Topics of Interest Archives: Social Media

Samsung Security and Selfies

Samsung SelfieThis week Red Sox nation got to celebrate and be reminded again that the Red Sox were World Series champs. My favorite photo was obviously the “Big Papi” David Ortiz and President Obama selfie! Like the Oscars however, everyone now suspects money was spent by Samsung to pretend and hype up a spontaneous moment for a selfie like they did with Ellen DeGeneres and some of our favorite A-list celebrities.

The Sox photo struck a nerve with me and thus I decided to write this blog as a response to the news when the WSJ reported that the White House and possibly President Obama were testing Samsung as a replacement to BlackBerry devices. A White House spokesman went on to rebut that the Executive Office of the President is not involved in any pilot program for testing non-BlackBerry phones and that there is nothing new to share about the president’s BlackBerry. It was buried in all the other major news we get each week and thus a marketing win and score for Samsung. Let me be clear: while Samsung phones might be just fine for White House staff involved in housekeeping, cooking, and gardening – they are no where near ready for protecting national security communications and data privacy.

If you watch Samsung as closely as I do, you can easily spot their continued usage of slight-of-hand marketing and selfies to prop up their position as mobile leaders with the highest security. While I take no issue with the marketing and messaging of their great consumer phones like the new Galaxy S5, it’s my job to not be confused and watch the ball during the shill. The shill is Samsung mobile security.


On March 3, 2014, Samsung with great fanfare announced at RSA Conference 2014, the world’s leading security conference, that they had received Common Criteria certification.

Samsung goes on to say in the broader release published by Korea IT Times “Common Criteria is the international “gold standard” for secure and trusted systems, specifically to ensure that they satisfy the predefined set of security requirements designed for enterprises. Samsung KNOX confers enhanced security upon mobile devices, helping enterprises protect mobile access to high-value information assets.” Before their SVP of KNOX Business states that this news is ‘not’ about just security, it reads: “The components certified in CC form a strong cryptographic foundation on which more advanced KNOX security features are implemented. This certification validates that enterprises can safely provide their workers access to networks and high-value information assets using CC-certified Galaxy devices with KNOX embedded.”

Now here comes the selfie in case you missed it.

“In my twenty-five years doing security evaluations, rarely have I seen a company that could complete an entire Common Criteria evaluation, from the very first meeting to complete, in under four months”, said Jim Arnold, Director of Gossamer Security Solutions. “At Gossamer we pride ourselves on our responsiveness and Samsung’s speed and agility as a company certainly challenged us.”

This is a clear “selfie” as Gossamer has no inherent interest other than a paid advertisement to say something as wishy-washy as this. Samsung, along with every other vendor who wants to get certified with the Common Criteria Testing Laboratory (CCTL), should in fact present all his or her documentation and paperwork in a clear and orderly state.  Don’t get me wrong, I am sure there are plenty of small tech startups that might not be as squared away and know the process, but Samsung at last count had an operating profit of roughly $8.3 billion. I don’t give them points for wearing a suit and tie to a funeral. That is what you’re supposed to when you know better and can afford to do so.  Lastly, this Common Criteria Testing Laboratory (CCTL) selected by Samsung for their evaluation is a paid vendor evaluation and has no government authority whatsoever.  In their own lab words:

“This Validation Report is not an endorsement of the Target of Evaluation by any agency of the U.S. government, and no warranty is either expressed or implied”

Let’s look deeper into their newly announced MDFPP Common Criteria Certification and what it might mean to you if you’re responsible for enterprise mobile security. I covered this previously in my blogs titled Samsung Knox Finally Gets a Good Boost at MWC14 on February 25, 2014 and Why Samsung Knox has Flopped on December 31, 2013. The Common Criteria Certification is a “framework in which computer system users can specify their security functional and assurance requirements” and “vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims.”  Unlike the Samsung hype that hit a home run, their certification is just a base hit.  They are on first base only.

First, some additional facts mistakenly absent from Samsung’s press release:

– The Target of Evaluation (TOE) are the Samsung Galaxy Devices with Qualcomm Snapdragon Processors including the Galaxy S4, Galaxy Note 3 and the Galaxy NotePRO Tablet only.

– The Gossamer Security Solutions evaluation team concluded that the Common Criteria requirements for Evaluation Assurance Level (EAL) 1 were met.

– TOE Missing: Samsung Galaxy S5 has NOT been evaluated!

Source: Gossamer Laboratories

So, to be clear: Samsung, for all their selfies and market hype, are only at EAL1. They have far to go to join EAL4 with Good Technology’s Good for Enterprise and BlackBerry 7.  Additionally, BlackBerry 10 just got awarded “Authority to Operate” on U.S. Department of Defense Networks. There is a giant leap from EAL1 to EAL4.  Taking a peek at an excerpt I pulled from another vendor certification document during my research on what’s involved in certifying an EAL2 vendor highlights my point:

“Clarification of Scope for EAL2 – As with all EAL 2 evaluations, this evaluation did not specifically search for, nor seriously attempt to counter, vulnerabilities that were not “obvious” or vulnerabilities to objectives not claimed in the ST. The CEM defines an “obvious” vulnerability as one that is easily exploited with a minimum of understanding of the TOE, technical sophistication and resources.”

Think about the paragraph above for another moment. The “evaluators” of EAL Level 2 have to “ignore any attempt to counter vulnerabilities that were not ‘obvious’ or other vulnerabilities.” In other words, the evaluators have to stick to the “script” provided by the vendors (not their domain knowledge or technical experience) and look the other way for EAL2. So, exactly how much confidence should an enterprise security team have in Samsung’s EAL1 certification?

In my view, Samsung has continued to cloud the market with hype and noise on their true security position, rather than just being transparent and forthright. First, it was their failed release of Samsung Knox at Mobile World Congress in 2013. Now, it’s the hype of “MDFPP Common Criteria Certification.” Security certification for devices and software is a process that takes time and has many hurdles on purpose. One quick read of the 128-page document titled “Protection Profile for Mobile Device Management” should be enough to suggest how much time it takes and what’s involved.

Finally, just like putting nine one-month pregnant women in the same room won’t make a baby, Samsung and Knox cannot hype and selfie themselves into real security for regulated industries, such as financial services, healthcare and government.  Those are the hard true facts. Selfie replies welcome.

Posted in General Management, General Industry, General Function, General, Blog, IT & Infrastructure, Government, Research, Mobility | Tagged , | Leave a comment

Cloud BI or BS (3 of 5): Extracting, Transforming, and Loading Data in the Cloud

ETL-changing-with-the-social-mobile-cloudAs cloud solutions represent a growing constituency within the analytics space, Blue Hill Research has identified an increasing need for clarity regarding cloud vendors. This is the third of five articles intended to help organizations assess the value of cloud in the analytics space and differentiate between the solutions currently available. [See parts one, two, four, and five of this series].

In a traditional data environment, the process of extracting, transforming, and loading data is a straightforward process if done correctly. Extraction starts with pulling and parsing structured data from defined sources. Transformation uses some developed logic to change the data into a final usable form. Loading actually places the data into a data warehouse for usage. Simple enough, right?

In the new world of SoMoCloud® (Social, Mobile, and Cloud), everything changes. To start with, there is a lot of unstructured scattered data that now matters. To fully analyze customer service requests, social media, and other textual feedback, companies need to work with data that often will not easily fit into a structured field. Often it may be easier to simply keep the data where it is rather than pull it into your own environment. Once a company has access to data, the concept of transformation may not make sense either. Sentiment analysis, social network analysis, and cognitive computing capabilities allow companies to simply go through large amounts of unstructured data without bothering to figure out how the data should be transformed or changed. IBM Watson and Palantir get most of the headlines for this type of analysis, but startups such as Semantria, Digital Reasoning, Kanjoya, and Ayasdi also do interesting work in this field. Even Bloomberg and Thomson Reuters are starting to analyze Twitter as part of their market analysis products.

Integration, replication and data loading tools often differentiate based on ‘performance’ and ‘security,’ but cloud again makes this more challenging as companies also have to think about the efficacy of supporting data in multiple locations and support guaranteed data delivery. Based on the types of cloud data loading challenges the your company has, you may want to look at cloud based tools such as Attunity, SnapLogic, Talend, Syncsort, DataSift, as well as Informatica’s cloud services.

What has your experience been with extracting, transforming, and loading data into the cloud?

Posted in Analytics, General Industry, General Function, Blog, Research | Tagged , , , | Leave a comment

The Rising Ephemeral Social Media Tide

Source: Ryan NagelmannIt doesn’t matter if Snapchat succeeds or fails, the new age of social media is here and marketers need to prepare. Just last month, Snapchat burst into the mindshare of the mainstream media amidst reports that it turned down offers worth over $3 billion to sell the company to the likes of Facebook, Google and Tencent.

The rejection of Facebook’s offer launched a thousand commentaries about whether or not Snapchat is an overvalued fad. But regardless of the speculation, Snapchat has been experiencing monumental growth and marketers are starting to pay attention.

Savvy companies will recognize that Snapchat is blazing a path for the new age of messaging tools. It is an age characterized by the emerging trend of ephemeral social media. This movement is built on the promise of impermanence and the belief that messages sent “in the moment” need not be archived forever.

Snapchat provides a helpful illustration of how ephemeral social media works. Snapchat is a messaging application that sends pictures to a selected assortment of friends. The pictures can be overlaid with text or drawings but come with the important caveat that they will be deleted from your device in 10 seconds or less. Estimates put Snapchat’s user base at over 36 million users globally. The vast majority of them falling into the 19-29 year old demographic coveted by consumer brands. Snapchat was launched in September 2011, which means that the most impressive number might be the measly two-plus years that it’s taken Snapchat to grow this far.

Snapchats processed per day

Snapchat’s meteoric rise should come as no surprise given it’s ideal positioning to take advantage opposing influences on the mellenial generation. The brilliance of Snapchat is in how it leverages the allure of ephemeral messaging in a fun and creative way. The millennial generation grew up in a world where every interaction is documented for friends on social networks, but every picture may have long-term consequences. It is a generation that has watched how pictures from “that party” or “that night” later sabotage careers and opportunities. Posts that may have once been insightful commentary in the moment may well become a regrettable action forever in the public domain. As the Onion jokingly points out, the millennial generation should come to terms with the fact that their future political career is already ruined.

Millennials (and really all social media users) are thus caught between two dueling forces: a social life revolving around sharing and messaging and the ramifications of a permanent and accessible paper trail. Ephemeral social media provides some relief between these tensions. It allows for spontaneity and sharing without the worry that an employer or college admission officer will find it.

That is exactly why Snapchat has been so successful, and it is not the only one to capitalize on this success.  In November, a self-deleting messaging service aimed at teens (sound familiar?) known as Wire received $1.8M in funding. Other players including Silent Circle, Whisper, and Wickr are putting their own spin on ephemeral messaging as well.  Whisper offers an anonymous platform to share personal secrets while Silent Circle and Wickr are effectively the “grown up” Snapchat.  They offer a more robust “encrypted communication” functionality. Each, provides the ability to share documents and has such features as military grade encryption and forensically erased files.

Organizations need to begin to pay attention to ephemeral social media. It is already a staple in the lives of employees and prospective customers.  Engaging this population requires an understanding of not just how these tools work but also how their capabilities can be best employed in campaigns. Blue Hill’s research report provides further guidance for organizations.

Posted in General Industry, General Function, Blog, Research, Mobility | Tagged , | Leave a comment

Making Sense of News and Information: Big Data Masters Turn Twitter into a Business Advantage

In hopes of discovering a competitive advantage, enterprises of all sizes have increased their thirst for business intelligence based on real activity. For product marketing, risk assessment accuracy, logistics, customer care, and many other core business activities, it is barely possible now to ignore the information and insights available through online media monitoring and analysis. However, given the staggering quantity of new data available every minute on YouTube, the frequency of new posts to Twitter, the rising number of other social channels that cannot be ignored, and the increasingly complex tasks of identifying “interesting” data has promoted the process of understanding the news into the realm of Big Data Analytics.

Putting streaming data into context, considering its veracity, and divining its meaning in time to make important business decisions requires a Master of Big Data. In January 2013, Information Week published a list of 30 US universities offering Master’s programs in Big Data Analytics. This is great news for companies like Amazon, HortonWorks, Datameer, MongoDB (formerly 10Gen), and Cloudera, who are all competing with the likes of IBM, SAP/HANA, SAS, and Microsoft to hire top graduates from the next class of Big Data Masters. Demand for experts still outpaces the supply, leaving business leaders with Big Data initiatives scrambling for talent.

On September 19, 2013, Blue Hill Research published a list of five new job roles that we expect to see emerge as enterprises expand their business intelligence initiatives to include Twitter and other Big Data sources. Of particular interest here is the “Contextual Analyst.” The need for the Contextual Analyst springs from gaps between analytic models and surrounding events. As we observed previously, “Even mature models are still based on algorithms that don’t do a very good job of imitating the human mind.…It is because of this gap between contextual and number driven methods to calculate sentiment that this position is emerging.”

Fortunately, a growing number of companies are entering the market with tools that help make sense of social media streams (especially Twitter) without a Big Data Master on staff. HootSuite, Tableau Software, and Attensity join analytics giants like Accenture and Oracle in a race to draw intelligence from social media data sources based on business relevance. Of course, Twitter itself offers a set of developer APIs for retrieving, searching, and filtering its content in real time. Today’s IPO does not change the business problems that Twitter both creates and begins to solve. However, it does increase the value of a Master’s degree in Big Data Analytics and the demand for social media monitoring and analytics solutions.



Posted in Analytics, General Industry, General Function, Blog, Research | Tagged , , | Leave a comment

Latest Blog

Q2 Research Agenda Announced Blue Cedar Puts Mobile Application Security Far Ahead of MDM Apple iPhone X Highlights Enterprise Corporate-Liable vs. BYOD Conundrum

Topics of Interest





Big Data



Emerging Tech

Social Media


Unified Communications



Supply Chain Finance



Corporate Payments


Risk Management

Legal Tech

Data Management


Log Data

Business Intelligence

Predictive Analytics

Cognitive Computing

Wearable Tech


Sales Enablement

User Experience

User Interface

Private Equity

Recurring Revenue


Advanced Analytics

Machine Learning


IBM Interconnect

video platform

enterprise video

design thinking

enterprise applications


Managed Mobility Services


Hadoop World


service desk





USER Applications




Questioning Authority

















fog computing

legacy IT



Switchboard Software


Data Wrangling

Data Preparation


Information Builders

Mobile Managed Services



Virtual Reality


Enterprise Mobility



Mobile devices

Mobile App Security

Augmented Reality

Mixed Reality

Artifical Intelligence


Managed Mobiity Services


Enterprise Performance Management

General Industry

Human Resources

Internet of Things



Telecom Expense Management