in the study involve directions, phone calls and homework questions. However, the number of searches regarding local businesses, products, and reviews have increased exponentially in the last year.
Mobile traffic is growing at exponential rates and the steps Google has taken is a clear indicator that every company must have a mobile strategy. Google’s recent tests, like mobile icons, may not become standard in the search results. However, it is clear that having a properly optimized site for mobile search is not optional anymore. Always consider what Google’s ultimate goal is, a quality user experience, and make sure your website is built with that very goal in mind.
Adrian Bridgwater, The Register, 11/13/14
The prevalence of BYOD (bring your own device) activity across the enterprise landscape has seen every IT vendor worth its salt try to offer a solution to the problem of keeping employees’ mobile devices under control.
There are several worthy options, such as CYOD (choose your own device) and managed virtualised desktop solutions, but the best medicine for BYOD might just be right under your nose.
The IT manager tearing his or her hair out wondering when there might be time to implement a BYOD platform is looking at a complex matrix of different device management, system management and, crucially, asset management panes of glass.
That word “asset” is important: the pre-existing IT management infrastructure might already provide some of the clues – but only if managers know what question to ask of themselves and of their current suppliers.
The IT sub-discipline of asset management is affectionately known as ITAM. In terms of form and function, ITAM is generally defined as a collection of business practices designed to optimise expenditure on IT-related purchases, management and redistribution, based on an agreed inventory process.
Closely related to BYOD is mobile device management (MDM), and it would be impossible to complete this discussion without reference to this. How do BYOD and MDM interplay?
Should we be asking ourselves whether we should use ITAM as a starting point for strategic MDM and BYOD planning?
If you are a responsible and thoughtful tech manager with an ITAM platform, what should you look for in that system before embarking on an MDM journey?
Martin Thompson, asset management analyst and owner of The ITAM Review, thinks software and application monitoring are must-haves for any MDM solution.
“Within asset management tools, the IT department has visibility on when, how long and how many times an application on a mobile device has been used,” he said.
“This type of control is aimed at smartphones and tablets and should be viewed just as you would view the data usage for software installed on a machine.”
In this way, he said, we can use ITAM to give us MDM-flavoured insight into what kind of BYOD challenges we face.
“This aspect of MDM for BYOD is particularly important as large vendors now allow a single user to install their product on a set number of devices. Mobile devices count as an asset, so an organisation needs to have visibility on how many instances of the software a single user has installed,” Thompson adds.
But the “ITAM for BYOD control” argument needs to go further than simply counting the number, type and form factor of devices – and further too than being able to describe what user has what device with what application.
The next stage is a layer of identity so that we know what data is being accessed and exchanged with the corporate data centre at any moment.
“Inventory is a core part of any strong mobility solution, and because the requirements are an extension of what IT has always needed, the skills and investments you’ve made should be seamless to use,” said Simon May, an enterprise device infrastructuralist at Microsoft
“Additionally look for solutions that use inventory, analytics and machine learning to help make insight more actionable, for example solutions that take signals from a device and use that to provide conditional access to company resources to the user on that device.”
This leads us to the inherent differences between what might be a custom-built BYOD management solution and a more configurable total MDM solution.
Even if IT management does have a good ITAM-driven grasp of its installed technology base, there is still a shopping list of factors that will shape the MDM alignment before it is powered up.
Looking back at our installed base of BYOD devices with an ITAM-focused eye, we must first decide whether we will host the MDM software layer on the company network or buy it in as a cloud software service.
After conducting an audit of all our devices’ lock and wipe capabilities, we then decide how to push out the MDM controls to the devices.
Further down the line (after other crucial foundations such as compliance tests) we get to decide which mobile operating system(s) we will support and what central email and application set we will support.
Samsung comes into this technology space with its Knox container offering. This is a virtual Android environment within the mobile device so that the container has its own home screen, launcher, apps and widgets.
Applications (and their data) inside the container are isolated from applications outside the container. This isolation means the Knox container can be used as a secure enterprise workspace, while everything outside the container represents the user’s personal space.
Two for the price of one
Part of the company’s Samsung Approved For Enterprise (SAFE) programme, Knox (named after the fort if you hadn’t guessed) addresses the security issues faced by enterprises deploying BYOD by providing a “dual-persona environment” which isolates enterprise apps and data from personal apps and data.
This throws up a diversion for the ITAM purist, but it is only a diversion: there is the same amount of data and devices but they are just treated differently.
At the same time, Samsung lists a dozen MDM solution industry partners that support many (but not all) Knox features and offer comprehensive policy levels.
For example, SAP Afaria, an MDM product that was part of SAP’s Sybase acquisition, delivers a solution designed to expand Samsung’s SAFE technology.
Citrix XenMobile is designed to provide an enterprise-class application and data management solution for all Knox-enabled devices, including Galaxy smartphones and tablets.
There are clearly ITAM-BYOD-MDM crossover points then, but we shouldn’t run away with this idea.
According to Simon Townsend, chief technologist for workspace management vendor AppSense, ITAM can help overcome some of the challenges presented by BYOD but it is no silver bullet.
“Any device, any operating system and any application that can interact with enterprise systems needs to be monitored”
“Having a solution such as MDM that just looks after mobile devices is simply adding more workload onto the corporate IT team’s plate,” he said.
This creates what he calls the “and” problem, which gives IT teams the headache of having to manage a mix of Windows physical and virtual desktops and laptops and Macs and mobile devices too.
“The only common factors across these mixed workspace estates are the need for effective management of policies and user privileges: you have to manage the profiles of users, what they can and cannot access and what IT policies they are subject to, and deliver a consistent user experience too,” said Townsend.
“While management in the traditional Windows sense is sometimes not possible in BYOD, it’s critical to at least see and record what people are doing and which applications and assets they are using. Organisations need to bring ITAM-flavoured device management into overall workspace management.”
Perhaps we need to realise that the IT industry is shifting from an enterprise centric world to one that is essentially user centric. With that in mind, we might be able to view the assets inside the BYOD challenge differently.
Please help yourself
“All users really want is access to their apps and data on whichever device they choose, wherever. The challenge for IT is to meet those needs while still meeting the compliance and security needs of the organisation,” said Joe Baguley, CTO EMEA at VMware.
“Hence the hybrid world we find ourselves in today with a diverse mix of tools. We need the ITAM thinking to shift from an organisation managing or owning physical assets such as mobile devices to instead delivering services, including to assets that they don’t own and never will.
“IT departments can also offer application catalogues, containing business-critical cloud and SaaS applications, and allow user access from any device, whenever and wherever they need it.
“Again, the balance between user experience and business best practice is kept – with access to each application determined by the user’s identity and environment (device, location and connectivity level).”
The end result is each worker having self-service access to, and secure sharing of, all relevant resources to drive productivity.
Phil Barnett, vice president and general manager EMEA at Good Technology, agrees that BYOD is not simple and that multiple devices used by numerous employees cause multiple issues.
Barnett thinks that a wholly containerised approach is the only way that IT can manage and keep track of all its internal ITAM load – whichever device or application employees are using.
“When an employee can access applications, services, documents and workflows only through a secure login portal, IT can monitor usage and give or restrict access to specific servers or applications. For example, the sales team is likely to need a different group of applications from the finance team,” he says.
“These tighter restrictions are beneficial to both the IT department and the end-user. As well as keeping track of a company’s assets, there is also the ability to configure devices automatically, deploy apps and if necessary wipe sensitive data.
“It also offers a consistent user experience and impinges less on privacy. When everything controlled by the IT department is confined within one application, the user has no fear of IT accessing personal information and files on their device.”
Is there a danger of moving too close to a containerised approach and forgetting our initial ITAM mantra?
It is true that containerisation helps IT to manage and audit the security and other requirements of a heterogeneous enterprise mobile landscape.
But enterprise mobility has entered a new phase, driven by the combination of advanced mobile devices, improved wireless connectivity and increased adoption of cloud-based services. We therefore need some way of bringing several new worlds together – and quite how we do this is not yet clear.
Steve Drake, former IDC analyst and now business development director at FeedHenry, predicts that MDM and mobile application management (MAM) vendors will partner with mobile app platform vendors to gain the scalability and flexibility demanded by enterprises.
“To date, most of the large enterprise mobility management deployments have been independent of mobile application platform deployment and rollout of mobile apps,” he says.
“Large enterprise mobility management deployments were often the first step for an organisation to manage devices and control applications. However, in 2014, given the market maturity and advances in best-of breed-offerings, we expect to see larger combined deployments.”
Cathal McGloin, CEO of FeedHenry, agrees. “MDM provided employees with mobile access to their calendar, contacts, work schedules and email and gave IT managers peace of mind that if a corporate device was reported lost or stolen it could be remotely locked and wiped,” he says.
But he points out that today there is a far broader requirement of MDM, especially in the ITAM for BYOD world. Enterprises demand end-to-end platforms that support mobile app development and management.
“Importantly, rather than managing the device, enterprises are now focused on controlling access to sensitive data as it moves between the enterprise and the device,” says McGloin.
“This shift has fundamentally changed the market for point solutions like MDM and MAM, so that MDM and app enablement are two sides of the same coin.
“We are starting to see that rather than being managed separately, MDM and app development and distribution are linked by the common thread of data security – securing apps and devices and managing user policies through the same platform.”
So even MDM as we knew it won’t quite cut the mustard for ITAM-aware BYOD controls in 2014 and onward. We need an information-first, management-first approach to all devices. Bringing assets and information together into a new MDM could be the answer.
If you see asset-aware BYOD management (AABYODM, pronounced ‘aabyoohdum’) being used, then you will know why. ®
Agam Shah, ComputerWorld, 11/13/14
Hewlett-Packard wants to make BYOD (Bring your own device) easier for small businesses through a new cloud-based service to manage and protect mobile devices and PCs.
The company’s Web-based Touchpoint Manager service, launched Monday, can remotely check the health of smartphones, tablets, laptops and desktops. It can also issue alerts and remotely lock or wipe data from devices in case of theft.
The service is for businesses with up to 500 employees that need a basic bring-your-own-device management plan at an affordable price, said Michael Park, vice president and general manager of Commercial Mobility, Printer and Personal Systems at HP.
For $2 a month, a starter plan provides a list of users and devices, tracks devices on a map, and monitors hard-disk health and battery life of remote devices. For $10, users get additional features like camera management and the ability find lost devices, reset passwords remotely and wipe data. Under both plans, system administrators can track and issue alerts in case devices are close to expiration or security software is out of date.
Device management isn’t a new field and that considering HP has been selling PCs and tablets for years now, it’s taken a while for the company to release such a cohesive offering. HP worked on the product for one-and-a-half years and though it may be late, it wanted to offer BYOD tools that are “stable” and “radically” easy to use, Park said.
HP is announcing the service just a few months after IBM and Apple announced an “exclusive” deal in which iPhones and iPads would be sold to enterprises backed by IBM’s device management, cloud and analytics services. Locking corporate environments into one OS can be an expensive proposition, and HP wanted to offer a service that’s device and OS agnostic, Park said.
Touchpoint Manager supports mobile devices and PCs running Android, iOS and Windows. It doesn’t support Mac laptops or BlackBerry devices. It also won’t provide management and security for thin clients that run applications directly off servers.
Central to the service is a Web-based dashboard that has sortable lists of users, devices and registrations. Alerts will show up in case a device is low on battery life or hard drive, or if a warranty is expiring.
“You can be up and running in under five minutes. It’s very quick and easy,” said Lorri Jefferson, senior director of software product management at HP’s business process services unit.
A map shows where device are located. If a device is stolen, action can be taken to lock it and wipe data. The service can also lock a device and restrict access to data if a smartphone or tablet is taken outside a particular location, which is especially important in hospitals, for instance, which typically have tight restrictions on data access and portability.
For now the service lacks data backup and geofencing, but those features could be added in the future, Jefferson said.
HP is also tailoring its business laptops with exclusive features to take advantage of the service. Its Elitebook business laptops coming later this year will have GPS-like technology so laptops can be tracked even when they are turned off. The feature isn’t available on current Elitebooks.
Touchpoint Manager is available in the U.S., U.K., Singapore, Australia, New Zealand, Canada, India, Ireland and Japan. It will be available in more countries and languages next year.
Adrian Bridgwater, The Register, 11/13/14
Every IT manager worth his or her salt would really like to get hold of users’ physical devices to lock down security and manage privileges, protocols and permissions in the perpetual quest for control. This is not always possible.
The situation has given rise to industry terminology such as mobile device management (MDM) and bring your own device (BYOD).
But where do we start? What do you get in an MDM box when you unwrap it and what kind of roadmap should firms be following to implement effective MDM in the face of rising BYOD?
While MDM is a fairly self-explanatory term, let us try and restate what it should really mean.
Simply put, MDM is that area of administrative IT department control where devices are deployed, secured, integrated (and architected) into the network and subsequently monitored and managed (and possibly deleted).
By “devices” we mean laptops, tablets and smartphones, of course. But our use of the term also now includes the Internet of Things, including basic “wearables”, from the consumer-level Fitbit, and perhaps heart-rate monitors, to more industrial sensor-based pieces of equipment.
At the peak of MDM Nirvana (a place oft dreamed of but rarely reached) an administrator is capable of intercommunicating with all devices on all platforms in the network.
The machine-to-machine communication channels are open through all local country service providers so all devices are accessible. Updates and other management can be performed over the air without requiring physical contact with the devices.
These can be managed to a degree compliant with the IT department’s vision for an optimised network based on particular application use cases and connections to specific online services. This is MDM perfection – but perfect MDM is tough to calculate and rarely possible.
Facts and fantasy
What happens back on planet Earth is slightly different. Device usage is subject to an overabundance of determining factors; while some are logical and predictable, others are intangible and unexpected.
According to surveys, the younger workers classed as Generation Y have exhibited some strange behaviour. Generation Y executives would apparently be happy to take a lower salary if allowed to work using a device of their own choosing.
It is at this point that the prudent business should surely start to question whether these are really the kinds of employees they want to attract in the first place.
The challenge here comes down to usability and productivity. It is straightforward enough to think about an MDM policy that stops users starting up specified applications in defined locations, or one that prohibits them from downloading games on their devices, but at what cost to employees’ freedom, work satisfaction and ultimately loyalty?
There is little point in managing any data or device if we don’t know what is inside it, so inventory controls are a first element of any decent MDM package.
From there we can look at hardware and software component management and also include network access control and help-desk features into the MDM mix.
As we build up this idea of the total MDM architecture, we need to ask just how far and wide should an MDM solution go? The answer is quite far, because MDM can include software application provisioning and management to make apps behave with custom-designed characteristics.
Applications may be installed under terms of limited access so that they stop functioning based on GPS location information, time of day or some other pre-selected factor.
Developers will not necessarily have engineered controls and gateways to enable this kind of broader control, so MDM has a direct role to play here.
Part of the challenge is that MDM has to be comprehensive and capacious: you either have it or you don’t.
MDM control software can be delivered in a virtualised form as a cloud-based service as opposed to an on-premise solution. But every MDM solution that a firm settles on must have a comprehensive range of features.
It is difficult (and expensive) to deploy multiple systems, each of which solves just a piece or two or three of the total mobility management puzzle.
“Businesses need to implement a structure that can identify classes of users and device types”
“BYOD has significantly changed approaches to managing and securing end-user computing devices in enterprises,” says Graham Long, vice president of the enterprise business team at Samsung UK.
“Many businesses have struggled to adapt to the changes, while others have simply not been prepared.
“Businesses need to start taking a whole new approach to mobility. They need to implement a structure that can identify classes of users and device types and create policies for treating the different groups as they attempt to connect to the network.”
In terms of implementing MDM, Samsung points to its Enterprise Software Development Kit (E-SDK), which developers can use to take advantage of the additional security features available in Security Enhanced Android. The tool can also be used to develop bespoke enterprise applications for devices.
According to a recent Samsung MDM white paper, the E-SDK enables developers to use features that enhance the security, accessibility and usage cost of mobile devices. E-SDK offers more than 890 APIs and 410 policies for what the firm calls “increased device control”, whereas standard Android provides 30-plus policies and APIs.
To MDM and beyond
Gartner analysts Ken Dulaney and Terrence Cosgrove wrote a piece in May 2014 entitled Managing PCs, Smartphones and Tablets and the Future Ahead. In it they suggest that the collision of PC and mobile device management approaches over the next seven years will create a product category called unified endpoint management (presumably UEM in acronym land).
“Everything about PC and mobile device management is changing, including necessary skills and IT processes. Enterprises are supporting two radically different management architectures – one for PCs and another for smartphones. PCs are managed though system images, while smartphones and their cousins, tablets, are managed via a more complex mechanism that adapts to their sandboxed architectures,” they write.
“Yet, in many cases, IT attempts to make smartphones act like PCs through strategies such as containerisation, which is a pseudo system image. IT should understand the differences between the management styles of the two types of devices and recognise that sandboxed architectures represent the future. Thus, the management framework approach going forward will result in a product category called unified endpoint management.”
Gartner erudite musings notwithstanding, today we still have MDM. Perhaps a practical example in 2014 will help us compare the theory with the reality.
Steven Ward is group IT manager at Ferguson Group, an Aberdeenshire-based offshore container, accommodation and workspace module specialist. Ward explains that security and the provision of a standard build for mobile devices are the two factors driving his organisation’s MDM adoption.
The firm has offices all over the world and many employees on the move, so IT needs to know security will not be compromised.
“We need to be able to wipe and lock devices remotely as soon as we receive that call,” says Ward.
“The BYOD trend means some employees feel the IT department is there to provide tech support for their own phone, which is not the case. We’re there to provide a standard device with a standard set of applications which are compliant and secure.
“We don’t need MDM to take up half of our job. Instead, MDM provides our small department with the capabilities to keep around 100 devices spread around the world secure remotely. We’re working with Spiceworks’ MDM solution as a cost-effective way of doing this.”
Ward says that in his experience it is not the younger generation demanding BYOD and driving MDM adoption.
“Employees recognise that our policy is to provide them with the devices they actually need. If they have a requirement, we will try and cater for it. The issue is ensuring employees are running apps approved for business purposes. MDM becomes important in this respect, as we can monitor applications and keep devices secure,” he says.
Picking up speed
Whether we look forward to Gartner’s unified endpoint management theory or stay closer to home with MDM as it is today, a combination of current methodologies may be the most prudent way forward.
We need only to look at global trends to confirm that mobile data is exploding. Vodafone reminds us that based on analysis from 2012, global mobile data traffic grew by 70 per cent.
Extrapolated from these figures we find a compound annual growth rate in data flows of 66 per cent predicted over the next five years.
Not only is the amount of data traffic soaring, it is also moving faster than ever. Average worldwide mobile connection speeds are forecast to rise sevenfold by 2017.
Vodafone’s answer is its eponymously named Device Manager, a technology that includes AppConnect. This provides a software development kit designed to help create wrappers for iOS and Android and put apps in secure containers.
So could wrappers and containers be the answer to MDM and BYOD headaches? Could the notion of a multiplicity of user endpoints be the most sensible approach? Or could plain old CYOD (choose your own device) be the best way to manage BYOD?
CYOD represents a dividing line between BYOD randomness on the one hand and the formalised top-down provision of company devices on the other. CYOD schemes allow employees to select a mobile device from a range of company-approved products.
The problem (well, one of the additional problems) here is that MDM has to extend after the usage of a corporate device to make sure it is given appropriate end-of-life treatment.
Global estimates suggest that the average phone is used for just 18 months. The issues associated with MDM and BYOD come from so many angles, it becomes hard to know which direction we need to start applying policy in.
“Businesses must take intelligent responsibility for the growing threats to their communications environment,” says Vincent Geake, head of secure mobility and new ventures at BAE Systems Detica, Vodafone’s global security partner.
“By doing so, they will fulfill their duty of care to shareholders, employees and customers, ensuring that they keep their valuable information safe and remain compliant with external expectations, wherever their workforce is operating.”
When worlds collide
We will continue to manage our enterprise desktop client experiences through controls that will be distinct from the MDM that operates in the dedicated mobile space, but this will ultimately change as we reach a point where the two worlds collide.
This inevitable convergence and unification of device controls will shape our usage of all technology over the next five years.
MDM is at an all time high and it is about to become more important. Embrace it and we can embrace the future. ®
Lucian Constantin, ComputerWorld, 11/7/14
Data packets used by wireless access points to advertise their capabilities can be used to control malware running on nearby computers
A security researcher has developed a tool to demonstrate how the unauthenticated data packets in the 802.11 wireless LAN protocol can be used as a covert channel to control malware on an infected computer.
The protocol relies on clients and access points exchanging informational data packets before they authenticate or associate with each other, and this traffic is not typically monitored by network security devices. Tom Neaves, a managing consultant at Trustwave, developed a proof-of-concept tool called Smuggler that leverages these packets, known as wireless management frames, to communicate with malware.
Companies invest a lot of money in intrusion detection systems, firewalls, data loss prevention systems and other security devices to detect and block suspicious Internet traffic in and out of their networks. That’s because blocking malware programs from communicating with attackers is just as important as preventing end-point systems from becoming infected in the first place, which is increasingly hard to do these days with all the potential attack vectors and people using the same devices at home and work.
Neaves’ proof of concept uses legitimate features of the 802.11 protocol in ways they weren’t meant to be used, in particular the information elements found in wireless beacon and probe request frames.
Beacon frames are specially formatted data packets that wireless access points send periodically to announce their presence and relay information about themselves to listening clients. They contain information elements like the SSID (service set identification) which gives a network its public name, the data rates supported by the network and other parameters — a sort of metadata.
An attacker sitting within a compromised computer’s Wi-Fi range — like in a parking lot outside an office — could use Smuggler to set up an access point that broadcasts a beacon frame with a blank SSID and a Rates information element that actually contains a command. The computer’s wireless card will receive the beacon frame, but the OS won’t display the access point in the list of available wireless networks because the SSID is blank.
A malware program running on the computer can be programmed to listen for beacon frames with blank SSIDs, parse their Rates elements and execute the commands found inside. It can then use the wireless card to send probe request frames that have the output of those commands embedded in them.
Probe request frames are used by wireless clients to request information from specific access points or from all nearby access points, like during an active wireless network scan. The SSID information elements in these frames, which is normally used to indicate which access point should respond, can instead be used to relay a command’s output back to the attacker, Neaves said in a blog post.
If the output is too large, it can be spread across multiple probe request frames and the program running on the attacker’s computer can reconstruct it.
The Smuggler tool has components to automate this two-way communication process on both the attacker and the victim side. Neaves used it to implement an interactive shell that allowed him to remotely execute commands on an infected computer and see their output via a local terminal window.
“I am not going to release Smuggler just yet,” he said. “The objective of this post is that I wanted to share my findings of abusing a protocol in a way not intended and use it for bad things, such as creating this covert two-way communications channel without associating or authenticating. I have also created Anti-Smuggler to demonstrate that it is possible to detect such attacks.”
, GigaOM, 11/7/14
Opera has released a new version of its Mini browser for Apple’s iOS platform, this time adding a feature called “video boost”.
One of the key features of Opera Mini has long been “Turbo”, its ability to render webpages on the server-side so that the user gets to use less data and see faster-loading, albeit compressed, pages (and yes, this has privacy implications.) Video boost, rolled out in version 9.0 of Opera Mini for iOS on Thursday, is pretty much that, for video.
The video boost feature largely stems from Opera’s $155 million purchase of the browser outfit Skyfire last year – this was Skyfire’s standout feature, and Skyfire’s “Rocket Optimizer” engine is behind what we’re seeing this week.
As Opera Mini for iOS product manager Maciej Kocemba told me, video boost doesn’t transcode video that is already of low quality — but when it does transcode it, it can compress it to as little as a tenth of the original size. The feature, which is part of Opera Turbo, can also be deactivated if needed.
“If you’re streaming over Airplay to a full-HD TV, you would like to turn it off,” Kocemba said. “But in most cases it’s one of those fire-and-forget features.”