Topics of Interest Archives: Security

Blue Cedar Puts Mobile Application Security Far Ahead of MDM

I get to join several product demonstrations each month and speak with various technology companies about the current and next-generation problems they are working to solve. Sometimes you hear about products when it’s too late, when you don’t work with a client anymore who might have benefited from a solution or a solution they tried killed implementation completely.

When speaking with Blue Cedar CEO John Aisien last week, I found a product that could have helped me solve for a problem a client was challenged with in 2016. John and his co-founder Kevin Fox have assembled a team that is simplifying the role out of BYOD for enterprises and delivering seamless security solutions for heavily regulated B2C organizations focusing on mobile applications for their users. They have competition in the space, but I noticed a differentiation between them and the more commonly known providers in EMM.

How? By placing the Blue Cedar Security Injection product directly into an organizations application development tool-kit. The solution lights up a security control center to monitor, track, and control the applications behavior on any given device without any use of the traditional MDM products. They are moving the line on untrusted user access, creating a tool that enables the enterprise to securely mobilize their entire workforce, and with the varying controls that enterprises are accustomed to in the MDM services we utilize today. The key difference, however, is that there is no MDM agent required to sit on any BYOD device – a huge move to full enabling BYOD.

I see Blue Cedar taking serious strides to simplify the mobile application security management questions that enterprises are boiling water over today. Their recent announcement of a partnership with Neptune Software and their Rapid Mobile APP Development Platform, as well as their ongoing work with SAP is evidence of this. And they are developing a tool set that becomes more critical as we expand our hardware connectivity and computing capabilities from a centralized secure location to the edge.

Theoretical? No!

Blue Cedar completely solves a very real enterprise security problem.
The client this made me think of is a pharmaceutical company that took the strategic initiative to bring mobile technology to their clinical trials. What an opportunity – and challenge – to securely generate valuable user data.

Think about it; this company runs more than 200 clinical trials annually and for varying lengths of time. The number of participants per trial varies from 50 to tens of thousands, and the user make up is diverse and unique to each clinical trial they run. None are employees and they’re not consumers whose data can be shared, viewed, or left unattended.

It’s not that the users could not be trusted with their own data. The question really surrounded how to securely deploy an application that would collect highly sensitive and proprietary data from a decentralized and uncontrolled user group?

The solution at the time was to loan these users a corporate-owned tablet, pre-configured with a Mobile Device Management (MDM) application, coupled with Apple’s Device Configurator (I know, I cringed too), a custom-built in-house application specifically for use in this trial, and a robust logistical support strategy for replacements, software and application updates. We started with a user group of 250 participants in one country and had some other challenges to consider.

We knew right away that this would be expensive and technically challenging to scale from one trial to more than 200. Each clinical trial requires its own application(s) and connectivity capabilities with other 3rd party applications, and maybe even wearables or connected medical devices and other controlled systems. Not every user needs a device, but not every user doesn’t need a device.

If I were to guess, 80 percent or more of the total users globally could be BYOD users if a tool like the Blue Cedar product were deployed in their application development strategy. It solves the security conundrum that MDM was meant to address while delivering a high volume of logistical and user support savings. Otherwise, a client would spend hundreds of millions of dollars on one-time-use hardware and the tracking of 3rd party software licenses.

The remaining 20 percent of users who receive a device for the term of their trials would leverage the same application, but with a far less complex device configuration setup and logistical support network. This would further save the company millions in support and deployment costs.

Who else is solving for complex mobile problems and weighed down by the cost and security of the hardware, and the security of the network? Everyone.

Posted in Blog | Tagged , , , , | Leave a comment

Living with Legacy in an Era of Innovation – A Security Story

siliconangle blog post image  Legacy is a perception of investment, and of value.  Unfortunately, legacy in the digital transformation era is seen to be a re-investment is what has been, but not what will necessarily be useful going forward.  For me, this is a false statement. For example, when the Year 2000 issue happened with systems, some firms used that opportunity to build more functionality into their systems where others just fixed the necessary bugs for the changeover.  So, one person’s legacy situation is perhaps another person’s opportunity.

But as the volume of legacy in an enterprise grows, how have we grown in our ability to leverage the investment in this legacy — or, for that matter, is it still worth the effort? Do legacy applications house a hoard of useful information and behavior — or is it a ball and chain, something you should reduce if you want to be innovative and actively working on transformation?

Legacy constraints often seem immense and burdensome — but, do they always need to be? Is object-oriented legacy software spaghetti code — or is it more like ravioli? Do agile methods embrace or reject the use of the legacy?  I am writing a series of blog posts on legacy and innovation, disproving the myth that old equals out of date and useless.

In this blog post, I will look at legacy in regards to security and streamlining of security operations. The shift to cloud and mobile has not always been graceful for organizations and has been disruptive to the way we deploy security controls. Making significant changes in authentication flow, the one security control that gates all vital access and privilege, is an enormously arduous and fragile task. The modern ‘mobile-first’ access pattern has thrown a wrench into what was an otherwise easy manageability for account security.

Not only are modern security controls challenging to adapt and apply to legacy infrastructure and interfaces, but legacy security controls tend to fall flat when it comes to modern infrastructure. How do you deploy your legacy security controls in the world of cloud and mobile when you don’t control the endpoint, network, application or infrastructure?

Authentication is often the only effective security control you have left in a modern, cloud and mobile-enabled IT environment. So you better be damn sure that authentication control is more than a simple password. But many do not.  Why is this?

I have done several authentication projects recently, and one of the main challenges I have seen is a lack of understanding of what must be protected and by whom. Too often, the focus is on cost and procedure, and not on an understanding of the dataflow and the number of endpoints involved in protecting the data. So why does the means to modern authentication seems difficult and expensive, and why do we worry so much about the impact on user experience when we never did in legacy? (wry smile).  Let’s look at why 2FA, SSO and biometrics never have caught on with many legacy houses, and why some still stick with passwords 10 years after many predicted their demise.

Two-factor authentication is becoming the norm for password security in what amounts to a reasonable concession from users to IT staff pleading with them to follow basic password security protocols. Since almost no one follows those protocols, two-factor authentication has become the stop-gap. Although passwords are bad, biometrics and other mechanisms were never considered a good replacement because they all suffered their own flaws, and could not counteract the biggest advantage passwords have going for them: They are cheap and convenient. Today we are seeing a growing movement away from explicit, one-point-in-time authentication to a recognition model that mixes implicit factors — such as geolocation, device recognition and behavioral analytics — with explicit challenges such as passwords, biometrics, OTPs [one-time passwords] and dynamic KBA [knowledge-based authentication] based on identity verification services. I just borrowed a colleague’s login to use an online application, and was denied based on geolocation and was asked for verification code from his email.   Given he is (hopefully) asleep in Canada and I am in Belgium, this stopped my progress to use the app.

Given we are throwing mobile into the mix, many firms are starting to use mobile push assuming we are glued to our mobile devices (at least the folks under 30) and can use it as an authenticator.  Mobile OTP and mobile device authenticators add some value in a 2FA approach, assuming you have not lost the device and/or are out of battery. But for security, do remember that a smartphone can still receive and display social media  or text message alerts even when the device’s screen is locked and the application that is pushing the notification is closed.

Basically, the security measures we use today reflect our risk tolerance and desire for simplicity.  This is because we assumed the hardware and systems were defended, and the endpoints were irrelevant because of strong system security.  Appropriate security depends on how valuable your data in the transaction is and what other protection is available for the data (encryption, public key infrastructure, etc).  Legacy complexity can be a good thing if the data is valuable.  But we work the data now at the endpoints, and therefore we need to find a way to block endpoint activities if necessary, using legacy technology.

Posted in Blog | Tagged , , , , | Leave a comment

Informatica, Permira, Canada, and $5.3 Billion Dollars

OhCanadaToday, Informatica announced a definitive agreement to be acquired by a company controlled by the Canada Pension Plan Investment Board and the Permira funds for about $5.3 billion. This agreement has been hinted at for the last couple of months as rumors abounded about Informatica as a private equity target.

As the market leader in data integration and a company that Blue Hill has covered closely, the Informatica acquisition is interesting as a key event in the data integration and data management markets. Although Blue Hill is not a financial analysis firm, we believe that the potential valuation of Informatica is an important marker for the perceived value of Big Data and the Cloud. In that regard, we’re interested in how this works out.

So, what kind of a valuation does Informatica deserve in a fair and just world? First, we’ll note that Nomura Securities recently gave a downgrade to Informatica yesterday under the assumption that Informatica has met the target price based on reaching a target price of $45. However, the acquisition offer prices Informatica at about $48.75 per share. Is this justified by the current state of Informatica as a business?

We’ll start with the technology, where we actually spend our time. Over the past several years, Informatica has truly turned over a new leaf with the development of self-service enabler Rev, data security product Secure@Source to accompany data masking acquisitions, the acquisition of product information management vendor Heiler, and a significant internal investment in cloud services that has resulted in a roughly 50% growth in software subscription revenue year over year. Between these products and Informatica’s other substantial investments in its data integration and management products (adding up to a total of 17% of revenues being reinvested into R&D), Blue Hill believes that Informatica’s product investments are significant and keeping pace in a highly competitive and evolutionary Big Data world.

In contrast, Blue Hill believes that TIBCO has made a variety of smart acquisitions over the past three years including

* LogLogic for log and security intelligence
* Maporama for geographic intelligence
* Streambase for high performance event processing
* Extended Results for mobile business intelligence and
* Jaspersoft for cloud-based business intelligence

Informatica’s intended purchase is for $5.3 billion whereas TIBCO, a competitor similarly acquired by private equity, ended up being acquired for $4.3 billion despite being similarly sized. To figure out why, Blue Hill took a quick look at an apples-to-apples comparison of recent revenue.

TIBCO and INFA revenues

TIBCO and Informatica had a one month difference in measuring quarterly results as public companies, but their performance as this summer shows a starting point for comparison. Both companies saw challenges growing software revenue from 2013 to 2014 due to European currency challenges, but Informatica showed more consistent revenues across all of their categories from 2013 to 2014. The one big anomaly would seen to be in TIBCO’s rapid subscription revenue growth from 2013 to 2014, but this can largely be explained through TIBCO’s acquisition of SaaS BI provider Jaspersoft in April 2014.

See Related Research

In this head-to-head comparison, Informatica is making greater strides in moving to a subscription revenue model, growing service revenues, and maintaining existing software license revenue from year to year. Again, with the caveat that Blue Hill is a technology analyst firm and not a financial analyst firm, the numbers seem fairly clear that Informatica was executing well on its evolution to the cloud and to maintaining client subscription revenue and loyalty.

Ultimately, Blue Hill believes that the Informatica acquisition is an interesting opportunity for private investors to treat Informatica like Dell: a company free to grow and innovate without the quarter-to-quarter pressures of dealing with specific revenue targets. Given the innovation across both Informatica’s cloud delivery and product launch efforts over the past several years, Blue Hill hopes that Informatica’s new overlords see the wisdom of allowing Informatica to continue along its current path of transformation from traditional enterprise application provider to the future of cloud-based information management and integration.

Posted in Executive Management, General Industry, General, Blog, IT & Infrastructure, Enterprise Risk Management | Tagged , , | Comments Off on Informatica, Permira, Canada, and $5.3 Billion Dollars

Taking Stock of the Legal Cloud (2/2): Paths to a Secure Legal Cloud

VictoryPreviously, I observed how the evolution of the cloud has led to considerable growth in cloud solutions within legal environments. At the same time, concerns about the security and privacy of cloud environments have created obstacles to adoption among the profession. For the legal community, the contradictory opportunities and risks presented by the legal cloud results in a tension between attitudes that, at their extremes, we can refer to as “cloud complacence” (or an uncritical trust in cloud providers) and “cloud anxiety” (an uncritical refusal to consider cloud solutions). Cloud-complacent and cloud-anxious attitudes both work, in effect, to increase law firms’ vulnerability to risks, on the one hand, or to deprive them of the real benefits of a cloud solutions, on the other.

Part of the problem is that both cloud anxiety and cloud complacence stem from very reasonable responses to cloud computing. It is not unreasonable to believe that cloud providers (who by the very nature of their expertise and business models) will invest in the security and integrity of their solutions, generally with a sophistication that is lacking at law firms. Nor is it unforgivable to feel uncertain about the sufficiency of these efforts, particularly given some high profile incidents which have erupted over the past year. In fact, for a reasoned articulation of (and response to) cloud anxiety, see Sam Glover’s take on Lawyerist. The trick lies in understanding how much trust or suspicion (or both) is reasonable to find a way that balances the risks and benefits of the cloud. This requires understanding the nature and sensitivity of the data that you putting into the cloud, and how a particular solution protects and potentially exposes that data.

There are a several relevant factors to consider here. First, a basic understanding of what’s involved in data security when using mobile-cloud (the successor to the endpoint-server paradigm):

1) Servers – Generally, cloud offerings transfer data that was held on dedicated hardware physically located within the walls of the firm to remote, shared servers controlled by third parties. What those third parties do to protect and maintain the integrity of these servers is thus an important aspect of cloud security. It is also the most obvious element to consider. Other important questions here relate to multi-location failure, and the extent to which server space is shared or dedicated.

2) Transfer – For the cloud to work, the data and applications stored on remote servers must be accessible by users through their computers and mobile devices. How this data is exposed or protected in transit between cloud servers and these access points is also a crucial element of the overall security of the cloud. The core questions here typically relate to identity encryption and secure data transfer.

3) Access Points –One of the advantages of the cloud is how it opens up the freedom to access data from a wide variety of devices and locations. This also increases the opportunities for exposure. Many devices automatically log into cloud systems and save local copies of the files stored on the cloud servers. As such, we need to be concerned with the security of the device itself, as well as the ability to control it after it leaves physical possession of the firm. The security literacy of users is often an important element here as well.

Different providers take different approaches in how they address these needs, leaving firms with a range of options to consider. Let’s look at a few basic approaches to provide some context for these strategies, and what they mean for your firm’s use of the cloud.

Showcasing Fortification

Again, we’ll start with the obvious option. Many legal cloud vendors have responded to the market’s concerns by improving encryption and server security. The need for strong security has prompted vendors to use security efforts as a matter of differentiation. Key factors here are the security certifications and protocols used by the cloud provider. Firms with dedicated IT resources can suss out the meaning of the terms that are used in these environments, but smaller firms often lack the background to translate the terms and standards referenced into a practical understanding of how secure it will be.

While a little self-education is a healthy thing, vendors often opt to use a number of shorthand tricks to signal the trustworthiness of their platforms by highlighting the:

– Number of certifications obtained. For example, cloud practice management provider Clio highlights that it possesses three certifications (by VeriSign, TRUSTe, and McAfee Security), even if the standards themselves are somewhat redundant, primarily verifying the use of Secure Sockets Layer (SSL) encryption (although the TRUSTe certification also identifies incorporation of its privacy standards).

– Adoption of known security standards or industry requirements. For example, Box and Microsoft Matter Center for Office 365 both underline their compliance with HIPAA and EU security and privacy standards as a way to indicate their appropriateness for legal environment. (Microsoft also lists ISO 27001 and Federal Information Security Act compliance, and goes so far as to identify its own security expertise as a consultative value-add for legal customers.) MyCase (which leases cloud space from Amazon Web Services EC2) and cloud ediscovery provider Logikcull both take pains to identify that they leverage “bank grade” security (which again is largely SSL).

– Physical security at data center sites. Box and MyCase highlight the physical security and disaster precautions of their data centers. Kroll Ontrack goes further, identifying steps taken to ensure temperature control and power supply redundancy.

Moving to a Private Cloud

Generally speaking, when we refer to cloud offerings (in the legal sector or otherwise), we are speaking of “the public cloud,” or cloud resources that are available for public use. On public clouds, server space is shared, and an individual user’s data might be distributed across multiple servers and data center locations. In this way, public cloud offerings maximize the economies of scale that supply the cost advantages of cloud solutions, and can potentially create exposures and a lack of transparency regarding data location and control.

Private clouds represent an effort to avoid the latter issues through dedicated cloud resources. While they can be provided by third parties (or maintained internally), private clouds are distinguished in that the servers involved are only used to support a single organization. This helps maintain the control over the network. In addition, hybrid clouds offer a middle ground to segregate data between private and public clouds as appropriate.

Typically, legal cloud providers are public cloud providers, with private and hybrid offerings generally offered by core IT infrastructure vendors, such as IBM, HP, VMware, and others. The leading voice for private clouds in the legal technology space has been Abacus Law. While its roots lie in practice management, Abacus Law has recently made strides as a hosted legal infrastructure provider through its Abacus Private Cloud environments. The provider takes an agnostic approach to its private cloud offerings that do not tie customers to its practice management solutions, or any sort of solution. In fact, the company has indicated its willingness to run other vendors’ solutions within its environments, effectively adding an extra layer of assurance for cloud offerings and flexibility for other applications.

Private clouds reduce some risk of public clouds, but are not a panacea. In particular, they do not necessarily alleviate the need to perform complete due diligence. Firms still need to understand the security related to servers and data transfer, particularly with respect to hosted solutions. Private clouds also do not protect the end access points of the solution.

Flexible Deployment

A third approach taken by vendors is to maintain flexibility in deployment, offering customers the ability to select cloud or on-premises options, rather than force them to use a particular offering. Generally speaking, these efforts are dictated by a desire to maintain flexibility to meet varying customer need. As such, in some part, they function as accommodations to cloud anxieties. Prominent examples of this strategy include Microsoft’s Matter Center for Office 365 and Amicus Attorney, both of whom have stressed the flexibility to offer public cloud, hybrid cloud, and on-premises offerings. Ediscovery vendors, who frequently encounter tensions between data storage, multi-party access, and high privacy sensitivity, have been particularly open to maintaining the flexibility of deployment options. To this end, Guidance Software, kCura, Recommind, Kroll Ontrack, and LexisNexis Concordance (to name a just a few) all offer options for hosted and on-premises solutions.

Ultimately for the vendors, this approach is about preserving opportunities by adapting to end-user comfort levels. For end users, it’s about obtaining the desired software capabilities with the flexibility to select or avoid the risks of cloud deployment. However, while this approach offers multiple paths, it does not necessarily answer questions about the vendor’s cloud solutions. In other words, while vendors falling into this category can often respond to end user preferences for deployment, firms selecting cloud options will still need to perform full due diligence regarding the solution.

Securing Access and Collaboration

The final category we’ll consider is primarily about securing the access points we mentioned above as much as anything else. If the other categories described largely related to differentiating solutions through reassuring firms about server and data transfer security, this category is about mitigating the risks associated with the expanded accessibility of cloud offerings. In other words, we’re discussing approaches intended to neutralize access-point risks.

Because this is a by-product risk of the legal cloud, rather than a barrier to adoption, this area has not received the same amount of focus as the approaches mentioned above. That said, a few players have sought ways to combat these issues, primarily by partnership with providers focused on supporting mobile environments. The primary strategy in this context has been to supply enterprise mobile management (EMM) or mobile data management (MDM) providers with expertise in supporting the distribution and control of data across large and diverse sets of device users. Leaders in this area include LexisNexis for its integration of Firm Manager with WatchDox, and kCura for its integration of Relativity Binders with MobileIron. Generally speaking, these integrations focus on combatting end-user risk by providing the capability to monitor, manage, and eliminate cloud access and data use on individual devices.

While the opportunities created by these integrations largely turn on the use of a particular legal function-oriented vendor (typically practice management), other vendors have focused on this particular need. To this end, EMM vendor AirWatch has sought to provide device and mobile content management capabilities independent of other solutions. Similarly, Box has focused on providing similar capabilities for managing and monitoring access to file permissions, access, and use from its storage environments. Microsoft’s Matter Center product responds to these concerns by keeping all data within cloud environments, eliminating local data exposures.

By and large, major movements in this area relate to either dedicated offerings, or integrations involving cross-enterprise providers tailored within the legal space. That does not mean that other options are not available. In particular, the last year has seen the entrance of TitanFile. TitanFile stands out as a provider focused on offering a secure collaboration platform for the legal space, without tying users to a particular data or document management environment. Rather, TitanFile encrypts files at the end-user source and serves as a content management and secure collaboration layer for attorney and client communications and document sharing.

Determining the Fit to Your Organization

Given the variety of paths that vendors take across these needs, it can be difficult for firms to compare providers to determine exactly what they need. In practice, this reinforces the need for self-education on the part of firms regarding the mechanics of the legal cloud. At the same time, it points to the need for a dedicated data security standard within the legal industry. The closest we currently come is ILTA’s LawSec efforts to disseminate ISO 27000 within the legal industry. While ISO 27000 is a prominent and well-regarded standard, it is not tailored to the legal sector.

There is a significant opportunity here for solution providers, firms, state bars, and professional associations to come together to develop a meaningful set of requirements and certifications for the industry. Even if it’s just an application of ISO 27000, the creation of industry-specific standards will go a long way to facilitate law firms’ understanding (and likely adoption) of security practices as well as help navigate a path through the extreme responses to the legal cloud.

Posted in General Management, General Industry, General Function, Blog, Legal, Legal Technology, Research, Security & Risk | Tagged , , , | Leave a comment

Mobile Content Management, BYOx and the Game of Thrones

wall1Though many companies still struggle with the notion of “Bring Your Own Device” or BYOD, a significant preponderance of businesses has now adopted BYOD as standard operating procedure. The grassroots workforce won this round of mobile technology handily if not resoundingly. Fortunately BYOD is easy enough to support from an IT perspective – there are enough mobile tools available from a fairly large collection of vendors to ensure that devices used in the workplace remain relatively free of potential harm.

The real problem with BYOD for the enterprise is that grassroots movements never stop looking to move ahead once they take root. BYOD has since spawned BYOS (storage), BYOC (cloud), BYOCC (content cloud), and BYOBI (business intelligence). There is also BYOP (platform), which is associated with various forms of SaaS and PaaS and today we can add both MaaS (mobility) and MBaaS (mobile backend). I’m not particularly thrilled with all these BYOs but that is the reality.

Let’s agree to refer to all of them as “BYOx” and let’s immediately note that the BYOx movement isn’t quite as simple a challenge to tackle as BYOD has been, In fact I know from both my own and Blue Hill’s ongoing research that many organizations are now deeply struggling to make sense of how to come to grips with BYOx. It is a daunting challenge but one that enterprises – or at least those enterprises that understand mobility is the key to strategic success going forward – cannot avoid, ignore or choose not to implement.

Why? There are two key issues with BYOx – the first is operational and the second is simply strategic.

The first and the most troubling issue for any business with BYOx is that the common denominator BYOx operates on is corporate data and content. That content takes the form of every possible bit of information residing within a company – whether it’s a simple and harmless document or a simple spreadsheet highlighting a company’s yearly holiday schedule, or the most confidential of CxO memorandums, and everything in between, such as a collection of documents and spreadsheets being collaborated on in real time from both internal and mobile laptops, tablets and smartphones.

Perhaps this collaboration involves highly sensitive and proprietary business intelligence and customer data regarding your company’s sales and marketing strategies for the next fiscal year. Content collaboration in corporate settings also suggests the possibility and likelihood of detailed content management workflows (who has the latest version of a document checked out, who has read-only or read-edit-save rights, and so on). In this day and age such workflows are well understood by most businesses, but once you add mobility and BYOx to the mix complexities arise – or rather can arise for the unprepared – in exponential fashion!

The second key issue with BYOx – and for most enterprises that want to lead rather than follow this is crucial – is that it truly creates enormous potential business advantages. An IT department cannot simply say “No” to allowing its employees mobile access to content. BYOx provides any number of content-related advantages, including, but by no means limited to such things as:

– Mobile content security
– Anytime, anywhere access, when needed, as needed
– Distribution of timely content out to the field
– Increased partner and customer satisfaction
– Increased workforce effectiveness
– Greatly enhanced collaboration across all levels of an organization

BYOD originally created the mobile device management (MDM) market, and vendors ably stepped in to fill a variety of mobile security issues specifically targeting device security, user provisioning and basic device protection. MDM however failed to take securing most business content into consideration, and the larger MDM vendors subsequently created a secondary market, dubbed mobile application management (MAM), to specifically protect corporate content accessed through mobile apps.

These same vendors have, over the last 18 months or so, further evolved MAM and MDM into the collective term Enterprise Mobile Management (EMM), which now also encompasses various forms of MCM – Mobile Content Management. MCM is assuredly not about mobile devices. It’s about your data – all of it, whether structured or unstructured, whether text-, graphics- or video-based.

I am not speaking here about raw, unfiltered data. I mean data that has been extensively deconstructed, re-atomized, analyzed, and developed into both tactical and strategic business intelligence. I’m also talking about data that may have no serious consequences if it escapes the corporate walls – a company’s vacation schedule is not likely to harm anyone.

But I am more specifically talking about such stuff as sensitive sales pricing charts, credit card information and passwords (even when encrypted), which can and will significantly weaken or kill off a company – if not literally then from a business perspective – if it escapes the corporate walls. Content is still ultimately king – we say that not because it sounds good but because it continues to be true centuries down the road.

A Game of Thrones and MCM Strategy
This may sound odd I’m sure, but I have a tendency to think of corporate content within the context of Game of Thrones. I do, what can I say? The next to last episode this season in which “The Wall” was being defended by 100 men against an army of a hundred thousand is in fact not much different than the odds businesses face every day in securely guarding content from those looking to breech the walls of defense. As much as this sounds over the top, it isn’t.

See Related ResearchThe Wall was thought impregnable by those who controlled it, but in reality it had weaknesses. In particular it was vulnerable to very large numbers of would-be attackers. The same is true for most enterprises – surely Target thought it had as secure and mighty a wall around its data every bit as mighty as the photo below suggests. But it certainly wasn’t the case.

That said, The Wall was also vulnerable to very specific attacks using very specialized tools – ok, in this case I mean a giant and a mammoth tackling a gate…but hey, it’s Game of Thrones, what did you expect? But simply substitute hacker and malware to bring things back to the 21st century.

wall3As BYOD proliferates and extends itself into its numerous BYOx offshoots, greater and greater numbers of mobile users will need to gain access to the corporate crown jewels – strategic content. There is great benefit in being able to do so, but that benefit can be significantly mitigated by poor BYOx and MCM planning and deployment.

My research points to many companies heading towards being overwhelmed by BYOx and MCM. In particular, the biggest issue is a great deal of confusion in how to safely unlock content for the numerous mobile users who will demand access. As I noted above, saying “No” to access is not acceptable. Access needs to be granted.

Further, my research also shows that the real confusion for enterprises is primarily driven by the proliferating and constantly shifting face of MCM solutions. There are at least four main categories of MCM vendor solutions – ranging from the EMM players, to the traditional ECM vendors, to the emerging collection of Secure File Transfer vendors and on to numerous cloud-based solutions. A new one pops up every day, and it isn’t only nimble startups that are popping up. In June 2014 alone both Google and Amazon have staked out new ground in seeking ways to become your purveyor of safe, cloud-based content management.

Mass enterprise confusion? That may be slightly overstating the case, but only slightly. It’s close to reality.

What to Do About it?
The first step is to build an effective MCM Decision Framework that will allow your company to effectively home in on the right type of solution for your company. The second is to effectively evaluate the MCM vendors and find the right ones to deliver on your specific needs. Towards this end the Blue Hill team has been working on research to ensure your company is able to fully take advantage of BYOx and is able to fully protect its “deployed content” by making the right technology investments to meet its needs.

Over the next several weeks Blue Hill will publish two new MCM reports. The first to be published will provide enterprises with the means to develop a highly effective MCM Decision Framework. The second will provide one of Blue Hill’s unique Anatomy of Decision reports that will allow IT teams to take the Decision Framework and uncover the right vendors to meet specific needs and drive implementation.

Stay tuned! In the meantime let me offer you a little bit of homework by pointing you to fellow Blue Hill mobile compatriot and Chief Research Officer Ralph Rodriquez’s insightful overview of the MCM vendors, The Battle for Mobile Content is Just Starting.

Let’s expand the dialog! Follow me here at Blue Hill, on Twitter @fastjazz, and on LinkedIn. Follow Blue Hill Research on Twitter at @BlueHillBoston.

Posted in Blog, High-Tech, Research, Mobility, Security & Risk | Tagged , , | Leave a comment

Samsung's KNOX 2.0 to be Embedded in Android L - Should Your Enterprise Care?

Courtesy of Samsung MobilityBack near the end of January 2014 Google and Samsung signed an important mobile cross-licensing agreement. Yes, they had of course been long time partners as far as Android is concerned, but there have also always been underlying intellectual property tensions between the two, driven primarily by differing business strategies and perspectives that had begun to threaten the overall relationship.

Samsung makes its money selling hardware and has a CEO who is damned sure that it is only through software that Samsung will differentiate and “innovate” and become the dominant player across all mobile and wearable industry segments – whether from a consumer or enterprise perspective. Google sells software but has huge aspirations to sell various pieces of computing, mobile and wearable tech hardware. One can certainly see where the tensions all reside…and why.

Both Samsung and Google have helped each other over the last seven years in establishing Android and Android-based hardware as the predominant foundation for all things mobile (at least in so far as raw overall global numbers are concerned). But Samsung’s interest in software and Google’s in hardware (as well as Google’s need to not only work with Samsung but also with all of Samsung’s hardware competitors) inevitably creates non-trivial concerns about motives and motivations.

Google’s key concern: Might it be possible that Samsung can do enough unique things with Android from its end that it could eventually highjack Android from Google? Worse, might Samsung be able to do enough to drive overt fragmentation that Google might not be able to control? Given Samsung’s dominant scale and overall Android hardware position the answer is absolutely yes.

Samsung’s key concern: Might Google look to spread the Android wealth in such ways and among different hardware vendors that Samsung might find itself at a loss for any differentiators what so ever? Again the answer is yes.

From Google’s Android fragmentation and highjacking perspective, Samsung’s KNOX 2.0 mobile device security platform is exactly such a beast and a perfect and important example of where the underlying tensions between the two have long lurked. Samsung deserves a good deal of credit for diligently working to deliver KNOX – although there are issues with it, as pointed out by Blue Hill Chief Research Officer Ralph Rodriguez (@ralphopinons on Twitter) in an earlier post dubbed Why Samsung KNOX has Flopped.

I don’t necessarily agree it has flopped, but what is important to note is that Samsung understands that KNOX is critical to securing a future Samsung legacy in the enterprise. Without KNOX there is absolutely no enterprise play for Samsung. Further, KNOX enables Samsung to claim partnerships with most of the mobile application management vendors – as Ralph subsequently pointed out in another blog post titled Samsung KNOX Finally Gets a Good Boost at MWC14.

From Samsung’s point of view Google might certainly opt to finally release its own enterprise-focused security capabilities. Since Google owns Android (regardless of the Samsung highjacking threat) doing so would likely render useless a substantial Samsung software investment and leave KNOX as a far less effectively differentiated platform. And, every Android device vendor ends up with an enterprise security platform. To a very large degree Samsung’s deep investment in Tizen stems from these issues as well. I won’t delve into Tizen in this post other than to note that I do not believe there is much of a future for Tizen (I include here wearable tech derivatives), which leaves Samsung’s future inescapably rooted in Android.


This is the back story to why Google and Samsung decided to seriously reinvigorate their relationship in January by signing a substantial, joint 10-year patent and cross-licensing deal across both the existing mobile patent portfolios of each company and the next ten years’ worth of them. At Google I/O 2014 the announcement that KNOX 2.0 would formally find its way into Google’s Android platform as part of Google’s new Android for Work initiative was the first practical result of the joint agreement. Though hardly the centerpiece of Google I/O, from an enterprise mobile perspective this was the biggest news to be had as far as I am concerned.

Google and Samsung – Two Companies, One Enterprise Voice

Sundar Pichai, Google’s Senior Vice President for Android, Chrome and Apps, is adamant that Google will utilize a variety of Android for Work mobile enterprise features new to the upcoming version of Android – Android L – to align the interests and focus of Google’s entire collection of Android mobile device vendors, and KNOX is a key piece of this. To paraphrase Pichai slightly, he wants to “ensure that there is really one story to tell.” Lenovo, Huawei, Dell, Hewlett-Packard, Sony and HTC are on board to date, and more will be announced.

As Google’s largest mobile partner Samsung benefits a good deal – Google’s endorsement of KNOX adds much needed credibility to the platform, brings additional engineering resources to the game and keeps Samsung rooted as Google’s most important – and not merely its largest – partner as well.

To be sure, aside from the Google I/O announcement there isn’t as yet a great deal of information available as to how KNOX will be integrated, and one might also speculate as to how far Google will go in doing so. The official press release from Google and Samsung stated only the following: –

“…The next version of Android, which was previewed today at Google I/O, will include a number of new features for enterprise users and IT administrators, such as a separate container to manage and secure business data.”

But in my humble opinion Samsung has taken KNOX a great deal further than most enterprises are likely to know. It isn’t my goal in this post to dig into the KNOX architecture (a more formal Blue Hill Anatomy of Decision report is forthcoming) but I will say that KNOX 2.0 has been granted Common Criteria Certification.  This is non-trivial and no small feat, and though Samsung still has a way to go to even begin to touch BlackBerry certifications territory (or even Good Technology territory), the KNOX certification speaks volumes to Samsung’s general commitment to the enterprise.

Courtesy of Samsung Mobility

Given this, as far as I am concerned there is no way that Google won’t implement the entirety of KNOX as Android L’s core enterprise security platform base.  This is already beyond merely “good enough” security for many enterprise mobile strategies and for any business that wants to use those advanced Samsung devices that support KNOX 2.0. Google’s own implementation will open up many more advanced Android hardware choices, such as HTC’s One M8.

Multiple vendors speaking with one true mobile enterprise device management and security voice changes the landscape – or rather, Google hopes it will change the landscape for Android in the enterprise. That common voice is necessary to take on the challenge of Apple’s still untouched dominance in the enterprise.

Without the cross-licensing deal from January in hand I can tell you we would not have seen KNOX gaining so much favor from Google. At its core it is quite interesting that though the cross-licensing deal is only between Samsung and Google it never the less provides the bridge to many Android vendors speaking with that one common enterprise voice.

So, as to the question posed in the headline, I will that say at the very least enterprises do need to care – a great deal. And they need to begin investing resources towards gaining an in-depth understanding of KNOX – its capabilities, how it compares to what enterprises now have available from Microsoft, Apple and Blackberry, and how it fits into the larger overall enterprise mobile management (EMM) landscape and the vendors that play here, such as Good Technology, AirWatch, BlackBerry and MobileIron – to name but a few.

The issue of enterprise security has come full circle – the “merely good enough security” of just 18 short months ago that most enterprise IT shops found so convenient to adopt has hit a real wall. “Far beyond good enough security” is once again the law of the enterprise land. I’m not yet even remotely ready to breathe a sigh of relief on this front but hey, it is all a small though significant step in the right direction.

KNOX fits this scenario perfectly.


Posted in Blog, Mobility | Tagged , , | 1 Comment

BlackBerry's Power Punch aka Encrypted BBM

Yesterday, BlackBerry Limited (NASDAQ: BBRY) announced the availability of BBM™ Protected, the first solution in the eBBM™ Suite for secure enterprise-class messaging. BBM Protected offers regulated industries the most secure and reliable real-time mobile messaging experience in the industry.

In their press release they state “The eBBM Suite is a new family of BBM products and services built for business that bring together the convenience and usability of BBM with the additional security and compliance required by enterprise customers. The eBBM Suite will include new services designed to enable mobile workers to be more productive on the go, while meeting enterprises’ needs for security, manageability and control. The first product in the eBBM Suite which was announced earlier this year, BBM Protected, is being delivered ahead of schedule today.”

Why Should Anyone Care about Secure Mobile Messaging?

Blue Hill Research located in Boston, MA recommends companies and global organizations working in regulated environments, like legal, healthcare, financial services, and government for instance to take note. These customers in regulated industries require the protection of each message to have its own encryption key, making it very difficult for anyone to decode an entire conversation.

eBBM™ is the only secure instant messaging solution that uses a FIPS 140-2 validated cryptographic library and symmetric encryption keys for what BlackBerry calls an “unrivaled level of trust in BBM message encryption.”

In plain English this means that users using mobile instant messaging on their smartphones will have government approved “confidentiality and integrity” of the information protected by BlackBerry’s new IM software.

Officially, The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordinate the requirements and standards for cryptography modules that include both hardware and software components. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module.

eBBM™ Has created the unique and easy to use capability to have a shared encrypted key using a PGP like model.

In plain English this means that the first time that a chat is initiated between two users, they’re required to simply share a secret pass-phrase like “BigBoy” in order to generate an encrypted key to secure their chat. Friends wanting to chat can create any phrase and share the phrase with the other via email, photo (including fun photo-bombs), and in-person or over text (which I don’t recommend). This phrase only needs to be entered the first time two friends chat.

Secure BBM Protected chats aren’t limited to users inside the company; employees can chat securely with BBM Protected users at others companies too – they do not need to be on the same BES server and no federation between servers is required.

In plain English this means that users can chat safely and securely with anyone else, at any company using BlackBerry’s network, without needing the IT department’s help connecting friends. This is because BlackBerry has made it easy for everyone to use their safe network and cloud to send and receive messages.

Below is the official overview of BBM Protected (e-BBM) with highlighted URLs for those inclined to dig deeper into their security and why BBM Protected is Enterprise Ready for every user and company who desires to remain protected…

Secure mobile messaging

BBM Protected allows employees to take advantage of the speed, reliability and privacy of BBM for faster communication, collaboration and decision making while providing security conscious organizations enhanced security over corporate data.

Protect your assets end-to-end

Whether you’re a regulated business, or a highly security conscious organization, BBM Protected offers an enhanced security model for BBM messages sent between BlackBerry smartphones that protects corporate data in-transit by adding an additional layer of encryption to BBM.


Protecting data in-transit

BBM Protected is designed to provide full end-to-end message encryption from the time a BBM Protected user sends a message to when the recipient receives the message. It incorporates three layers of security.

– BBM Protected introduces a new layer of encryption to the existing BBM security model.
– Messages between BBM Protected users are encrypted using a PGP like model. The sender and recipient have unique public/private encryption and signing keys.

– These keys are generated on the device, by the FIPS 140-2 certified cryptographic library, and are controlled by the enterprise.
– BBM and BlackBerry are not involved in brokering the key exchanges, so at no time are they stored within the BlackBerry infrastructure.
– Each message uses a new random symmetric key for message encryption.
– A Triple DES 168-bit BBM scrambling key encrypts messages on the sender’s smartphone, and is used to authenticate and decrypt messages on the recipient’s phone.
 – TLS encryption between the smartphone and the BBM infrastructure helps protect BBM messages from eavesdropping or manipulation.

See Related Research: Charting the Future of Business Networks

Protecting data on the device

BBM Protected builds upon the proven BlackBerry security model, trusted by security conscious organizations around the world. The secure root of trust starts in hardware and extends up through software and application layers helping to protect BBM messages at all times when they are at rest on the device.


The release of BBM Protected is available for BlackBerry devices running BBOS 6.0 or later versions, or BlackBerry 10 devices in Regulated mode. No software update is required; it can be added as an IT policy through a company’s BES console.

A later rollout will extend BBM Protected to BlackBerry 10 smartphones in Work/Personal Balance mode, as well as to organizations with iPhones and Android devices.

As I previously wrote about BlackBerry BBM back in February titled “Blackberry Burns Metal (BBM)”, BBM Protected is another shot across the bow. Every enterprise mobility management (EMM) player should take note that BlackBerry has enterprise ready secure communication software, a world-class infrastructure and cloud, which is safe and secure to boot.

Posted in General Industry, Blog, IT & Infrastructure, High-Tech, Research, Mobility, Manufacturing, Security & Risk | Tagged , | Leave a comment

Apple's new iOS 8 & Yosemite Continuity & Handoff are Great Enterprise Additions

wwdc1Sometimes it’s better to take a step back rather than take an immediate plunge. This truism can be applied to literally any tech event, but I have Apple’s World Wide Developer’s Conference (WWDC) that is taking place this week specifically in mind. Even more specifically, I have Apple’s WWDC 2014 opening day keynote in mind, during which Apple CEO Tim Cook and Apple SVP of Software Craig Federighi highlighted numerous new mobile and desktop OS features. Normally this is an event I would be all over on the day it took place – but so many others have already plunged in with recaps and POVs that I wanted to sit back this time around and let the noise subside first.

I did tweet (@fastjazz) this past Monday that Apple’s numerous iOS 8 and Mac OS X Yosemite additions are a significant step forward for users in general. This is certainly true for consumers – but in truth I am most excited about what Apple will deliver relative to the enterprise.


Hold on though, none of the new features that Apple touted specifically as new enterprise features are what excites me. Rather it is what may be perceived as pure consumer features that are most interesting from an enterprise perspective.

Yes, Apple did toss in its usual two bits on management and security for the enterprise, and as usual there was not really much here to sing high praises for. In fact I won’t even bother to enumerate these new features – they are listed in numerous other places. What is exciting – or should be exciting – for the enterprise are the new Continuity and Handoff features Apple will deliver as part of both the new Mac OSX Yosemite and new iOS 8 updates coming our way in the fall.

Very briefly, what these two new features deliver is the ability that users gain to seamlessly transfer communications and communications threads between iPhones, iPads and Mac OS devices running the new OS upgrades (shown below). I believe this new combination will spur new ways for enterprise users to collaborate in truly frictionless ways within enterprise settings. The ability to easily move between both mobile devices and traditionally more desktop-bound devices (laptops still fall here as far as I am concerned) is a significant step forward for enterprise workforces at every level – from the manufacturing floor up to the C-Suite.


I am among those who believe there is a much more enterprise-centric iPad coming this year, and I am as well someone who believes that iOS and Mac OSX will eventually become one and the same thing – especially as Apple continues to deliver on enhanced 64 bit processors for its mobile devices (and I hope, Apple will also strongly consider significantly upgrading internal memory to meet enterprise-centric needs). We can as well – thanks to upcoming new Intel chip-level innovations, anticipate Mac OSX hardware – at the very least the Mac Air and the rest of the Mac notebook lineup – to become totally wireless beasts (no power cords, and so on).

As these hardware things take place – and all of it is very likely to happen before 2014 is out – the Handoff and Continuity features of iOS 8 and Yosemite will become embedded components of everyday collaborative enterprise workforce life. If you perhaps think that we’ve already hit a peak in terms of the types of data that we (by which I mean every enterprise on planet Earth) need to worry about protecting, you need to stop fooling yourself! Keep in mind that communications – whether voice, text, multimedia and everything in between – will more often than not contain sensitive information, and Apple’s Continuity paradigm will further drive the powerful desire of mobile-enabled collaborators to instantly share data.

Ramped up frictionless communications at this level between both internal workforces and external partners will require a significant ramping up of enterprise security – not only at the mobile level but at the desktop level as well. As the desktop increasingly becomes part of the overall enterprise mobile landscape – and as new internal enterprise apps become increasingly mobile in nature, new, potentially hidden, and surely exploitable mobile/enterprise security holes will inevitably pop up.

Vigilance on this front, as I underlined in Mobile Enterprise Security – It’s What You Don’t Know That Will Get You, will also need to be ramped up. There is no rest for those involved in enterprise and mobile enterprise security. There are now a good set of tools available to the enterprise to handle today’s security concerns. Certainly MobileIron, Good Technology/Boxtone, AirWatch by VMware, Citrix/Zenprise and SAP Mobility (primarily by way of its Sybase acquisition) and others offer platforms that target enterprise mobile security under the catchall of Enterprise Mobile Management (EMM).


Hmm, did I leave someone out of that list? Indeed I did – BlackBerry. I left BB out however not because I want to suggest, as so many others already have, that BB is dead in the water, but to instead point out that BlackBerry may in fact now prove to be the smartest enterprise security move an enterprise can possibly make. Why?

BlackBerry Finally Steps Out of its gRIM Reaper Phase

One of the real travesties of BlackBerry’s original old Research in Motion founding management regime was the move that management team made for what was back in 2008 – 2009, an unprecedented $350 million consumer marketing land grab (RIM’s words, not mine). The tragedy is that RIM did this completely at the expense of its then thriving enterprise business, which it essentially left behind at the time. Let’s be clearer here – RIM did so from a marketing perspective – in truth the company never stopped enhancing its existing security capabilities, though my own view of it is that the company clearly stopped “innovating” on enterprise security.

This lack of innovation – coupled with devoting zero dollars to marketing enterprise security for a far too long period of time, allowed numerous MDM (mobile device management) vendors to gain critical enterprise footholds. As the iPhone became a dominant player within the enterprise, especially at the CxO level, IT departments were, of course, forced to begin settling for merely “good enough” security, a trend which made RIM’s own uber-secure platform seem like significant and costly overkill – or even worse, as “old school.”

Indeed, many enterprises came to believe this was the case, and many businesses that have since either considered or have in fact moved off the BlackBerry platform have done so because of this. Alas – for both the enterprise and for BlackBerry.

I certainly was not convinced circa 2012 – 2013 that BlackBerry would be able to survive as a business. My thinking changed however once it became clear that former Sybase CEO John Chen was taking the CEO reins at BlackBerry. Chen, in my view, is a star when it comes to enterprise mobility. I’ve had the opportunity to speak to both Chen and his Sybase mobility teams for well over a decade, and I was there at the very beginning of Chen’s emerging blueprint for developing the Sybase Unwired Platform (SUP).

There is a ton of enterprise mobility history there, but this isn’t the place to mine that Sybase history. Let’s just say that Chen has long demonstrated a keen understanding of the need for enterprise security and a cornerstone of SUP. What is important to understand is that Chen is now bringing this intimate relationship with enterprise mobile security to BlackBerry, and this gives me great hope not only for Blackberry itself to survive as a business, but for enterprises to have at their disposal what still remains as the platform of choice in delivering the absolutely highest levels of security within enterprise and government environments. To this day no vendor can match BB’s security certifications, and that is valuable.

At a recent tech conference Chen simply noted that, “We’re going back to our enterprise roots. I don’t really want to comment on past BlackBerry management decisions, but we cast our net a little too broad. At the same time, we haven’t really added value to the enterprise space.”

In an emerging enterprise and government world where “good enough security” is no longer good enough, the truth of the matter is that BlackBerry owns the strongest possible security platform available for deployment. For those many companies that are still BlackBerry customers this represents a potentially powerful strategic and tactical advantage. For companies that left the BlackBerry fold it is time to rediscover what BlackBerry has to offer under Chen’s enterprise security-centric leadership. Yes, it is time to do so.

BlackBerry has further successfully transitioned itself into a legitimate cross-platform EMM vendor. The BlackBerry that I grew up with between 2000 and 2007 is finally back on the enterprise mobility stage and all businesses need to take a deep and critical look at what the company now has to offer. Yes, it is time to do so.

Knowing how Chen operates, I absolutely anticipate that BlackBerry is already at work “innovating” on enterprise security. For the first time in over half a decade I am again looking forward to BlackBerry analyst days!

With Apple – and I mention Apple because no matter how hard others try it is still Apple that truly drives enterprise mobility even if Apple itself doesn’t think it is an enterprise player – ready to deliver mobile innovations that make merely “good enough security” in the enterprise an utterly stupid strategy for any organization, it’s time for enterprises to step up. Putting BlackBerry back on the radar and front burner for EMM evaluation is a highly recommended task to undertake. Sure, it’s free advice I’m offering here but trust me when I say that every once in a while you get back much more than you pay for.

It may seem a very strange enterprise world when Apple and BlackBerry may become intertwined in a happy coexistence. Keep in mind that Apple was as close to death as any company could be before Steve Jobs returned to innovation. John Chen is now in a place to drive the same level of innovation with BlackBerry. My bet is that Chen will succeed. This in turn will keep Apple mobile innovation in a happy and secure enterprise place.

And that is great news for both enterprise mobility and enterprise security.

Posted in Banking & Finance, General Industry, Blog, IT & Infrastructure, Healthcare & Biotechnology, High-Tech, Research, Operations, Insurance, Mobility, Manufacturing, Security & Risk | Tagged , | Leave a comment

The Internet of Things and M2M - Some Predictions for a Bubbly Next Few Years

Tony Rizzo Internet of ThingsIn my last blog post I focused on enterprise security. In particular I considered the issue of knowing (or more accurately, “not knowing”) where mobile security holes lurk within any given business. This led to a discussion I subsequently had with some folks about the “vastness” and real magnitude of these security holes.

This in turn caused a member of our little cohort to ask if the vast number of already mobile- and wirelessly-connected devices in both our business and personal worlds has already compromised our security beyond any true ability for us to ever plug all the possible security holes. Hmm…what do YOU think? Before answering this, consider that a new Gartner survey claims that “most” U.S. consumers have very little security concerns with BYOD – to which I had to tweet, “Oh what fools these mobile mortals be” (track me down on Twitter at @fastjazz).

As is now inevitable – from there our discussion turned to wearable technology and the likelihood that all of us will soon be entirely and always connected. And more likely than not, we will find ourselves connected in unknown ways to many unknown things around us. We won’t be connected merely to be connected however. We will be connected specifically to exchange and share data, which ultimately translates to big data and analytics.

It is a unique emerging world where we will all be intimately known both individually yet also collectively and universally as part of massive data sets. These data sets in turn will be mined for priceless business intelligence about us and how we are most likely to function as individuals within the larger worlds we inhabit. How much data? Well, Cisco estimates that by 2020 wearable technology alone will be generating 1.2 zettabytes (yes, zettabytes) of data. And that, as far as I am concerned, is too low an estimate!

Wearable tech, which today is all about individuals toying with insular personal gadgets, is already quickly evolving into the means by which businesses will more or less know – again through business intelligence and analytics – everything there is to know about our behaviors as we interact with the businesses around us. What we will wear, however, pales in size compared to the total collection of sensors and devices that will exist all around us.

Let’s turn again to Cisco. The company’s most recent Visual Networking Index (VNI) states that more than half a billion connected devices were added to the mix in 2013 alone. It further notes that by the end of 2014 the total number of connected devices will exceed the number of people on the planet. With these numbers in hand is there anything we can conclude for the immediate future, say out to the end of 2015 and maybe just a little beyond that?

So, A Few Humble Predictions

Yes, it is true that most of us tech analysts and writers post predictions later in the year, typically in those weeks after Thanksgiving and before Christmas. But some things just cannot wait – there is so much going on in the M2M – machine to machine – and Internet of Things (IoT) space that I’ve decided it’s time for the early bird special on predictions.

M2M is at a critical point in its existence, one that has clearly moved beyond quiet evolution – in fact I consider it a true transcendent moment in time for M2M. But it’s also more than this – let’s turn to part of a quote by John Milton (it’s always useful to apply 17th century quotes to 21st century technology): “…those transcendent moments of awe that change forever how we experience life and the world.”

Yes, that gets very close to what it means for M2M to be transcendent as far as I am concerned. It’s what makes M2M especially worthy of its other means of identification: The Internet of Things (IoT). That sounds quite Godlike and all-encompassing in its way…or transcendent. Redg Snodgrass, the CEO of Wearable World meanwhile has already extended it to the Internet of Wearable Things. There is truth in this. Then there are those who claim the Internet of Everything is already here, but I won’t go that far.

What’s the purpose of M2M? Its essential purpose today, as we quickly arrive at the midpoint of 2014, is to create simple but vast channels of immediate communications and real time data gathering that we all hope will enhance our everyday lives and work. This will be done with enormous collections of wireless sensors and embedded mobile devices that will see, listen, feel, measure, aggregate and report all manner of information 7 days a week, 24 hours a day. Right…more or less non-stop.

Much of this will happen automagically and behind the scenes and won’t involve any human interactions what so ever. But in some cases these devices will overtly engage and interact with us as well – something that will grow over the next several years to become far more substantial than is the case today as the industry moves to gather data that was formerly difficult to collect and aggregate. This is the essence of M2M today as we move full speed ahead to the end of 2015.

To date the key challenge has been to establish reliable and inexpensive communications and connectivity between mostly wireless devices, and to get wireless data transported from widely dispersed edges, where M2M data is typically collected, back to central locations where that data can be monitored and acted upon.

M2M today already helps to automate numerous decisions and tasks: re-stock a soft drink machine or instantly diagnose a fault in or handle an alert from a machine for example. With the right software and the right collections of sensors we can also find the best routes for transportation based on cargo and type of travel vehicle, or more human related things such as being able to anticipate a heart attack or a possible stroke.


Wearable (and eventually human-embedded) technology will, in great part, have a significant M2M component to it. Look for wearable tech to be a key driver of IoT from a personal – rather than a remote sensor – perspective.

Where We’re Headed

Tomorrow, and certainly by 2015, I anticipate an inevitable shift to what end users – from both the pure consumer and the enterprise side – want to do with IoT. During a conversation I had with Oliver Bussmann, formerly SAP’s Global CIO  and these days Group CIO at UBS, we got around to talking about the SAP in-memory database HANA and some of the driving forces behind its development. Bussmann noted a number of these forces, and chief among them were various SAP IoT-focused issues that include the need to:

1) Support business decisions with real time M2M data intelligence;

2) Secure and manage significant streams of M2M data;

3) Identify and create new applications for M2M;

4) Mine enormous amounts of data – big data, that’s right – to learn things we never knew before.

These forces strongly suggest where M2M revenue will come from for the players in the M2M space. The chart below demonstrates how M2M will move from being primarily about communications channels (where most current revenue comes from – at least for the communications service providers) to being far more encompassing, and clearly headed in the direction of business intelligence. Think of “business intelligence” is an umbrella term that encompasses intelligence across all avenues of human activity – from business to politics to healthcare to finance to retail and every “thing” in between.

In addition to the above, Bussmann sees at least three key verticals as the most immediately promising for delivering significant M2M/IoT applications that have large revenue streams attached to them:

1) Transport and logistics: Fleet management, driver monitoring, vehicle diagnostics, insurance reporting for multinational corporations, but also smaller enterprises;

2) Utilities: Smart metering and smart grid initiatives in electricity, but also gas and water;

3) Automotive: Infotainment, vehicle diagnostics, insurance reporting for private individuals.

Vehicle diagnostics and telematics are particularly interesting. Automobiles already have numerous sensors in place – this number will grow significantly and most sensors will become fully wireless.  In many cases these embedded sensors will not simply report information but will function to control numerous activities. What does this mean? It means that they are devices that rely on software embedded in firmware.

Vendors are already working in this space – Red Bend Software, the leading vendor in FOTA (firmware over the air) updating already works closely with numerous auto companies on this front. Imagine easily updating the firmware on these sensors wirelessly without ever having to access them – productivity and repair costs are key current examples of the benefits of IoT.

Healthcare is of particularly high interest to SAP (and many, many others), but Bussmann notes that healthcare ecosystem complexity remains a challenge to overcome. It will happen within healthcare but it will likely take longer to do so in an encompassing manner. Below is a chart that identifies the key M2M/IOT industries and how they stack up relative to each other in terms of which has the greatest potential for M2M delivery over the next several years.

M2M becomes transcendent – and truly morphs into IoT only as we transition from the current ability to collect data and respond to simple alerts to being able to analyze and factor out deep meaning from big data analytics, which has its own challenges to deal with but which is intimately related to the entire future of IoT.

SAP has also uncovered what it believes to be the most significant roadblocks to IoT success. These are shown in the chart below. Though the information in the chart focuses specifically on the communications service providers it reflects easily enough what all IoT players will encounter. My two cents is that security issues will grow exponentially from what the chart suggests as the IoT transition takes place and I can only hope that companies and consumers learn to care a great deal more about it than Gartner’s survey we noted earlier claims.

I am not convinced however that “roadblock or barrier” quite gets at it. In truth the issues shown above aren’t so much barriers as they are basic business issues that need to be resolved over the next several years in order to keep IoT moving at a transcendent pace. These are all issues – think of them as a collection of markers of IoT predictions for the next several years – that will be overcome. There isn’t anything listed in the chart that is in fact particularly insurmountable.

Finally, as the issues of data transport and analysis fall into place, the last thing that needs to be solved is the need to quickly build out IoT applications. Companies such as ThingWorx (which was recently acquired by PTC) are already delivering crucial M2M/IoT app development platforms, and these will play a vital role in speeding up IoT adoption.

I am indeed in a most transcendent state of mind on IoT as we head into 2015. There are numerous technology challenges ahead but these challenges are nothing compared to the vast IoT-driven business opportunities ahead of us. Eventually we will arrive at the Internet of Everything (IoE).

With any kind of luck mobile security will have kept pace as well – but on this I am far less transcendent-feeling.

Posted in Executive Management, Analytics, General Management, General Function, General, Blog, IT & Infrastructure, Internet of Things, Research, Mobility, Security & Risk | Tagged , , | Leave a comment

Good Technology Unwraps it’s BoxTone Acquisition at MWC14

On the eve of the start of Mobile World Congress (MWC) in Barcelona Spain, Good Technology made headlines with its announcement of a definitive agreement to acquire BoxTone. BoxTone is a privately held company based in Columbia, Maryland, that has been an innovator within the mobile service management space. Adding to this news, Good also announced a new cloud-based secure messaging solution, Mobile Service Management (MSM) offering, as well as some leading carrier partnerships in Japan where BoxTone has a significant presence.

Now the newest of such announcements, this Enterprise Mobility Management (EMM) acquisition comes in less than 30 days after AirWatch announced it was signing a definitive agreement to be acquired by VMware for $1.54 billion dollars. Blue Hill previously blogged about the impacts of this acquisition throughout the technology world in our piece entitled VMware pans for AirWatch Gold.

According to Good Technology President and CEO, Christy Wyatt, the “BoxTone mobility management platform, which powers wide-scale, mission critical enterprise mobility, will be integrated into Good’s portfolio to deliver a comprehensive end-to-end secure mobility solution.” She also added that, “The acquisition of BoxTone by Good brings together the industry’s leading provider of secure mobility solutions for data, devices and apps with the industry innovator in mobile service management, enabling IT to confidently build, deploy, support and manage mobility at scale.”

Enterprise Mobility Management (EMM) and Mobile Device Management (MDM) has been a hot pocket of notable acquisitions.  Besides VMWare acquiring AirWatch, IBM acquired MaaS360 by Fiberlink Communications and HTML5 App Development Company WorkLight to extend their IBM MobileFirst Management and Security offerings. Citrix and SAP also got in the game with their acquisitions of Zenprise and Sybase, respectively. The lone soldier steadily staying its course and winning deals in EMM is MobileIron.  One peek at the largest software companies in the world, specifically the Top 10 SaaS by revenue shows that it’s easy to imagine who would benefit from scooping up MobileIron.

What does this announcement really mean to CxOs globally who are watching this wild ride of EMM & MDM market leaders shake out?  Let’s start with the 4 components in play here across the leading mobile platforms of Android, BlackBerry, iOS, and Windows Mobile coupled with Samsung KNOX, BlackBerry Enterprise Server (BES) and Exchange ActiveSync:

– Mobile device management (MDM)
– Mobile application management and analytics (MAM)
– Mobile content management (MCM)
– Mobile service management including BlackBerry migration tools (MSM)

The key above is about “P” for platform.  To be a leading player you must be a platform play, which can handle all 4 components above.  That said the Good-BoxTone combo brings a capital “S” in focus for SECURITY alongside Service.  One look at their press release and related news shows how they are throwing down the proverbial gauntlet to focus CxOs on their complete ‘Security Focused’ EMM offering:

– Secure email, contacts, calendar both on premise as well as in the cloud
– Secure browsing
– Secure instant messaging and presence,
– Secure Sharepoint, network file and cloud storage access
– Secure app development tools (customized): wrapping, SDK and hybrid support
– Only secure mobility provider to achieve Common Criteria EAL-4+ certification for iOS and Android

Unlike Samsung Knox, who with great fanfare, announced their mobile security offering last year at Mobile World Congress (MWC13), Good Technology and BoxTone are for real. As we previously profiled in our December Samsung Knox blog, Samsung’s offering subsequently flopped “big time.” This is largely because of the high stakes nature of security deployments and the need to know that solutions have been tested and certified to industry standards, meaning that they are hardened and truly ready for the enterprise. Global enterprises are now treating EMM as a mission critical user platform to deliver applications, content, services and support.  As with any mission-critical global application, security is paramount.  Sitting at the top of this EMM security pyramid is Good Technology-BoxTone and BlackBerry.  Good Technology alone has over 150 patents in secure mobility.

Recently Blue Hill has seen a lot of security focused messaging and marketing coming out of other leading EMM players, most recently MobileIron. While the spirit of the education for the enterprise is welcome we see a lot of noise and slight of hand nuance that can get easily missed if you don’t exactly know what you are looking for. Or, better yet, you don’t know the rules and guidelines that the Feds follow.

On March 31st Blue Hill Research will release its Q1/Q2 2014 report on Enterprise Mobility Management (EMM) Security for industries such as Financial Services, Healthcare, and Government.  In this competitive analysis report of EMM players we will provide an objective analysis of NIST and DISA requirements for the adoption of enterprise mobility platforms by government agencies and security minded enterprises.

What are your thoughts on Good Technology’s acquisition?

Posted in General Function, Blog, Research, Mobility | Tagged , | Leave a comment

Latest Blog

Q2 Research Agenda Announced Blue Cedar Puts Mobile Application Security Far Ahead of MDM Apple iPhone X Highlights Enterprise Corporate-Liable vs. BYOD Conundrum

Topics of Interest





Big Data



Emerging Tech

Social Media


Unified Communications



Supply Chain Finance



Corporate Payments


Risk Management

Legal Tech

Data Management


Log Data

Business Intelligence

Predictive Analytics

Cognitive Computing

Wearable Tech


Sales Enablement

User Experience

User Interface

Private Equity

Recurring Revenue


Advanced Analytics

Machine Learning


IBM Interconnect

video platform

enterprise video

design thinking

enterprise applications


Managed Mobility Services


Hadoop World


service desk





USER Applications




Questioning Authority

















fog computing

legacy IT



Switchboard Software


Data Wrangling

Data Preparation


Information Builders

Mobile Managed Services



Virtual Reality


Enterprise Mobility



Mobile devices

Mobile App Security

Augmented Reality

Mixed Reality

Artifical Intelligence


Managed Mobiity Services


Enterprise Performance Management

General Industry

Human Resources

Internet of Things



Telecom Expense Management