BlackBerry used to be the dominant mobile messaging platform in the enterprise, but (by their own admission) they become arrogant as the market leader in the absence of serious competition. Then along came the iPhone and Android on a variety of innovative devices – and several hundred thousand cool applications for both platforms. Then came IT’s decision to more or less capitulate and let consumers dictate the mobile environment in their organizations. The result was that the BlackBerry became relegated to a distant third place and it lost mindshare, no better indication of which was its stock price that fell roughly 95% in a remarkably short time. The net result was that not only would fewer users opt for BlackBerry devices, but IT would also reduce support for BlackBerry Enterprise Server (BES) – our own research shows that anticipated support for BES will be lower by early 2014 than it is today.
Clearly, RIM-then/BlackBerry-now messed things up quite seriously and squandered its enviable position as leader of a large and rapidly growing market. Arguably, they did so at about the worst possible time – just as mobile was becoming the dominant computing platform for millions of users. Compounding the problem, the company recognized their shortcomings, but then was late in delivering their next-generation handset and its enterprise platform.
However, BlackBerry seems to have righted what some might consider to be a sinking ship:
- They introduced an advanced, elegantly designed, touch-only device, the Z10.
- They announced a more traditionally designed, but equally advanced device, the Q10 that has a physical keyboard.
- They introduced BlackBerry Enterprise Service 10 that supports not only BlackBerry devices, but also Android and iOS.
- The company also just announced a lower cost device, the Q5, aimed at increasing the company’s penetration in emerging markets.
- BlackBerry Balance provides one of the better platforms for segregating and managing company-owned and personal data on employee-owned devices.
- The company will be making some very interesting announcements over the next several months that currently are under NDA.
- The leadership team was replaced last year and seems to have given the company some traction once again.
Has BlackBerry turned the corner? I’m convinced the answer is yes, but the company still has a significant amount of work ahead of it convincing others of that. As noted above, our research shows that support for BES is still declining, at least in terms of the number of companies that plan to support it by next year. I think this reflects an outdated perception by many IT decision makers that BlackBerry is still on the decline from a feature and function standpoint – in essence, many decision makers are basing their decisions on old information that BlackBerry will need to continue working hard to wean out of the IT mindset.
Similarly, many users don’t think that BlackBerry devices are nearly as cool as the iPhone 5 or many Android-based devices like the Nexus 4 or Galaxy S4. Again, most of these people have probably not played with the Z10 and so think of “the BlackBerry” as the somewhat stodgy workhorse that it used to be – another hurdle that BlackBerry will have to overcome. Complicating the problem is that most don’t consider BlackBerry a leader in the mobile space – a report we will publish within the next two weeks discusses the results of an in-depth survey we conducted on the mobile market in North America. That survey shows that while 46% of IT decision makers and influencers believe that Apple is “definitely a leader” in the mobile messaging space, only 17% think this about BlackBerry; even Microsoft received a higher rating.
BlackBerry will have to continue working hard to regain its lost market share in the mid-market and enterprise space in North America, despite the fact that it currently dominates some markets, such as Latin America and South Africa. However, I believe the company will be able to take back much of their share because they have several compelling arguments that should resonate nicely with IT decision makers: a solid, multi-platform mobile management system; new handsets that will appeal to many users; robust technology for addressing the BYOD issue; the company’s venerable security model that its competitors cannot match; and its ability to offer all of these capabilities from a single vendor. The company’s serious missteps of the past – and their new management’s response to them – may end up being the best thing that could have happened to the company.
Filed under: Uncategorized | Tags: big data, emc, emc world, security, storage
I spent some time at EMC World last week in Las Vegas. As always, it was time well spent in informative sessions and in individual meetings – and, gauging by the difficulty of traversing the hallways between sessions and after keynotes, the show was very well attended.
Although my bent in visiting a show like this is normally geared more toward security, archiving, encryption and other topics related to what Osterman Research does, two of the major themes I took from the conference were the growing importance of Big Data in the context of improving security; as well as the need to view backup, archiving and disaster recovery along a continuum of data and information protection instead of individual point solutions.
With regard to the issue of Big Data and security, I believe that EMC and many others are correct in viewing Big Data as an important way to significantly improve the security of systems, networks, messaging and virtually every application on which we rely to get work done. The issue of Big Data in a security context is a simple one: analyzing vast amounts of data from email, social media posts, transactions, various applications, location-generating systems and other data sources with the goal of determining when systems have been breached or are about to be. The goal is less about preventing the ingress of bad guys and malicious content and more about analyzing the sometimes extremely subtle anomalies that occur when they do. This is not to say that intrusion prevention or blocking content is irrelevant or futile, but rather that Big Data can be useful in keeping bad guys out, but more useful once they’re inside.
A good analogy that one speaker used – and that I am extending here – is that of the human body: your skin and other systems were designed to prevent intrusions of bacteria, viruses and other nasty stuff and it keeps most of this unwanted content out quite well. However, when the inevitable intrusion occurs through a cut or some other breakdown of this intrusion prevention system, the immune system detects the sometimes very subtle anomaly and immediately goes to work in identifying, finding, encapsulating and destroying the intruding content. In a sense, Big Data can act as the information source the enables the immune system in a corporate network or a cloud-based system, for example.
The second major theme – viewing backup, archiving and disaster recovery holistically – is an issue that I think will get more play simply because it make so much sense. Many decision makers tend to view these systems as point solutions with fundamentally different goals and often use different vendors to implement each capability. While there’s nothing at all wrong with that approach, it might more sense in some environments to view these solutions along the continuum of data protection, information protection and business protection. Yes, backups are designed to protect snapshots of data to restore servers; archiving systems are designed to protect information for purposes of e-discovery, regulatory compliance or end-user self-service; and disaster recovery systems are designed to protect data and information from disruptions large and small. However, all of these solutions are designed to protect an organization and its data along a continuum of sorts, and so it makes sense to manage them as parts of a whole instead of islands unto themselves.
Filed under: Uncategorized
We have contended for some time that many organizations will migrate to a hybrid of on-premises and cloud infrastructure for many of their key systems, such as email, archiving, security, etc. While migrating completely to the cloud for things like archiving is quite feasible and the right decision for many companies, some decision makers want to maintain their data behind the corporate firewall. Reasons might include a fundamental mistrust of leaving sensitive corporate data in the hands of a third-party cloud provider, or it might be as simple as not wanting to invest in higher bandwidth pipes to move large amounts of data to and from the cloud.
As an example of this, Sherpa Software has recently introduced Attender Online. Attender Online is a cloud-based data management system that allows an organization to manage their Electronically Stored Information (ESI) via a cloud interface while leaving it in place on-premise. Attender Online is designed to meet a number of requirements, including storage management for both network file shares and desktop hard drives; ESI management on desktop computers, Exchange servers and file servers; and email content management in Exchange environments.
Attender Online allows management of on-premises content completely from a Web browser and permits administrators to create a customized, Windows 8-like interface to manage various content sources. The system maintains logs of policy behavior so that a complete audit trail is maintained. Attender Online integrates with Active Directory and allows management of ESI content sources by associating them with individual computers or individuals within the organization. A key capability of the system is that allows organizations to actively delete content that is no longer required, supporting defensible deletion policies – a critical issue for many organizations.
Although Attender Online is a useful solution and combines the ease of cloud management with on-premises data management, it is not without its limitations. It manages email only in Microsoft Exchange environments and .pst files, and it works only with Windows desktops. The latter is perhaps the more important limitation for many organizations given the large number of them that have mixed Windows and Mac desktops and laptops.
Even with some limitations, Attender Online is a useful capability that decision makers should seriously investigate.
Filed under: Uncategorized
A good friend in Washington recently posted this on Facebook:
“I follow on Instagram almost all of my 6th grade youth group girls and I am continually amazed at how many of them have public profiles and post screen shots of their personal information. I wonder how many parents actually know what pictures they’re posting and if they really care…”
This is troubling on a couple of levels. First, many social media users tend to overshare their personal information and so are more susceptible to online fraud like email phishing. They’re opening themselves to a potentially higher likelihood of home burglary when they post near real-time photos of themselves on vacation or otherwise away from home. Young people, in particular, might be opening themselves to the worst kind of child abuse – a British newspaper did a search on Twitter and within two minutes found 20 users who expressed interest in “under-age images and child abuse”; within two hours they found 200.
Young people are typically the worst offenders because they care less about the privacy of their personal information. Lest you think I’m just some old guy making sweeping generalizations about young people, a new survey from the USC Annenberg Center for the Digital Future and Bovitz, Inc. found that while 77% of those 35 years of age or older agreed with the statement, “No one should ever be allowed to have access to my personal data or Web behavior”, only 70% of younger people agreed. I anticipate that as people grow up in an age of continual connectedness via social media, the proportion that care about personal privacy will continue to shrink.
However, employers need to be concerned about this, as well, since these are the people that will be your employees in the years to come. We hear on a regular basis how businesses must adapt their communication practices to young people entering the workforce – they need to make social media easily accessible, permit the use of personally owned smartphones and tablets, and generally migrate away from an email-centric mode of communication and collaboration. While that’s true, business decision makers also need to be concerned about the very real potential for oversharing employees to overshare corporate content. While much of this might be accidental, an employee with a predispostion toward oversharing personally is likely to do so with corporate information, as well.
It’s important to note that by oversharing, I’m not talking about sending things like trade secrets, confidential financial reports, or other really sensitive information through social media or other channels. While that can and does happen, quite often the oversharing can be more subtle. For example, an employee of a consumer products company who continually posts about business travel to Minneapolis or Atlanta or Issaquah might be giving clues about an upcoming retail deal with Target or Home Depot or Costco – information that could be valuable to competitors, but that was shared with no intention of revealing confidential information.
What should businesses do? First and foremost, establish policies focused on how devices and applications should be used – lots of organizations don’t have these policies and they should. Second, implement a data leak prevention solution that will monitor all of the channels over which employees communicate, including email, social media, instant messaging, etc. The goal of the DLP solution should be to monitor communications and take appropriate action, which might include encrypting some content, blocking some messages, reminding senders about corporate policies before the send actually occurs, or routing some messages to a supervisor or compliance officer for further review.
Entering a new age of communication and collaboration with employees who might be less concerned about privacy means that decision makers need to be proactive in order to mitigate risk to the extent they can.
Filed under: Uncategorized
Most content is not sent or stored with any sort of encryption. For example, attachments sent through email, files sent using many file transfer solutions, form data sent over the Internet, content stored in repositories like file servers, desktop computers, laptop computers, tablets, smartphones, removable storage devices like USB sticks, etc. are not sent or stored with encryption. The result is that a wide range of sensitive or confidential data is left vulnerable to interception by unauthorized parties, sometimes with very damaging results as discussed later in this report.
Decision makers are clearly not happy with the current state of their email policies in the context of encryption. For example, Osterman Research found in a study published in August 2012 that only 38% of mid-sized and large organizations find that their policies for encryption of confidential email and attachments meet their needs. Moreover, only about one-half of organizations have automated systems in place to scan outbound content for policy violations, sensitive information, credit card numbers, and information that should be encrypted. The predominant actions with outbound email at such organizations is to automatically apply policy requirements (such as encryption or distribution through a secure channel), or to remind users of corporate policies through a pop-up message.
Making the encryption problem worse – dramatically in some cases – is the proliferation of cloud-based file synchronization and storage tools that are widely used in organizations of all sizes. For example, Dropbox is widely employed and currently has about 55 million users worldwide. An Osterman Research survey conducted in the first quarter of 2013 found that Dropbox is used extensively in organizations of all sizes, often without IT’s blessing or even their knowledge.
Dealing with encrypted messages in an end-to-end encryption solution presents a dilemma for content monitoring: allow the message to flow through unchanged thus respecting the encryption, or decrypt messages to check for policy and content violations. If the message is allowed to flow through unchanged, but the message is in violation of policy and compliance rules, this presents a problem for organizations. Encryption is being used to hide violations, and that creates a risk. On the other hand, if messages are authentically encrypted due to following policy and compliance rules for confidential or sensitive information, unnecessarily decrypting those messages creates the risk that the decrypted message will be accessible to people who should not have access to it. On balance, Osterman Research believes the most appropriate course of action is to decrypt inbound messages to check for policy violations.
On the other hand, integrated gateway encryption solutions take this issue into account as a core part of their design. For example, inbound messages found to be encrypted with an “approved” encryption solution are decrypted in memory at the gateway, scanned for various policies (which may include spam, malware and compliance policies), and sent in encrypted form to the appropriate destination based on policy. By default, both the gateway and the intended recipient have access to the unencrypted contents of the message and its attachments. In such a system, inbound messages encrypted with other forms of encryption (which the gateway cannot decrypt and analyze), are typically handled by an “acceptable encryption policy”. Typically, these policies specify some set of trusted recipients that may be allowed to receive arbitrary encrypted messages, but these messages will be quarantined if directed to others.
For more information on these issues and our recommendations for dealing with them, please see the white paper we published recently, Why Securing Communications and Content is a Critical Best Practice.
Filed under: Uncategorized
I had an interesting discussion last week with AirPatrol, a company coming out of stealth mode, with regard to their solution to address the BYOD problem. Their approach, which they call “Cognitive Mobile Security”, uses location sensors installed within a building that can track mobile devices to an accuracy of 20 centimeters – accurate enough to identify whether a mobile device is in your shirt pocket or pants pocket.
AirPatrol’s Zone Defense solution is conceptually quite simple: location sensors, each of which can cover about 2,200 square feet, are deployed within a building (a minimum of three sensors are required per space for triangulation purposes). These sensors provide continuous monitoring of all Wi-Fi- and cellular-enabled devices within their detection area, updating the location of each device about every three seconds. Through a single console, all devices can be monitored in real time, providing MAC addresses, association states and other information about each device.
If a device requests access to the corporate network, an agent is first downloaded to the device with the owner’s permission. If an unauthorized/agentless device is active within the monitored space, Zone Defense will alert the security team or other monitors to warn them of the potential security threat.
Once the agent is active on the device, location-based security policies will be enforced that can enable or disable certain features of the device. For example, if a particular room with sensitive information is defined as an area in which mobile device cameras and microphones should not be enabled, any device entering that zone will automatically have its camera and microphone disabled until it leaves that zone, although all other functions of the device will continue to operate normally. Moreover, the policy can be granular in that certain roles can have functions in a particular zone enabled, while other roles, such as visitors or consultants, can have functions in the same zone disabled.
AirPatrol’s solution, while requiring an agent on the device, is an elegant approach to the BYOD problem because it permits employees and others to use their devices, but with full knowledge and control of the organization’s security or other teams. It can prevent users from accessing the Internet via Wi-Fi or cellular connections during certain hours while connected to the corporate network to prevent security breaches, for example, while re-enabling Internet connectivity once the user has disconnected from the corporate network.
Although the US government is a significant customer of AirPatrol, banks, hedge funds and others are among the company’s customers.
Filed under: Uncategorized | Tags: client, Domino, email, Exchange, GroupWise, Microsoft, Notes, Outlook
Gleaned from a Web search this morning:
“I have a data stream that will be sent as daily emails containing temperature and wind speed from a measurement site. Our email system is Outlook…”
“We are a GroupWise 6.5.5 shop. We have a new employee who will start work in 3 weeks whose current email system is Outlook.”
“We are using a Notes db to collect patient data which contains several forms. But the db is in Notes R5 and the email system is Outlook.”
“The email system is Outlook 2003, the workflow is based on SharePoint 2010 Approval workflow.”
“Top candidates will have a working knowledge and experience with Microsoft Word, Powerpoint and Excel. Outlook is our email system, so a working knowledge of that is helpful but not necessary.”
Microsoft introduced Outlook 97 in January 1997 and bundled it with Exchange Server 5.5, but had included versions of Outlook for MS-DOS, Windows 3.1x and the Mac with that version of Exchange Server. Since that time, Outlook has become the more or less de facto standard for email clients – our research shows that about 70% of corporate users employ Outlook or Outlook Web Access as their primary work-focused email system.
However, it is important to note that Outlook is an email client, not an email system. That seems obvious to just about anyone in IT, but to many business decision makers – many of whom are pushing to replace GroupWise or some other email system with Exchange – it’s not quite so obvious. Many of them view Outlook as their email system, not appreciating that Exchange is the actual email system that is managing and presenting their email experience. That’s a serious problem for non-Microsoft vendors who must overcome the misperception and that must educate decision makers – many of whom have already made up their mind about moving to Outlook – that email is about much more than just the personal email experience.
This confusion has definitely benefited Microsoft given the large number of organizations that have migrated competing email systems to Exchange over the years. I’ve wondered if this was a carefully planned decision by Microsoft back in the 1990s that has reaped huge rewards over the years, or if the company has simply benefited from an accidentally genius move that has convinced many decision makers that a user experience should be the driver for the email system decision. Either way, it has worked out quite well for Microsoft.
The implications of this are quite important, not only for Microsoft’s competitors, but also for decision makers that often are willing to spend millions of corporate dollars to migrate to Exchange, when what they’re really looking for is the Outlook experience.
I will be the first to admit that the Outlook experience is generally a good one, and that a decision to migrate to Exchange is not without merit. However, our cost modeling has demonstrated that several other email systems are significantly less expensive than Exchange, and not only when factoring in the cost of a migration: in many situations, these Exchange alternatives would be much less expensive even if they were being redeployed completely from scratch.
I have three recommendations for business decision makers that are intent on migrating to Outlook:
- Consider that Outlook is your email experience, but Exchange will be your email system. Talk to your IT administrators, consultants and other knowledgeable individuals inside and outside your company that can advise you on the merits of staying with your current email system vis-à-vis migrating to Exchange.
- Consider the complete cost of a migration – it may be more expensive than you think.
- Consider the long-term benefits of the migration. Will your users be sufficiently more productive with Outlook and Exchange than they would be if you stayed on whatever email system you’re using now? Will that increase in productivity offset the costs of switching email systems, including the disruption that comes from doing so?