Tuesday, November 25, 2014

Clickbait Alert: The Latest Smartphone Security Alert

This is exactly the kind of security warning that trends towards "Clickbait":

Smartphone security alert: 87% of iPhone and 97% of Android top 100 apps hacked

First of all, there's the number, then there's the terminology.

What do we mean by 'hacked'? Was there a data breach? Was the Apple or Google app store hacked?


The report from ArXan, "State of Mobile App Security, Apps Under Attack", Volume 3 – November 2014 has this to say:
The 2014 State of Mobile App Security analysis followed the same methodology as last year’s research, which included identifying and reviewing hacked versions of top iOS and Android apps from thirdparty sites outside of official Apple and Google app stores.
Users know, even if they ignore, that installing apps from third party sources is risky.
While it is important to know that such a high percentage of apps that are distributed outside of the app store have been infected with Malware, the report does not show any compromise of the app store or these companies' infrastructure. However, other research linked in the article, available here, deals with those issues.

The Register had this to say:
As a specialist in application protection, Arxan has an obvious vested interest in talking up the threat from poorly protected mobile apps. However, that's not to say it isn't onto something. The recent discovery of the WireLurker iOS malware provides evidence that the issue of tampered apps is a real and present danger.
So, I guess, important to know. Perhaps this becomes a reason companies should avoid putting out branded apps, or for sectors that deal with private information - should employ technology (such as ArXan's) which helps to tamper proof the code.

Bottom line: 87% of reports that the sky is falling - need to define the term "sky".

Wednesday, November 12, 2014

What does 'Governance' mean to you?

What does 'Governance' mean to you?

To me it means dealing with politicians, Red State / Blue State, and the current raft of temporary political theories. It means Fox News vs. the John Stewart show.

In the tech world it has come to be used to refer to having policies and procedures that support a technical infrastructure. Microsoft has elevated this usage as it has promoted SharePoint. Why? Because SharePoint is an enabler for the end user. It is among 'content management' systems which allow the end user to create information storage systems. The worry is that these systems will grow like weeds, with no control, without 'Information Architecture' being considered. It is a legitimate worry, but the greater worry is 'Adoption'.

What does 'Adoption' mean to you?

To me it means children finding a new home. In the SharePoint world it means that there is a large portion of the installed base that is not using SharePoint. It could be because of missing functionality, lack of user buy-in, lack of executive support.

User Adoption is a real problem. But underlying the issue is a darker reality. A lack of User Adoption may result from the executive, or most likely IT acting in a vacuum. The tail wagging the dog.

Sure SharePoint is a cool thing to implement. But what does it do that we don't already have in place?

  • Replaces file shares
  • Allows collaboration
  • Information portal
  • Replaces Exchange calendaring
  • Search Capability
  • Document Management
Most of these functionalities are in place already in many businesses, with more purpose built systems that are, as a result, more finely tuned to business activity. SharePoint is a generic Swiss Army knife of features. It doesn't have as many embedded business rules as purpose-built systems.
(That is one reason why after-market products are quite important.)

Words Matter
By dressing up these basic requirements of our technology projects - Microsoft and IT 'elevate' the discussion. We tend to fool ourselves into thinking that we know what is best for our business. Maybe we're following the herd mentality? Maybe we are trying to stay relevant?

Until recently the term governance was rarely seen alone - most often it would be written 'Good Governance' or 'Bad Governance'. But 'Governance' became a buzz word used by consultants, and it is now frequently seen in email marketing. And this marketing drives us to implement governance before any project begins. And sure, policies are good to have. But we need to get our community behind us before any project begins.

Governance means nothing if it is a bunch of rules that the business (either explicitly, or de-facto) does not agree to. On the one hand, the IT organization writes up rules but the business management is not engaged. This is the curse of middle management! On the other hand management may be engaged but is unable to push through changes in procedure - as users will always try to find the easiest way to work - which may mean going around the system.

User Engagement
We need to practice user engagement. In a customer service context, some have called this 'customer delight'. We could call this 'user delight'. If we're not providing a better solution than DropBox, then our users are going to use DropBox. Otherwise we are like the tail wagging the dog. It kinda works, but it's never a sure thing.

User Engagement was the topic of a recent article in SharePoint Pro magazine: