David Berlind is an expert on enterprise mobility startups and the MC at Under the Radar 2013, May 23, 2013 in San Francisco. He’s also the chief content officer and editor in chief at UBM Tech Media. VentureBeat readers are invited to attend Under the Radar at a discounted price by using code “VentureBeatVIP”. Register today!

The bring your own device (BYOD) trend has kicked into high gear. Enterprises are moving from a primarily homogeneous BlackBerry-only environment (yes, there were exceptions) to more of a heterogeneous anything-goes situation, and the need to levy BlackBerry-grade security (with all of its various options and shades of grey) onto non-BlackBerry environments is off and running.

Buried in those shades of grey are the myriad opportunities that have given rise to innovation and a great many startups.  For example, it’s not just about the ability to remotely wipe out the memory of a device that’s been lost; one that potentially houses sensitive organizational data. Now, it’s very much about partitioning the that sensitive organizational data from the user’s personal information like photos and music in a way that the former can be wiped out without disrupting the latter.

It’s also about extending to any device the functionality of centrally administered access policies that are enforced by solutions like Microsoft’s Active Directory.  For example, if Joe in the Sales department requires secure access to the latest price sheets that are kept on a Sharepoint server, how does the network know that Joe’s Galaxy S3 is really his S3? What makes us so sure that when the S3 is being used, that it’s Joe who is using it? How is the data encrypted and decrypted during the download process (protecting the data as it’s potentially transmitted over risky WiFi networks)? What prevents Joe from sending (leaking) that price sheet via the Gmail account that’s also connected to his S3?

These and many other security-related questions are the ones being answered by the startups whose solutions will be on stage at the upcoming Under The Radar as well as many UTR alumni.

Below is a partial list of this year’s presenting companies, along with other players in the space. Each has their own unique spin on how to minimize an organization’s risk now that the BYOD trend cannot be stopped.

Appthority

@GetAppthority

SECTOR: Mobile Enterprise

HEADQUARTERS: San Francisco, CA

FOUNDED: June 2011

TEAM: Anthony Bettini, Co-Founder & CEO; Domingo Guerra, Co-Founder & President

FUNDING: Series A – $6.25M; Venrock, US Venture Partners, Gunderson Dettmer

COMPETITORS: Legacy endpoint security companies that are now trying learn mobile

PARTNERS: Appcelerator, Apperian, AppFortify, Arxan, BoxTone, DreamLabs, The Efiia Group, Fixmo, Happtique, IronKey, Joyent, Kaprika Security, LANDesk, Marble Security, Metaforic, Mocana, mSignia, Privacy Choice, Private Core, Quixey

SECRET SAUCE: Appthority helps the enterprise identify and manage the risks hidden in mobile apps. The cloud-based Appthority Platform automatically identifies and grades risky behavior in mobile apps including known and unknown malware, new malware used in targeted attacks, corporate data exfiltration, and intellectual property exposure.

SEEN AND HEARD:SC Magazine, Ars Technica, TMCnet

Armor5

@armor5Inc

SECTOR: Mobile Enterprise

HEADQUARTERS: Santa Clara, CA

FOUNDED: 2012

TEAM: Naveen Ramaiah, Co-Founder; Praveen Banoth, Co-Founder; Suresh Balasubramanian, CEO

FUNDING: Seed – $2M; Trinity Ventures, Nexus Venture Partners, Citrix Startup Accelerator

SECRET SAUCE: Armor5 is a cloud service provider that’s solving the problem of secure mobile access to enterprise data and applications in a new way. The company serves enterprises, cloud solution providers and any organization struggling to secure network access for mobile users. Armor5 offers the only zero-touch, 100% cloud service that accesses a client’s network, virtualizes enterprise data and applications, and provisions secure and compliant access for every end user using any mobile device.

SEEN AND HEARD:CITEworld, Datamation, Silicon Valley Business Journal, NetworkWorld, VentureBeat

FeedHenry

@feedhenry

SECTOR: Mobile Enterprise

HEADQUARTERS: Burlington, MA

FOUNDED: May 2010

TEAM: Cathal McGloin, CEO

FUNDING: Series A – $9M; Intel Capital, Kernel Capital Partners, VMware, Enterprise Ireland, ACT Venture Capital

COMPETITORS: Appcelerator, Rhomobile, Stackmob, Antennae Software

PARTNERS: Telefonica O2, Telefonica Digital, VMware, ActiveState, Symphony Teleca, HP Cloud Services, Bearing Point, AMTSybex, EMC

CUSTOMERS: PWC, Aer Lingus, My Healthy World, Courtagen, Diageo, RSA, DAA, Network Rail, Glanbia, Health Executive, Enterprise PLC, Health New England, VMWare, Bunzl

SECRET SAUCE: FeedHenry offers a platform-as-a-service for business and enterprise to build cross-platform apps that integrate securely with their business through the cloud. This mobile PaaS allows apps to be developed in HTML5, JavaScript, and CSS and deployed to multiple mobile devices from a single code base.

SEEN AND HEARD: VentureBeat, AllThingsD

MobileSpaces

@mobilespaces

SECTOR: Mobile Enterprise

HEADQUARTERS: Washington, D.C.

FOUNDED: 2011

TEAM: David Goldschlag, Founder, CEO, Yoav Weiss, Founder and CTO

FUNDING: Series A – $3M; Accel Partners

COMPETITORS: Good Technology, Enterproid, Mocana

SECRET SAUCE: MobileSpaces helps enterprises mobilize their applications, govern their data, and respect the privacy of their employees. MobileSpaces offers a BYOD Policy Management solutions that protects enterprise apps and data against loss and leakage. MobileSpaces’ App Virtualization technology secures any app on any device, letting the enterprise choose the apps it needs while letting employees chose the devices they want. MobileSpaces is the only solution which allows the enterprise to secure built-in Apps, Public App Stores apps, and Enterprise App Store apps, with no friction.

SEEN AND HEARD: TechCrunch

MobileSpan

@mobilespan

SECTOR: Mobile Enterprise

HEADQUARTERS: Santa Clara, CA

FOUNDED: 2011

TEAM: Nils Bunger, CEO and Co-Founder

FUNDING: Venture – $2.3M

COMPETITORS: Citrix, Watchdox, IonGrid

SECRET SAUCE: MobileSpan lets a company’s workforce be productive from their personal tablets and phones. With MobileSpan, workers can access a company’s internal web applications and documents seamlessly from a MobileSpan app on mobile devices, without VPNs and without creating data security problems. MobileSpan interoperates with all the IT systems that came before it and it can work with existing SharePoint or CMS, file shares, web applications, management tools.   MobileSpan deploys in 60 seconds as a single Windows application inside the corporate network.  MobileSpan requires no changes to corporate DMZs or firewalls, providing an easy way to add tablets and phones to your existing business practices.

SEEN AND HEARD: Silicon Valley Business Journal, Vator.tv, PEhub, CMSwire, TMCnet

Enterproid

@divide

SECTOR: Mobile Enterprise

HEADQUARTERS: New York, NY

MANAGEMENT: Andrew Toy, CEO & Co-Founder

FUNDING: Total – $13M. Genacast Ventures, NYC Seed, High Peaks Venture Partners, BOLDstart Ventures, Google Ventures, Qualcomm Ventures, Comcast Ventures

COMPETITORS: MobileSpaces

SECRET SAUCE: Enterproid helps organizations and individuals get the most out of mobile technology and corporate BYOD policies by providing a dual-persona user experience that is secured and cloud-managed by IT. Enterproid’s flagship Divide™ platform combines cloud-based management with advanced on-device technology that ensures enterprise security and control without compromising personal freedom and privacy.

SEEN AND HEARD: VentureBeat, NetworkWorld

V-Key

SECTOR:  Mobile Security

HEADQUARTERS:  Redwood City, CA

FOUNDED: 2012

TEAM: Benjamin Mah, Co-founder and CEO; Joseph Gan, Co-founder and CTO

FUNDING: Series A – $4M; IPV Capital

SECRET SAUCE: V-Key’s V-Guard suite of technology is a revolutionary next generation comprehensive mobile apps security solution protecting the mobile application sphere from threats of known and unknown application-level attacks. Equipped with mobile threat intelligence analytics, V-Guard provides a comprehensive real-time threat dashboard and reporting ensuring mobile app threat awareness and compliance reporting.

SEEN AND HEARD: The Next Web

Bonus companies

Capriza

Domo

Roambi

Skygiraffe

Mocana

Top image courtesy of igor1308, Shutterstock

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

The “bring your own device” (BYOD) philosophy is still loudly being adopted in enterprises around the world. One of the startups at the forefront of the movement is Enterproid, which offers software for splitting workers’ personal and business assets on the same devices.

Now the dual-persona mobile software startup has launched a new solution called Divide Builder that gives companies more flexibility for its BYOD software arsenal.

Enterproid recently showed up on our list of six killer mobile enterprise startups; its Divide solution outfits both iOS and Android devices with separate business and personal profiles. While the company doesn’t reveal customer numbers, it does claim to work with almost all of the top 10 financial institutions in the U.S. Divide has been downloaded more than 100,000 time from Google Play.

Divide Builder adds to Divide Enterprise’s feature set and gives its clients more customization. With it, companies control more than 1,000 user experience elements, including names and logos as well their own assets. Enterproid said it takes only a few hours to use Builder to get a new container up and running in

Enterproid cofounder and COO Alexander Trewby told VentureBeat via email that Builder gives companies further ownership of their BYOD programs by giving them more customization options.

“One of the big challenges companies face with BYOD solutions is that employees often don’t participate and fully engage, which then opens up security risks if they circumvent existing security policies,” Trewby said. “By creating a branded work container, it signals to the employee that they’re clearly entering into their work environment. But because Divide’s customized interface also builds on the native design of the business apps inside the workspace, the overall experience is still very inviting and easy to use because the apps look and feel like the apps they’re used to on respective iOS and Android devices.”

New York City-based Enterproid launched at Demo Spring 2011 and has raised $13 million in funding from investors including Comcast Ventures, Google Ventures, Qualcomm Ventures, Genacast Ventures, and NYC Seed.

Photo via Enterproid

Mani Gopalaratnam is head of innovation at business process outsourcing company Xchanging.

BYOD has been talked about ad nauseam, but now there’s a trend surfacing that will start to push BYOD out of the picture in the next few years. Corporately Owned, Personally Enabled (COPE) devices are the next big thing, and within the next three years, projections indicate 70 percent of global organizations will adopt it.

BYOD is a concept that was floated first in Asia, where CIOs were quick to embrace the trend, but also quick to realize its implications: challenges in securing corporate data, an increased need for IT resources and support, increased costs, difficulty maintaining network performance, and challenges in managing devices and applications.

Companies like BlackBerry, which was ahead of the curve in adopting BYOD, were also the first to try out COPE pilots, where the goal was essentially to show customers this model was a better, less risk-laden option for enterprise mobility than was BYOD.

BYOD vs COPE

The biggest difference between BYOD and COPE is the management of personal data on the device.

Employees own their devices with BYOD, hence Bring Your Own, which gives organizations less control over how they are being used. It goes without saying that this leads to massive potential for security issues. It also puts an organization in peril, especially with the sales force owning their own phone numbers.

With COPE, the end user has more flexibility, but the organization still has control over costs, security, and other areas of potential risk such as legal and HR implications. For example, corporations can dictate what carrier the organization uses and what devices can sit on the network but may, for example, allow users to indicate what apps they want on their phone, or may offer employees a device catalog to select from. This gives employees options, while also minimizing the need for IT to manage an overwhelmingly mixed range of devices

COPE also gives organizations the power to monitor policies and devices, beyond simply selecting which ones can be distributed. If the device is stolen, the company can send a wipe command. Organizations can also conduct automatic checks on malware and dangerous applications, sending warnings about certain apps to the device owner in order to proactively avoid potential issues.

Migrating to COPE

When helping our clients migrate to COPE, we’ve found a number of ways to aid organizations in further maximizing the benefits.

Some best practices to consider include:

• Take advantage of the ability to recycle devices as part of the contract. Alternatively, to keep costs down, buy in bulk. By doing so, you can negotiate substantial discounts.
• To take that one step further, beyond minimizing just the device costs, outsourcing enterprise mobility contracts also enables organizations to make the best use of resources and budgets. You can negotiate usage-based plans, for example, to minimize unnecessary spend.
• Understand the benchmarks from cost benefits, usage statistics, and device performance so you have a framework from which to measure and learn.  Benchmarking is important when making a transition in your mobility model, as it provides a measureable way to evaluate costs, usage, performance. and more. It enables executives within your organization to see the tangible benefits of a COPE model by clearly indicating the improvements in productivity, efficiency, and overall business execution from a numbers perspective.
• Be aware of potential hidden costs. While there are more hidden costs associated with BYOD than with COPE, costs to look out for include device management and maintenance, personal service partitioning and impacts, and migration expenses, among other things.
• Due to dramatic improvement in device software upgrades, it’s vital to ensure the internal systems are able to work with the latest software versions. This can have a bearing on how well COPE adoption can take place without a huge hidden migration cost.

While COPE enables organizations to better control corporate assets — over information, as well as tangible control — it also boosts employee satisfaction. This, in turn, results in a surge in employee productivity (evident from the days of BlackBerry) due to the shortening of decision support.

So while today BYOD buzz continues to dominate enterprise mobility discussions, you’ll soon start to see COPE fazing it out as more organizations realize the benefits and flexibility that can be achieved though this alternative model.

Mani Gopalaratnam heads the architect team at Xchanging, Inc. (XCH: LSE), a $1B business process and technology services provider and integrator. He is also Head of Innovation for the company and CTO for the region of Asia Pacific. To learn more, visit www.xchanging.com.

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

This week’s Mobile Summit, organized by VentureBeat and held at the Cavallo Point resort just north of the Golden Gate Bridge, brought about 200 industry executives together for deep discussions of the mobile technology market.

The event featured a number of boardroom sessions with 20 or so people apiece, focused on intensive conversations around the Summit’s main themes.

I helped facilitate two hourlong discussions on enterprise mobility. Gaurav Tewari, a partner at SAP Ventures, and Scott Davis, the CTO for end-user computing at VMware, led the conversations, which also included top executives from Apperian, Capital One, Cisco, Deutsche Telekom, Ingram Micro, Intel, MasterCard, McAfee, StackMob, TIBCO, and T-Mobile, not to mention an assortment of venture capitalists, a handful of analysts, and one press person (myself).

The conversation provided a good window into what executives are most concerned about regarding mobile tech in the enterprise.

Better security tools

The number one topic, which kept recurring throughout the two hours, was security. In a world of increasing fragmentation, security threats are harder and harder to plan for. Employees want to use the devices of their choice, on the carriers of their choice, with apps that IT managers don’t control. Corporate developers want freedom to choose their app development platforms, languages, libraries — or to develop native apps or web-based solutions. Enterprise apps will have to deal with an increasingly complex environment, where data might be stored locally, on Dropbox, Box.net, Sharepoint, or elsewhere.

“You’re going to have to deal with messiness,” one participant said.

In light of that messiness, security is an anxiety-producing issue. Yes, mobile platforms are by and large more secure than the old, Windows PC-based environment that IT departments have been managing for two decades. But mobile platforms aren’t entirely secure, and given that people are using these devices over insecure networks, they are open to new and extremely dangerous vectors of attack.

Combine that with an environment where international attackers are getting more sophisticated and are going after more economically critical targets (like blueprints and other intellectual property), and it’s clear why enterprise IT leaders are getting very, very nervous.

A more consolidated, overarching security model would help corporations a lot in dealing with this fragmented, complex mobile environment.

BYOD policy education

A large majority of companies are now bowing to the inevitable and allowing some kind of “bring your own device,” or BYOD, activity, letting employees use the smartphones or tablets of their choice and adjusting the company’s IT tools accordingly.

BYOD, by the way, is not happening because it saves money. (In fact, it might even cost companies more money, thanks to the cost of processing expense reports for monthly telecom bills.) It’s happening “because we can’t stop it,” in the words of one roundtable member.

But, according to another participant, while BYOD is a reality at 80 percent of companies, only 10 percent of companies actually have a spelled-out BYOD policy. (I couldn’t track down figures to support that assertion, but Insight Quarterly has some related data, as does Threat Metrix.)

That’s a problem because employees might not know how to be safe online, what devices to choose, or what consequences they might incur if they use their devices for work. Mobile Device Management (MDM) often gives your IT administrator the ability to remotely wipe your phone — personal data and all — which is something you ought to know before you start using your phone for work.

Apps that do more with mobile devices

Many enterprises are still using mobile devices as little more than tiny, portable terminals to their corporate information systems. Yet smartphones and tablets are capable of so much more. Cameras, GPS devices, accelerometers, and other features that are now ubiquitous in many mobile devices can all play a role in enterprise apps. For example, one speaker talked about a company that created an augmented-reality app for equipment maintenance workers to use. Hold up the phone to a piece of equipment, and the app superimposes information about what that machine is, what its last service date was, and the like. Another speaker described equipping forklift operators with iPads and a customized video-chat app that let them hold the tablet up to a pallet, so the person requesting a delivery could see in real time whether the operator was picking up the right thing.

IT managers who are brokers, not providers

As more companies embrace the flexibility and speed of cloud services, IT executives run the risk of being marginalized. We’ve heard how chief marketing officers (CMOs) are supplanting chief information officers (CIOs), and in many companies, the CMO’s budget already exceeds that of the CIO. One participant in our discussion said he’d seen several CIOs terminated and replaced with CMOs when the former failed to deliver. (Given the security concerns mentioned above, those might prove to be rather shortsighted replacements.)

Mobile tech exacerbates the trend. After losing control of corporate apps to cloud providers, IT managers are now losing control of the most basic tech: the very devices and networks that employees use to get their jobs done.

In the short term, at least, IT executives need to adapt by embracing their new roles as brokers for tech services, rather than the exclusive providers of those services.

They also need to understand their company’s business goals and get ready to move quickly on projects that can drive revenue or cut costs. But that’s always been part of the IT remit, hasn’t it?

Apps for humanity — or at least your employees

Many companies have failed to understand that the best mobile apps aren’t just mobile versions of their existing corporate apps. (More than one person at the roundtables complained about how poorly Salesforce.com works on tablets, for instance.) Enterprise developers creating in-house apps need to understand two things:

First, design matters far more in the mobile universe than in the old desktop world. Smartphones and app stores have conditioned users to expect apps that are simple, slick, fast, and responsive.

Second, you need to make apps work for your employees. If you make apps that improve their lives or help them get their work done, they’ll use those apps. If not, they’ll go around you to find apps that meet their needs.

“Build a great app that helps people do their jobs, and they will use it,” one speaker said.

A simple example: One participant described a company that had some difficulty getting acceptance for its employee-oriented mobile apps. Then it created an app that let employees order food from the company cafeteria. Not something that was essential to the business’s success, of course — but it did help make people’s lives easier. As a result, they used it. What’s more, when they went to the corporate app store to get that app, they noticed that there were a lot of other useful apps there, too, so usage of all the company’s apps rose.

The short lesson: Make something that makes your employees’ lives better.

Photo credit: Michael O’Donnell/VentureBeat

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Cesare Garlati is the co-chair of the Mobile Working Group at Cloud Security Alliance.

Many employees don’t understand the implications of using their personal devices for work. Many companies don’t understand that they are in fact liable for the consequences. This post covers the things you always wanted to know about BYOD but were too afraid to ask.

Good News: Your company offers a BYOD program

You can finally stop carrying that boring corporate phone and use your own shiny new iPhone for work. Even better, you can now check your corporate email from home while streaming YouTube videos on your Galaxy tablet. Your company picks up part of the bill and even provides enterprise-grade help desk support to help you with your gadgets. It looks like an offer you can’t refuse.

Bad News:  You joined your company’s BYOD program

One morning you wake up, reach for your iPad to check the email but it doesn’t turn on. Your iPad is dead. Totally bricked. After a quick family investigation you realize that the little one tried to guess your password to play Angry Birds before you would wake up. Too bad the security policy enforced by the corporate email account triggered your iPad self-destruction to prevent sensitive corporate data from unauthorized access.

Angrier than those famous birds? Wait until you realize that the device itself can be brought back to life and your corporate data restored. But that your pictures, videos and songs are gone. Forever. (Note: the case above is based on a true story, my son’s name is Luca.)

Don’t read on if you’re already scared. This is not the worst it can happen to your data, to your privacy and to your device. Many employees who use their personal devices for work are shocked to find out that their smartphones, tablets, and laptops may be subject to discovery request in the context of a litigation involving their company. Employees may be asked to surrender their personal devices — in which they have browser history, personal information and documents they created — as they may be subject to review by 3rd parties in connection with litigation.

The BYOD fine print

If you were too impatient to read all through the Acceptable Use Policy that you signed when you joined your company’s BYOD program, or if you simply were not too eager to know what you were really getting into, this may be a good time to go back to that document or to contact your IT or HR department to ask for clarification.

Here are the things you should know about your company’s BYOD program and that you shouldn’t be afraid to ask.

Personal Data Loss

When your personal smartphone, laptop or tablet is used for work related activities, such as access to corporate email, calendar or corporate directory, there is a good chance that your company relies on built-in features and additional software tools to secure and manage the data in your device.

As a first line of defense, many organizations enforce ActiveSync policies, pre-installed in most consumer mobile devices, to enforce password protection and remote wipe and lock. More sophisticated IT departments may request the installation of additional Mobile Device Management software agents to extend corporate IT reach into any application and functionality of your device. While security and manageability are legitimate concerns for the company, most BYOD programs rely on IT tools that don’t make a clear separation between personal and corporate data and applications. As a result, in case of unauthorized access – real or presumed – the whole content of the device is more or less automatically deleted and the device itself made unusable.

What you should ask if you are not too afraid of the answer: Is the data in my device susceptible to automatic or remote deletion? What events trigger the automatic deletion? Is remote deletion part of the standard employee termination process?  Is my approval sought or required for the remote deletion? Is my personal data retained in case of automatic or remote wipe?  Does the company provide a mean to recover the personal data deleted? Am I entitled to any reimbursement for the loss of personal content such as songs, videos or applications?

Privacy

From a legal standpoint, the fact that you own the device is irrelevant in case of a litigation. To discover and preserve evidence, the court may require forensic review of all devices in connection with the litigation. Employees participating in the BYOD program may be asked to produce their personal devices for 3^rd party examination.

You will have to make any personal information stored in your devices accessible. This includes the history of the websites visited, songs and movies downloaded and played, copy of financial transactions or statements, the list of your personal contacts and your electronic communications with them including personal emails, personal phone call, text messages and various social media activities including Facebook, Twitter and VoIP services such as Skype and similar. This extends to the personal information of any other family member or third party who may share the use of that device.

Personal data stored in the device is not the only privacy concern. Your location and your online activity may be exposed to your employer too. A main feature of Mobile Device Management software is the ability to track in real time the location of the device. The feature is intended to help determine whether a device is lost rather than stolen before initiating a remote lock or remote wipe.  It can also be used to selectively disable camera and microphone when the device enters restricted company areas to prevent sensitive data loss.

Modern devices can get quite accurate at pinpointing location even when inside buildings where GPS technology is typically complemented with Wi-Fi access point detection. Although not intended for this use, your IT department may be able to track your whereabouts anywhere and anytime, deliberately or accidentally, and you may not even be aware of this. In addition, when your personal device connects on-campus to the corporate Wi-Fi network, there is a good chance that your online activity is monitored and filtered to comply with various regulation and to protect the company from any liability arising from an improper use of corporate resources.

What you should ask if you are not too afraid of the answer: May I be required to produce my personal devices for forensic analysis? Does this apply to devices shared with other family members? Who will then get access to the personal information stored in my device? Is my company able to track my location? Under what circumstances can this happen? Is my approval sought and required to track my location? Do I get notified? Are these systems active outside regular work hours? Is my personal online activity on-campus monitored and logged? Is this information retained when I leave the company?

Device seizure and loss of use

Mobile devices are small and you take them with you everywhere. No surprise they are the most likely to get lost or stolen. But when you use your gadgets for work related activities, you have a couple more reasons to worry about. Your device may become unusable as a result of a company initiated remote lock or wipe. Or you may be asked to surrender your inseparable smartphone for legal examination in conjunction with litigation. Either case you could lose the use of your device for some time and likely find yourself in need for a temporary or permanent replacement.

What you should ask if you are not too afraid of the answer: Under what circumstances may I be asked to surrender my personal device? Is the company going to provide a replacement? Who is responsible for backing up and restoring personal data and applications if the device is seized? Under what circumstances can the company initiate a remote lock of the device? Is my approval sought and required? What is the process to regain use of my device?

Former Vice President of Mobile Security at Trend Micro, Cesare Garlati currently serves as Co-Chair of the CSA Mobile Working Group – Cloud Security Alliance. Prior to Trend Micro, he held director positions within leading mobility companies such as iPass, Smith Micro Software, and WaveMarket. 

Photo: blakespot via photopin cc

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

This is a guest post by Cimarron Buser, vice president of business development at Apperian.

Many companies have begun to embrace the concept of “Bring Your Own Device” (BYOD). This starts with the agreement that your company’s email, calendar, and contacts can be used on an employee’s personal device and you may reimburse the employee via a stipend. But this is the easy part.

The challenge begins when companies want to move business processes to mobile apps or enable the sharing of corporate data out to a mobile end-point. Now, security issues take a sharper focus, and the mobile device management (MDM) solution that might have been installed a few years ago that allowed IT to check off the box for compliance is not enough. Device wipe and restricting users to specific apps doesn’t work.

So, how do businesses provide real, usable, and fun (yes, fun is important) apps to employees while securing corporate data? There are many solutions pitched today, and while each approach offers benefits there is probably no “one size fits all” approach as new technology evolves.

The latest approach to gain buzz is “dual personality,” which can be seen in the recent BlackBerry announcements, and will be launched soon by Samsung with its KNOX initiative. VMWare, Enterproid, and others have solutions in the market, but the trend towards building in the dual persona into the hardware stack and OS is likely going to raise the stakes.

The challenge for these systems lies in the heterogeneous nature of mobile: you can’t expect every employee and user to use the same hardware or OS. Another challenge is that the dual personality model chafes against the user who has been conditioned (let’s just say “iPhoned”) to a simple, elegant model where all apps run seamlessly together in the same environment. The user never has to remember which mode they are in, and sending mail or making calendar appointments just work.

If the jury is out (both in terms of market adoption and technology approach) on the dual personality solution, what else can a business do? Another approach is to treat each app and its data as an individual, secure “container,” thus making sure that personal and business apps and data are separate. However, from the user viewpoint, the apps are easily accessible and the experience is familiar. There are several ways to do this, but the most prevalent is “app wrapping” where policies such as authentication, copy-and-paste restrictions, integrated VPNs, and data-at-rest encryption can be applied to any app with the click of a check box.

Adding to the fun is that beyond iOS and Android (still the dominant platforms when it comes to the new enterprise app ecosystem), we will see BlackBerry and Windows Phone entering the fray. Any solution that needs to be applied to all your company devices needs to play well across the board. This is an additional challenge to the dual persona model, where unless everyone is using the same technology it may not be feasible to have universal policies, and training and support costs increase. We sometimes forget why we’re all building apps for employees in the first place. It’s all about employee productivity, convenience, and ultimately ROI for the business.

Apps — and their security model — should be easy to use. User engagement should be encouraged, and include consumer-like features such as app rating, comments, crowd-sourcing for new ideas, and even the (future) ability to build your own app with corporate data. Ultimately, security issues should be handled in a way which is seamless and based on user roles.

We still need to deal with lost devices or the circumstances when an employee leaves the company. However, security policy must be combined with employee education and forward-thinking companies make sure employees buy into the solutions, and not try to do workarounds to get their jobs done because no solution is offered.

Businesses have a great opportunity today to make all their employees more effective with these fancy gadgets, and industry leaders have already seen multi-million dollar ROIs on mobility investments.

The good news is that enterprise mobility works.

Cimarron Buser leads Apperian’s products and marketing for enterprise solutions. He has worked in technology for over 20 years, providing creative and visionary leadership for products and services in the technology, web and mobile arena.

Businessman using tablet via ollyy/Shutterstock

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Powerful mobile devices have swarmed into workplaces, and they’re not going away. Pesky employees ignore rules and use their own smartphones for work while CEOs are commanding IT managers to make bring-your-own-device (BYOD) policies the norm.

The mobile device field is wide open. Although Android is the dominant smartphone operating system overall, companies appear to be choosing iOS devices over Android as of late, according to a recent Good Technology report. The iPad still has a lot of sway with executives, but we could see a shift toward Windows 8 tablets since they can run some legacy apps that enterprises rely on. Microsoft also just announced that businesses could buy its high-profile Surface tablets in volume if they want.

At VentureBeat’s upcoming Mobile Summit on April 1, one of the six main themes will be “What’s next for enterprise?” So we took this opportunity to spotlight a few startups that are already thinking about and tackling this theme.

Whether the concern is making BYOD actually work, beefing up security, or taking business intelligence mobile, these six startups are reshaping the landscape of mobile enterprise.

Armor5

Rather than install software on devices, Armor5 has come up with a different solution for BYOD. Its software connects to a company network through an existing virtual private network (VPN), virtualizes data and cloud applications, and generates a URL for employees to access content safely from their smartphones or tablets. This way, your employees always have secure access to your company’s stuff — without the risk of storing that stuff on their devices.

Santa Clara, Calif.-based Armor5 emerged from stealth mode in February. It has collected $2 million in funding thus far from Trinity Ventures, Nexus Venture Partners, and the Citrix Startup Accelerator.

Domo

Domo offers up a business intelligence dashboard that can be viewed from any device (so its creators claim), particularly mobile devices. The company says its software is easy-to-use and cloud-based, so you can see real-time data coming in and make important decisions off that data. Domo has been a little shy about unveiling its full offering to date, but it already has more than 100 enterprise customers and is coming out of private beta this year.

Domo is located just outside of Salt Lake City in American Fork, Utah. It recently raised a whopping $60 million in funding from GGV Capital, Greylock Partners, Bezos Expeditions, Founders Fund, and others, bringing its investment total to $113 million.

Enterproid

Enterproid’s Divide platform takes a rather literal approach to BYOD in that it “divides” your personal and business life through software. Essentially, you can install Divide on iPhones or Android phones and know that your work and personal things are completely separate. Maybe most importantly for employers, the info inside Divide is secure and can be deleted at a moment’s notice by the company if something fishy is going on.

On the iPhone, there is a single “container” that looks like an app; your email and business apps live inside that container. On Android, Divide offers different “profiles” you can switch between, and you can have two entirely separate sets of home screens and apps.

New York City-based Enterproid launched at Demo Spring 2011 and has raised $13 million in funding from investors including Comcast Ventures, Google Ventures, Qualcomm Ventures, Genacast Ventures, and NYC Seed. The company has more than 75 employees.

MobileSpaces

San Francisco-based MobileSpaces takes yet another approach to BYOD by placing a strong emphasis on employee privacy. Its software lets Android phone owners mark all applications they use for work and only those apps can access business data and systems. The company is testing an iOS version of the product as well, which will be ready by mid-2013. MobileSpaces has raised $3 million to date from Accel Partners, and the company told us it will have its formal launch “soon.”

“If you ever leave the enterprise, they reserve the right to your data,” David Goldschlag, MobileSpaces CEO and a former VP at McAfee, told us in August. “We are enabling the enterprise to comfortably let its apps run and coexist with personal apps.”

Mocana

Mocana is looking to solve the biggest problems with mobile enterprise security in two ways. It has solutions for connected devices and mobile apps. Specifically, it installs on-premise software that creates an interface between your data and connected devices; the interface lets you monitor device usage or encrypt data. However, on the app side, the company only provides services on the application-level for apps that are developed in-house. (So you can’t hook it up with an app like Google Drive or Box, for example.)

San Francisco-based Mocana has raised $32 million in capital from investors including Trident Capital, Intel Capital, Symantec, Shasta Ventures, and Southern Cross Venture Partners.

Roambi

San Diego startup Roambi is also trying to solve the business intelligence problem on mobile with its popular iPad and iPhone apps. The company takes data from all kinds of sources and visualizes it in flashy ways so execs can make better real-time decisions. It also offers a product called Flow that makes it easy to design, publish, and share colorful reports on the iPad. It has raised more than $50 million from investors including Sequoia Capital.

Roambi’s CEO recently wrote a guest post us for us about how companies can unleash the power of “little data” with mobile devices.

Top photo: Businessman on phone in coffee shop via baranq/Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Does your company rely on mobile workers? If it does, the worker likely is a “+1,” an employee who carries both a mobile device and a tablet And those mobile workers who need to access data may be using a consumer cloud like Dropbox, SkyDrive or Google Drive to get that access.

This mass migration of data to the consumer cloud, however, all happening without much IT oversight and control, may give rise to potential exposure to unknown security risks to the company. If you follow the industry, you’ve seen that there have been data breaches at consumer cloud providers.

The cloud also has given rise to lawsuits. For example, Dropbox was sued in federal court in California in a class action suit regarding alleged data security issues; the case was dropped later that year. And LinkedIn, a cloud provider of a different nature, was sued in federal court in a proposed class action arising out of an alleged hack, although it recently won a motion to dismiss the action.

Sony’s PlayStation Network, another form of the cloud, was hacked, allegedly facilitated by another cloud provider, and Sony was sued both by consumers and some of its insurance companies. Sony’s general liability insurance company, Zurich American Insurance Company, then added insult to injury by suing Sony rather than providing coverage. Zurich has asked the court to rule that other Sony insurance policies would cover the claim before Zurich’s policy, in addition to asking for rulings that Sony’s general liability insurance policies do not provide coverage for the data breach claims.

So what kind of risk do companies face when their mobile workers are using the cloud, and will their insurance cover cloud-based risks? Let’s take a look.

What are the risks?

There are two general categories of risks and potential liabilities for users of the cloud: first-party risks and third-party risks. Generally speaking, first-party risks include lost income or business because of a cloud outage, the inability to access the cloud, or lost data. Third-party risks include the cloud user’s potential liability to customers or to various governmental or regulatory entities. These potential risks include lawsuits or claims from third parties resulting from a data breach or other cyber event. Other risks, which may be seen as both first- and third-party costs, include the costs to provide notifications after data breaches (if those costs are not the responsibility of the cloud provider), payment card industry (PCI) liabilities, and other data breach- and privacy-based costs.

Will your insurance cover the risks?

When considering a move to the cloud, give thought to one of your company’s most important assets – its insurance policies. The importance of time spent with your broker and outside insurance coverage counsel to discuss and understand the potential scope of coverage under your company’s insurance policies as it relates to cyber and privacy risks is amplified when thinking about moving to the cloud.

The best place to start this analysis is, first, by reviewing your company’s cyberinsurance policy. (Haven’t bought a cyber insurance policy yet? Click here for some helpful tips for when your company does consider purchasing that type of insurance policy.)

Next, take a close look at your company’s entire portfolio of insurance policies. Coverage may be available under traditional forms of insurance such as commercial crime, first-party property, and commercial general liability (CGL) policies. Regarding commercial crime policies in particular, the U.S. Court of Appeals for the Sixth Circuit found coverage for a data breach (though not necessarily related to the use of the cloud) under a computer fraud endorsement to a crime insurance policy for certain costs relating to a data breach. Also consider whether business interruption or contingent business interruption coverage within a first-party property insurance policy would provide coverage for a cloud-based interruption.

Companies should not assume that their insurance companies will agree that coverage for cyber risks related to the cloud is provided by so-called traditional forms of insurance. To protect against such risks, companies may look to cyber insurance policies that are marketed expressly as providing coverage for cyber-related loss.

What should companies look for when considering insurance for cloud-related risks?

Cyber insurance comes in many forms and variations. This growing insurance marketplace has led to a variation in forms and coverages being offered by insurance companies.

1. Look at whether cloud computing is covered specifically, and, if not, how broadly the coverage is written.

In the past, it was rare to see cloud computing in a cyber insurance policy, but now certain insurance carriers have started using that term in their forms. If the insurance policy specifically references the cloud, determine whether any special terms and conditions apply. Consider whether there are specific exclusions or coverage limitations specific to cloud-based risks.

For those policies that do not use the term “cloud” or “cloud computing” specifically, pay close attention to terms such as “network” or “computer system,” as those terms may affect directly the scope of coverage for cloud-based risks. Also, pay attention to limitations on the use of outsourcing, vendors, or other third-party service providers. Those terms may be written in a way that could encompass the outsourcing of hosting or support. If so, the insured should have a strong argument that cloud services are covered.

2. Determine whether sublimits and deductibles or retentions apply to cloud-related risks.

Modern insurance policies typically have limits of coverage that apply, capping the total amount of insurance that is available under the policy. Some policies have sublimits. Policies that contain sublimits of coverage may result in lower insurance policy limits being available for certain risks or types of claims. For example, an insurance policy may have a total policy limit of $10 million, but a sublimit of $5 million for cloud-based claims.

Also note that certain insurance policies have deductibles or self-insured retentions that apply to cloud-based risks. If so, that could limit the total amount of true coverage available for claims.

3. Consider the geographic scope of coverage.

Some cyber-security insurance policies, like first-party property insurance policies, may contain coverage based on events or incidents that take place in a certain territory, such as the United States, or for events or incidents that take place within a certain distance from the policyholder’s place of business. Considering the geographic limitations of a cybersecurity insurance policy is critical, in light of cloud providers and other vendors that may host data and software outside of the United States, as well as the increased amounts of global travel for company employees.

For companies based outside of or doing business outside of the United States, consider the issue in reverse: will the insurance policy cover any risks related to data sovereignty issues for countries outside the United States, for data hosted inside the United States (and outside those countries’ borders)?

4. Consider the scope of coverage for first-party risks relating to the cloud.

Companies should pay close attention to the scope of insurance coverage afforded for first-party losses relating to the cloud. If the company is unable to access the cloud for data, applications, or other purposes, how will the insurance apply?

Would another insurance policy, such as a first-party all risks insurance policy, apply if the risk was based on a weather-related incident? Would the cybersecurity insurance policy apply if there was a denial of service attack at the cloud provider? How long must the service be unavailable before the insurance policy provides coverage, and must the outage be continual?

5. Analyze the terms and conditions of contracts with cloud providers.

Companies also should look carefully at their contract with their cloud provider to understand what it will and won’t do for them in case of future issues. Cloud users should consider which company bears the risk of a data breach, and how much liability is transferred or retained for first-party risks, such as cloud unavailability. That knowledge will help companies in their risk transfer processes.

Scott Godes is an attorney with Dickstein Shapiro LLP. He is the Leader of the Intellectual Property Insurance Practice within the Insurance Coverage Group. He devotes a significant portion of his practice to representing corporate policyholders and insureds in complex disputes with their insurance companies. He also counsels policyholders regarding risk management and insurance coverage issues. He may be reached at godess@dicksteinshapiro.com. Mr. Godes also writes the award winning Corporate Insurance Blog and is on Twitter @insurancecvg.

Image credit: The Geffen Company

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

Dror Oren is the executive director at SRI Ventures.

In case you haven’t been reading technology news, 2013 is being heralded as the year of the enterprise renaissance.

And while I believe that to be true, the trend begs a bigger question of exactly what it means to be “enterprise” today. The lines between enterprise and consumer are increasingly blurred, and only becoming more so.

The conventional wisdom is that the innovative forces in the consumer market are now being redirected to the enterprise and “consumerizing” it. There is even a Harvard Business School class on the topic.

When people talk about the blurring lines, they typically think about things like ubiquity of consumer platforms (amplified by the Bring Your Own Device phenomenon) and consumerization of enterprise software’s user experience. But there’s something more fundamental going on here.

What we’re seeing today is not a swingback to the enterprise with the add-on of consumer models. What we’re seeing today is a swingback to more diversified revenue models and a refreshing change to the traditional go-to-market approaches … a head fake if I ever saw one.

Many of us have the inclination to track what investments are winning each year, pitting consumer against enterprise tech. But we’d be wrong to do that today. Over the last few years these two categories have become non-exclusive and less correlated, as once believed. To say, if one is projected to do well, it doesn’t necessarily mean the other will do poorly. So why is enterprise so appealing to investors right now?

First, this is all happening after 2012 investment levels dropped from 2011, and VC’s are being a lot more discriminating with where they’re placing their bets. That was more than confirmed according to the most recent report from Moneytree.

There’s less appetite for risk in the market.  Yet the traditionally risky investment in enterprise is, all of a sudden, the safer bet.

Here are my reasons why VC’s and entrepreneurs are flocking (for good reason) towards enterprise in 2013.

Consumer (and prosumer) first models have been fully validated

Consumer-first and prosumer-first models have shown to be very successful entries into the enterprise market over the last few years.

Prosumer success stories like Dropbox, for example, first started out as a consumer app that then later became widely adopted in the enterprise and were one of the first startups to show how you can get into the enterprise without employing a huge salesforce.

Other companies like Basecamp and Evernote have both lived very similar lives. And the list of examples goes on with Google Apps, Box, and more.

What investors are looking for is the next Evernote or Dropbox, where an app gains bottom-up traction in the enterprise and spreads quickly amongst professionals.  Most investors don’t like laying their money out for businesses that need to enlist a big salesforce. But taking the leap to the consumer-first enterprise model five years ago was even more frightening than a salesforce, so things have definitely evolved.

Now that the model has enjoyed so much success, it’s clear that investors and entrepreneurs alike have gotten over their fears, and in truth, are starting to look at enterprise as the next great, golden calf.

Consumer-first reduces risk and increases odds of disruption

While some of the assumed downsides of the consumer-first model have been disproven, there is an emerging understanding of the upsides of this new approach and why we’re all reading more headlines with the words “mobile-first, consumer-driven enterprise” in them.

The consumer-first approach creates two revenue models within one startup (over several phases in the lifecycle of the company) and allows companies to naturally expand their revenue streams when the time is right.

On one hand, you aren’t excluding yourself from the potential of hockey-stick growth and viral adoption with a consumer product. And on the enterprise side, you’re creating a direct path to near-term revenue and major long-term growth (enterprises are still spending way more money on IT than consumers).

Even more importantly, the startup can parlay early consumer traction into the enterprise offering, which is an advantage that most incumbent vendors have traditionally struggled to achieve. These startups can iterate on the product with real end-users long before they demo it to an enterprise. The time between MVP and a mature enterprise product is shrinking by the day. The new paradigm replaces a long lead time for an enterprise-level product with an early consumer product that evolves to a mature enterprise product with the help of early consumer adoption.

The consumer-first approach also increases the odds of enterprise disruption.

Typically enterprise software sales has required you to go through the CIO, which is a hard won process for even the savviest salesperson. With a consumer-first approach you immediately throw the formal processes out the window and enter the enterprise through the back door.

Every CIO on the planet struggles with consumerization, but the decision to buy back control when 60 percent of your employees are already using the free version of a SaaS application is a no brainer. Add security and BYOD to the mix, and the CIO almost has no other choice but to formally adopt a SaaS application that becomes popular.

In essence, you have a better chance of disrupting incumbent vendors by changing the rules of the game.

While they’re going door-to-door glad-handing CIO’s to get a pilot going, the savvy startup has skipped straight to end-user adoption. Hence, what seems like a shift from consumer to enterprise is just the result of a smart go-to-market decision by enterprise companies.

Lastly, barriers to entry are plummeting

Creating software, hosting it and deploying it is easier today than it ever has been in the history of technology. The inevitable merging of cloud, SaaS and mobile over the past year has caught the IT market by storm, and most importantly, lowered the barriers to entry not only for the startups but for investors too.

Ten years ago an enterprise Series A was a hefty round of funding by any measure.  Today, you can start that company for a fraction of the price.  Enterprise is finally becoming as lean as consumer.

More importantly, IT buying habits are changing rapidly.  The enterprise is getting more comfortable with SaaS and cloud technology, and the spending priorities have shifted. Even traditional and heavily regulated industries are joining the party.

Furthermore, the IT department isn’t the only group with IT buying power.

Historically, whenever the marketing or customer support department of a big business needed a piece of software, they had to literally walk to the IT department and make their case to the CIO.

Today, however, the marketing department has quickly become one of the fastest growing buyers of IT and are increasingly Chief Marketing Officers are buying the technology they need directly from enterprise service providers. In this 2013 IT spending report, it’s obvious that every budget has become an IT budget. All of a sudden, the enterprise startup is selling to a market that’s the same size as their consumer counterparts.

How this will continue to evolve is uncertain. All we know for sure is that the lines between the two will continue to blur, giving way to never-before-seen opportunities in the enterprise as walls continue fall and rules continue to get broken.

Dror Oren is the executive director at SRI Ventures, leading venture efforts from raw business concepts through to value proposition and the creation of a stand-alone companies.

In the two weeks leading up to RSA, a major security conference in San Francisco, corporate giants such as Microsoft, Apple, Facebook, Twitter, The New York Times, and others admitted that they were hacked.  Cyber attacks are wreaking havoc on nations, businesses, and consumers alike. But just the fact that people are paying attention might be a bright spot in our fight against this adversary.

President Obama stated that cyber-crime itself is a $1 trillion problem. Even if the amount is only in the hundreds of billions – Sony alone incurred $171m in damages related to its 2011 PlayStation Network breach – it is clear that the threat is at an all-time high.  The “bad guys” are more organized and better-funded than ever before, and their methods of attack are growing more and more sophisticated.

The good news, it seems, is that chief security officers (CSOs), chief information officers (CIOs), and more importantly, chief executives and corporate boards, have finally moved from denial to rage to facing up to the magnitude of the problem.

Industry leaders are recognizing that traditional approaches, technologies and solutions are insufficient. RSA Chairman Art Coviello, for example, acknowledged the shortcomings of the standard firewall and intrusion detection/prevention systems when he said “perimeter-based security reached its limits.”

As a partner at venture capital firm Jerusalem Venture Partners, which focuses on investments in cyber-security in a country known for its cyber-prowess, I watch developments in the industry very closely in an effort to locate the startups that can address security problems as they emerge – in what seems to be a dizzying pace.

What I see is that the industry does seem to be rising to the challenge in an effort to provide better solutions for governments, enterprises, and consumers. But those answers are not necessarily coming from established security vendors and so aren’t surfacing as quickly as they should.

A new favorite attack vector: BYOD

One attack vector being used more and more by hackers is through our mobile devices. Smartphone sales surpassed PC sales two years ago and, according to industry sources, 80 percent of employees use personal devices for work purposes. That compares with the 60 percent of enterprises that allow it. This BYOD (bring your own device) phenomenon allows cyber-criminals easy access to contact lists, critical enterprise information, transactions, and credentials.

Many of the current solutions to the BYOD problem rely on problematic rooting, or kernel-level access, or crippled user experience offered by dual-persona or container models. No wonder the winner of the RSA Conference 2013 Innovation Sandbox was a young start-up, Remotium, which tackles BYOD by using a virtual machine to run your “work phone,” which you can remotely access through your personal phone.

Its innovative approach has a real shot at making our smartphones more secure by essentially taking both data and processing to the cloud. Other similarly innovative approaches which attempt to protect our data rather than the personal devices themselves may better equip organizations for the BYOD phenomenon as well as burgeoning trends towards virtual organizations.

The shift to cloud-based enterprise infrastructure and apps creates even more attack vectors. Organized cyber-crime is taking advantage of the cloud and becoming a real revenue source for many rogue organizations. Cyber-attack infrastructure is already offered as a service by many of these groups. For example, botnets-for-hire, or a string of zombie computers used to launch attacks on healthy computers, can create damages in excess of half of a billion dollars a year (especially related to AdClick fraud).

Is anti-virus software cutting it?

What about anti-viruses – the classic cyber-defense? Unfortunately, existing anti-virus solutions has fallen out of favor with many given that it can only block malware it knows. Because it looks at digital signatures and stops those it recognizes to be malware, it misses a lot of the new threats that come through. According to Bret Hartman, CTO of the security technology group at Cisco, organizations have lost control of their end-points. The cat and mouse game is becoming more difficult and expensive to play.

We see many of the most promising end-point security solutions are moving away from signature-based approaches, like anti-virus software, and focusing on heuristics-based or behavior-based white-listing methodologies. While these solutions are not quite ready to take the place of current anti-virus solutions, especially not on the consumer level, they certainly act as a much-needed complement to available protection and will certainly one day vie for a place as the industry standard.

In parallel, industry-wide collaborative efforts helping cyber-intelligence systems to ferret out insidious malware, hand-in-hand with big-data based analytics and solutions are gaining significant ground in this ongoing battle. According to RSA’s Coviello, adaptive machine-learning and predictive analytics based on big-data are the secrets to success.

Where the startups really stand

Interestingly, many of the innovative new solutions being provided today are actually coming from the more nimble and dynamic startups in the field. The problem is, these startups often have a tough time convincing CISOs of their value. Unproven track records and prematurely released enterprise solutions offered by these unknown (and often under-financed or unstable) companies are problematic for large enterprises.

Startups also seem to form in clusters, latching on to the latest buzzwords. This makes it hard to explain exactly how they do things differently.

But none of that takes CISOs off the hook. To succeed in their jobs, they must engage with these innovative startups to help themselves and the industry find the right set of solutions. The enormous scope of the problem and its continuously evolving nature dictates the need to work with innovative startups, side-by-side with incumbent players.

In the end, it takes a global village. As the intensity and ferocity of cyber-attacks continue to grow, the “good guys” must understand that only through a concentrated, collaborative, cross-industry effort can we rise to meet these very serious challenges. Such partnership-based models joining VCs, strategic enterprises, academia and government will allow the industry to create a robust, proactive eco-system which can foster breakthrough technologies and approaches capable of meeting today’s cyber threats — and tomorrow’s. This multi-disciplinary, collaborative approach is the only way to stay one step ahead of the bad guys.

Yoav Tzruya is a partner at JVP, Israel’s leading venture capital firm. Yoav brings more than 20 years of executive-level experience in the IT industry, with extensive experience in cyber security, digital media, and enterprise software verticals.

Happy code image via Shutterstock

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

This post was written by Pankaj “PJ” Gupta, the CEO and founder of Amtel.

In 2012, any remaining arguments against BYOD were seemingly put to rest, and the practice of “bring your own device” to work gained broad acceptance.

Most companies approving a BYOD policy consider it a win-win situation — at least at first. Employees are free to use their favorite devices, and can seamlessly integrate their professional and personal digital worlds. Companies save some money and enjoy a productivity boost since employees tend to stay more connected to their jobs when they’re using their own devices.

Everyone’s happy, right?

It would be naïve to think that any radical change in the workplace could be that easy. And seeing as the flood of smart devices represents a truly disruptive technology change, it’s clear that we still have some work to do on the BYOD front.

Challenges conquered and challenges to come

A closer look at BYOD trends in 2012 shows that companies finally started to enjoy the benefits of BYOD only because their IT departments have overcome some of BYOD’s biggest initial challenges, which include:

• Finding the budget for a mobile device management (MDM) solution that can manage employee-owned as well as company-owned devices
• Giving employees secure access to email from their smart devices
• Enhancing security and, ensuring that the proliferation of mobile devices will not put sensitive, valuable company data assets at risk

In 2013, with BYOD programs accelerating and gaining traction, management and IT teams are now asking themselves, “How do we discourage employees from doing inappropriate things with their devices?”

The questions over inappropriate smart device behaviors sound a lot like the early fears about Internet access. Years ago, the big concerns on companies’ minds were things like online game sites, YouTube, and Facebook, which companies thought encouraged employees to waste time and, as a result, impact their bottom lines.

These questions are potentially more pressing with smartphones, which now give us millions of apps to play around with. The distraction level has never been higher.

And then there’s the data question. In addition to all of the above, IT departments must now consider how movie downloads and music streaming could slow down corporate networks, gateways, servers, and critical applications on those servers. And what about smart devices using the company’s WiFi network to share intellectual property outside of the company?

New rules and deterrents

With an obligation to protect company resources, data, and intellectual property, IT departments must somehow monitor employee “smart behaviors” and identify activity that puts their companies at risk.

Fortunately, best-in-class mobile device management (MDM) solutions allow IT departments to automate and customize monitoring based on the business environment and culture. A single solution can cover security, applications monitoring, and basic device management in an effort to provide IT departments with a central view of devices and their activities.

These solutions eliminate the need for IT to keep up with device trends, with ongoing support for the popular hardware devices, mobile operating systems, and applications.

Businesses can tackle BYOD holistically to make it much safer and productive to the enterprise. As a result, the scope of mobile-related IT best practices is evolving well beyond basic access control and data security.

For example, features like geo-fencing use GPS location boundaries to restrict behaviors that lower productivity, put the company at risk, or drive up telecom costs. While inside company buildings, games like Angry Birds and Cut the Rope can be disabled. Use of in-phone cameras can be restricted to safeguard trade secrets. Access to apps that require large amounts of network bandwidth can be limited to sites with WiFi, where their use does not drive up data costs.

Most employees have been quick to learn basic cell phone etiquette. Phones are set to vibrate; it’s almost universally considered rude to answer a call in a meeting. Thanks to newer MDM technologies, employees will also be quick to learn that inappropriate behaviors will be noticed. The company-driven policies will rapidly result in a new level of smart device etiquette in the office.

In 2013, there’s nor reason why BYOD can’t be a win-win-win situation—for employees, management,and IT.

Smartphone: Robert Kneschke/Shutterstock

A stealthy startup called Armor5 wants to alleviate fears about employees and remote workers bringing their own devices to work.

The Santa Clara, Calif., based Armor5 has a new way for mobile workers to access their company’s applications without sensitive data hitting their handset. The beta version is available for free as of today with a self-service sign up.

Chief executive Suresh Balasubramanian, a former general manager of antipiracy at Adobe, believes that BYOD (employees bringing their own devices to work) is a big problem for IT departments; they have “no choice but to deal with the issue,” he said. But it also raises “significant security, compliance and cost problems.”

You’ve been living under a rock if you’re not concerned about the security risks of BYOD. The topic was the center of discussions at the RSA Security conference, particularly given that the sophistication of attacks on corporate firewalls are increasing.

Balasubramanian told VentureBeat that competitors — including mobile device management and desktop virtualization (VDI) vendors — don’t address IT’s growing needs. MDM software used by an IT department to manage employee’s mobile devices is hard to administer, he explained, and VDI can’t deliver on all app functions.

A lot of companies have attempted to solve this problem by locking down certain apps or enabling IT to access specific parts of a personal device.

But Amor5′s approach is a bit different: The technology connects to a company network via an existing VPN, virtualizes Intranet data and cloud apps, and generates a URL for mobile workers to access content safely from a personal or company-issued device. The entire process takes just a few minutes.

Balasubramanian was brought on as CEO after the company incorporated in 2011. Its founders are former engineers from Microsoft, Adobe, and Motorola.

“CIOs are understandably concerned with data security given the rise of smartphones, tablets, and other mobile devices inside their organizations,” said Fred Wang, the general partner at Trinity Ventures, the firm that led the seed round.  ”Its [Armor5's] singular focus on the intersection of data security and BYOD, and its unique approach to solving the problem, is the reason we are investing.”

The startup has emerged from stealth mode today with $2 million in funding from Trinity Ventures, Citrix, and Nexus Venture Partners. 

“More devices, more problems” seems to be general attitude of IT managers dealing with the rise of the “bring your own device” movement.

But for mobile device management companies like AirWatch, more devices means something else: More money. The company has raised $200 million in a series A round led by Insight Venture Partners.

With AirWatch’s software, IT managers are able to track and monitor all of companies’ devices at once, saving them time and energy while reducing the risk of security breaches from unsecured devices.

The funding round is a big one for AirWatch, which has operated for ten years without the help of outside capital.

Besides the funding, there are clear signs that AirWatch’s approach has become an attractive one for businesses: It currently counts over 6,000 clients, including big energy companies, pharmaceutical giants, and most of the global airlines. AirWatch says it adds roughly 5oo new clients a month.

With the funding AirWatch says it plans to make some big-ticket acquisitions and continue pushing its existing products to new companies.

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

So you say you want a bring-your-own-device policy at your company?

Great — everybody’s doing it! But hold on there for a second: You can’t just start telling all your employees to bring whatever gear they’ve got and expect them to magically figure out how to make it work with your IT systems. (Well, that’s how we do it at VentureBeat, but like many startups, we fly by the seat of our pants a little bit.) As we reported earlier this month, 81 percent of companies have some kind of BYOD program in place, but only 37 percent of IT managers thought that their company’s mobile strategy was working well. In other words, there’s a lot of BYOD pain in the IT department.

If you want a successful BYOD program, and your company is larger than a couple dozen people, you’re going to need a more thought-out strategy.

Fortunately, Symantec has some advice for you. Tom Schröder, a senior specialist for enterprise mobility solutions at Symantec, worked with design firm Render Positive to create a BYOD policy flowchart, shown below.

Follow these steps, and you’ll be well on your way to BYOD bliss.

(Click the image for the full-size version)

Source: Symantec

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

You can sum up Forrester’s prognostications on 2013 mobile trends in three little words: This changes everything.

Well, duh.

Mobile phones are already well on their way to replacing cameras, cash, maps, remote controls, handheld gaming systems, boarding passes, tickets, cash registers, calculators, notepads, and much more. And they’re becoming globally ubiquitous: 1.6 billion phones were shipped last year; and by the end of this year, 1.4 billion smartphones will be in use.

So the question is not so much what smartphones can do, it’s what can’t they do. And the strategic imperative for organizations is to understand how they are going to meet the challenge of that change.

A week after sharing its vision of the top 15 emerging technologies, Forrester shared its view of the near future of mobile in analyst Thomas Husson’s report, released today.

Here are the top 10 implications for mobile, according to Husson:

Mobile becomes a strategic priority

1. Marketers will realize that mobile requires a total shift in marketing approach.
   This is one of the reasons Google baked mobile into AdWords by default, one of the biggest changes in AdWords in five years.
2. Tablets will be the biggest short-term disruptors.
   Advertisers like marketing on iPhones and Android smartphones, but iPad ads command the biggest premium.
3. Mobile platforms will catalyze next-generation connected experiences.
   We’ll see more technologies like fitness trackers that know what you’re doing without you having to tell them, or a smartphone app that lets you control your home from Tokyo.
4. Smart apps powered by big data and sophisticated analytics will help us complete tasks.
   Think a Siri from Apple that is more than just a cute add-on and that actually becomes a valuable personal assistant.
5. Mobile will play a leading role in engaging consumers in emerging markets.
   75 percent of all new phones are being sold in Asia and Africa. That might change something …

Mobile investments must rise

1. Mobile will require more formal organization, processes, governance.
   BYOD rocks, but IT is getting fed up of supporting what it cannot manage.
2. Leading marketers will take back ownership of mobile from agencies and vendors.
   You can’t outsource core, and mobile is becoming core. So you’ve got to learn from the best and bring at least some expertise in-house.
3. The role of mobile marketing manager will emerge.
   If Google needs a mobile marketing manager, why don’t you?
4. Finding the right strategic mix of staff will rise in importance.
   Even more than in other areas, you need the right blend of business, marketing, design, and technology expertise to succeed in mobile.
5. Spending will increase to enable mobile services.
   Mobile marketing has been a bit of a bargain, but as it’s become core, that’s changing. Technology and staffing costs are going up.

Husson will be discussing these trends in a free webinar on February 18 at 2PM UK time, 9AM New York time, and 6AM (ugh) San Francisco time.

photo credit: Rev Dan Catt via photopin cc

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

It’s tough to be in IT these days. Everyone wants to Bring Their Own Device (or two), get the company to pay for it, and beg the front-line geeks for help when it goes on the fritz.

A massive majority of companies, 81 percent, now allow employees to bring and user their own devices, and 56 percent of companies have codified that into their corporate guidelines, according to a new study by iPass and MobileIron.

“As more personal mobile devices with multiple platforms and operating systems are used for work, IT managers are challenged to safeguard corporate data and keep roaming costs low,” iPass CTO Barbara Nelson said in a statement. “And when mobility budgets are managed by departments rather than IT, data roaming costs can be hard to control.”

For the first time the majority of companies now manage their mobile costs outside of the IT department — only 48 percent of organizations give IT control of mobile costs and devices, down from 53 percent in 2011. And most IT execs see mobility costs rising in 2013, with almost one in ten saying they’ll go up more than 25 percent.

The average cost for a mobile worker is about $97 a month in fees for 3G and 4G data and voice plans. That’s partly due to expensive roaming plans, but also due to the fact that most workers now have multiple mobile devices: tablets, phones, and MiFi sticks.

All of those devices in all those hands also mean security and data loss can become an issue.

Over half of the companies surveyed – 477 in total, half with more than 1,000 employees — had some sort of security breach or data loss in the last year. In most of those cases, it was a lost or stolen phone that was not adequately secured … and presumably was not capable of being remotely managed and remotely wiped.

It doesn’t help when companies adopt BYOD without a plan in place. But even when there is, most IT pros think it’s insufficient.

“Of the 72 percent of enterprises with enterprise mobility strategies in place, only 37 percent of IT managers thought their own company’s mobile strategy was effective, while 35 percent felt that their company had an insufficient approach,” the study says.

photo credit: arycogre via photopin cc

Steve King is COO of Netswitch.

With the government failing to create any sort of standardized security regulations, the private sector is left to wonder what level of network security will be best for protecting company and client data. As the popularity of personal smart devices being used in the workplace increases, policies must be enacted in order to maintain a secure network.

The first step is to create a corporate policy on how employees will use smartphones and other personal computing devices on your network. Make sure that human resources and your legal department weigh in and that your policies become part of new employee orientation and ongoing employee training. But what other steps can be taken?

Here are six precautions to take to ensure security in the BYOD (bring your own device) era:

1) Training & understanding

All information technology networks are exposed to the difficult-to-control human element. Upgrading your servers and ensuring your firewall is solid is great. Right up until one of your employees clicks on a phish and your network is infected. A surprising majority of our clients (over 80 percent) offer no regular security training to their end users.

IT departments should conduct annual security and BYOD training for all users, teaching workers to avoid common security threats like phishing attacks and using established best practices for dealing with them when they occur. Since phishing attacks are so common, we assume that everyone knows how to handle them, but most employees have no idea how to recognize an attack or a scam. Companies that ignore this sort of employee training are unnecessarily exposing their networks to cyber threats.

2) Encrypt any data you don’t control

Over 70 percent of our client IT organizations don’t encrypt all of their cloud data and almost all of their cloud transactions. The reason is that it is costly in terms of bandwidth and requires faster and more expensive servers. Most public cloud services offer encryption services, and companies would be smart to both avail themselves of those as well as make sure that their most sensitive corporate data is encrypted. If the loss of the data doesn’t put your company at risk, then there is no need to take the extra steps, but if compromised data affects your bottom line, then it must be encrypted.

3) Start using a monitoring system

Now that you have defined a corporate policy to deal with personal smart devices on your network, you must implement a system to register, track, monitor and report on personal mobile device activity. You want to be sure that any smartphone an employee brings into the workplace to be used for company business is registered on your network and associated with that particular employee and his or her authorizations.

When an employee downloads an app to their device, you want to be sure that the employee is authorized to access the data and programs the app uses and that their behavior is consistent with a user profile (employee is stationed in New York, but her iPhone just accessed the Order Processing app from San Francisco).

The system should notify your network administrators when anomalies occur as well as prevent unauthorized access. It should also track and report on specific usage and activity created by these mobile devices, so you can optimize your network and identify suspicious behaviors.

4) Rotate SSH keys (at least) annually

Secure Shell (SSH) is a network protocol that allows data to be exchanged over a secure channel between two computers. SSH keys serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. One immediate advantage this method has over traditional password authentication is that you can be authenticated by the server without ever having to send your password over the network. Anyone eavesdropping on your connection will not be able to intercept and crack your password because it is never actually transmitted.

Additionally, using SSH keys for authentication virtually eliminates the risk posed by brute-force password attacks by drastically reducing the chances of the attacker correctly guessing the proper credentials.

A huge majority (over 80 percent) of our client IT departments fail to rotate SSH keys every 12 months. Because employees turn over about every two years on average, failure to rotate SSH keys at least once a year leaves critical network infrastructure wide open to malicious access from former staffers. And there are usually a few pretty unhappy former staffers. This should be done at least every year.

The differences between 1024-bit and 2048-bit are academic in that both have proven to be uncrackable. Most companies have not upgraded their encryption keys and are in serious danger of unnecessary exposure to brute force cyber attacks.

5) Have a plan for replacing compromised certificate authorities (CA)

Digital certificates are vulnerable to fraud, and must be replaced when they are compromised. We have found that most companies we evaluate have no management processes in place to ensure business continuity by quickly replacing a compromised certificate and its accompanying encryption keys.

There has already been a lot written about the CA compromises at DigiNotar, GlobalSign and Comodo in 2011. Browsers accept certificates as trusted in that they have the signing CA certificate in their local browser store. Browsers do not check that a particular CA is authorized to actually issue a particular server certificate. The trust is universal. That is why the attacks on DigiNotar, GlobalSign, and Comodo are so serious and have global impact.

If it is even suspected that your CA may have been breached, make sure that you have processes in place to both replace them and to evaluate their vulnerability on an ongoing basis.

6) Make sure your encryption keys are up to snuff

We have seen lots of companies that don’t use appropriately strong encryption keys, relying on the old 1024-bit symmetry. Back in 2011, NIST began reporting that 1024-bit encryption keys have depreciated in effectiveness, and minimally, the 2048-bit encryption should be used for all encryption keys. The shorter key length has already been broken twice, which is why you can’t guarantee that it won’t happen again with your website. You should make sure your root key is at least 2048-bit when generating your CSR (Certification Signing Request). This encryption level hasn’t been cracked yet and it is safe.

Ultimately, there is almost nothing an enterprise IT Manager can do to prevent these sorts of attacks and this is a technical and procedural problem that the browser vendors and device makers have to fix. In the meantime, however, we can at least replace any certificates that we know or suspect to be breached.

While the Electronic Frontier Foundation and other groups have spent months arguing over the various faults in the Cyber-security Act that just died in Congress, here is where the federal cyber-security legislation might actually have come in the handiest. We could actually use a central, non-bureaucratic organizing agency that concerned itself with issues like the global compromise of Certificate Authorities and support the required trust in our Internet enabled world, but alas, that may be just a hopeful oxymoron.

In the meantime, protect yourself with BYOD policies, a network that monitors and controls, encryption that makes sense, and employees who are smart about network security and the ways in which it may affect them.

Security camera image via Shutterstock

Steve King is COO of Netswitch Technology Management, a provider of managed services for secure technology infrastructure, and SAP in Thailand, China, and the US. He has over 30 years of computer industry experience in software engineering, product development, and sales and founded three software and services startups.

A stealth startup called Tomfoolery closed a $1.7 million seed round to make work “awesome.” It does this by developing user-friendly mobile enterprise applications that are as easy and enjoyable to use as many consumer-facing applications.

“In your personal life, social mobile applications are beautiful, their functionality is meaningful, and they let you to make real, human connections,” said CEO Kakul Srivastava in a statement.  “At work, today’s enterprise software makes us feel about as close to our coworkers as strapping spreadsheets to carrier pigeons.”

Startup land is all about fostering company culture, and multiple studies have found that a positive atmosphere in the workplace encourages productivity. Furthermore, the growth of Bring-Your-Own-Device and the distributed workforce has created a growing need for mobile applications that let employees work on the go. Tomfoolery designs its application with these principles in mind.

The founders have impressive backgrounds in management and consumer technology. CEO Kakul Srivastava is a former VP at Yahoo and worked as the General Manager at Flickr. Her cofounder, Sol Lipman, is a former VP of mobile at AOL and previously founded startups Rally Up, 12seconds.tv, and Sticky Inc. With Tomfoolery, they combined forces and applied their expertise to the enterprise world.

“Anyone with a smartphone and a job should care about the quality of apps they use in the workplace,” said Srivastava in a Q&A. “Tomfoolery is focused on enabling the spirit of fun and play that’s the hallmark of great team culture. Work doesn’t have to feel tough, or hard, or serious. In the best teams, work is awesome, it’s something fun and creative — and you can’t wait to get started when you wake up in the morning.”

There are many competitors in the social enterprise space, most notably Asana, Endesk, Jive, Yammer, Workday, Podio, and Chatter. Tomfoolery is distinguished by its mobile-first focus.

Investors include big names like Ash Patel of Morado Venture Partners, Sam Pullara from Sutter Hill Ventures, Yahoo cofounder Jerry Yang through AME Cloud Ventures, Andresseen Horowitz, YouSendIt CEO Brad Garlinghouse, and Tech Stars NY cofounder David Tisch.

Tomfoolery is still in stealth mode. The team of six is based in San Francisco.

WatchDox offers a more modern form of document security, raising $12 million to keep enterprise documents protected as they are shared on the go.

As employees work from their mobile devices, they often need to access, share, and control information from outside their organizations’ protected network. WatchDox’s platform provides “document-centric security.” Features include the ability to track shared documents, restrict recipients from copying, editing, and forwarding, setting expiration dates, applying watermarks, and change document permissions at any time.

The Document Exchange solution tracks all protected documents that come through email and there are various extensions that integrate with enterprise systems and APIs. Organizations can also set up specific Workspaces for sensitive, structured interactions, such as deal rooms and clinical trials. More than 500 enterprises around the world use WatchDox, including major financial institutions, government agencies, and Fortune 500 corporations.

This round of financing will help WatchDox expand its footprint in the financial services, pharmaceutical, biotech, legal, energy, manufacturing, insurance, and government markets. It also supported the acquisition of InstallFree in December,a developer of technology that makes applications accessible across devices.

Millennium Technology Value Partners, which provides “alternate liquidity solutions” participated in this round, along with existing investors Blackstone, Gemini Israel Funds, Shasta Ventures, and cofounder of Check Point and Imperva Shlomo Kramer.

WatchDox has raised $35 million to date. It is based in Palo Alto.  Read the press release. 

Cellrox has raised $4.7 million to keep our business selves, our personal selves, and any other selves we may have, separate.

Employees are increasingly conducting work from mobile devices. They are using their personal devices for work purposes, their work devices for personal purposes, or some ambiguious amalgamation of the two which can present significant challenges for security, as well as corporate transparency.

Cellrox has developed virtualization technology for smart phones that enables two or more “individual, completely independent, and secure personas to coexist seamlessly on one device.” It does this by creating a virtual wall between an employee’s applications and corporate applications. This not only eliminates the need for multiple devices but also helps maintains a clear dividing line between personal and professional activities.

Its flagship product is called ThinVisor and is currently available for Android-powered devices. The financing, led by Runa Capital with commitments from existing investor Previz Venture Partners and  Columbia Technology Ventures, will go toward forming partnerships with equipment manufactures (OEMs) and operators to spread the product’s reach.

Read the press release.

Call it consumerization or call it BYOD, but whether we like it or not, employee-owned devices have made their way into the workplace.

In fact, Gartner predicts that 90 percent of companies will support corporate apps on personal mobile devices by 2014.

But with this new technology wave comes a string of questions up for debate: Who’s responsible for security? Who really owns the data on the devices? And as mobile device management (MDM) becomes commonplace in the enterprise, should IT be allowed to remotely wipe data if an employee’s phone is lost or stolen?

Perhaps the real question should be, why wouldn’t we want the data wiped?

Today’s mobile devices are extremely personal and intimate, knowing us better than we know ourselves. Each device holds the keys to our most important personal information. They have our exact location at any given moment, our private contacts, personal and work addresses, schedules, financial information, personal/private photos, family information, all stored on these easy-to-lose devices.

Yet a disconnect remains: When we lose our wallets or purses, we immediately cancel our credit cards and change our locks at home. Why would we treat a lost device — with so many private details and insights into our lives — any differently?

Some argue that holding out hope for the phone to be returned makes a full wipe of the device seem too harsh and too permanent of an action.

Of course, the burden is on the consumer for regular backup, particularly when most personal devices contain as much critical data as computers. Regardless, research by Symantec (PDF) shows that there is, at best, a 50 percent chance of recovering a lost device (and likely drops closer to zero percent for a stolen device).

Furthermore, there’s an 80 percent chance that an attempt will be made to breach corporate data and/or networks regardless of whether or not whoever found the device intends to return it.

But even if users and IT agree that remote wiping is the safest action to take in this case, do organizations even have the right to remotely wipe data on employee-owned devices?

The short answer is that it depends. From a legal standpoint, it is usually determined by where the organization and employees are located. In Germany, for example, it is illegal for companies to wipe personal data from an employee-owned device. These companies only have the limited right to delete enterprise data from personal owned devices, so many opt for mobile management solutions that allow them to do that.

In the U.S., laws on this are more lax (or even non-existent). Most U.S.-based companies have employees sign Employee Agreements or Acceptable Use Policies over what IT can or cannot do with their computing devices. In most cases, we’ve already given IT permission to do pretty much anything with our devices if we — even minimally — use them for work.

The truth is, there is a lot of shared risk between employees and employers, so arguing over who should delete the lost device’s data is the wrong argument. With most security matters, a pre-emptive approach is best. In this case, close collaboration and understanding of what actions to take in the worst-case scenario.

Here are some suggestions:

Open the lines of communication: Employees need to know the risks they face on a personal level, as well as the risks the organization faces.

Create a plan: Don’t wait until a device is lost or stolen before figuring out the right course of action.

Have the right tools and technologies in place. There is a plethora of both personal and commercial options for automatic backup, remote wipe, security, and management of devices. With the amount of sensitive data we carry on our devices every day, there really is no excuse to be caught off guard.

Speaking of tools and technologies, it’s an exciting time to be in the mobile workplace. Employees’ and IT departments’ tech savoir faire is evolving at an unprecedented rate as groundbreaking technologies, devices, and apps make their way into the workplace.

Whether it is traditional MDM, Mobile App Management (MAM), Mobile Risk Management (MRM), virtualization, containerization, app wrapping, consumer or enterprise solutions, or a combination of these, there are a lot of innovative solutions out there. Now is the right time to figure out the best approach for your company’s mobile management and security strategy.

In the new enterprise mobile world, who owns security, data, and the responsibility of keeping our privacy, security, and sensitive information safe? In this case, I’d argue we are all on the same team.

Just as the new mobile world is about connectivity and hyper productivity, it is also a world of partnerships and trust. After all, when you use your device for personal and work purposes, it’s not your data or my data. It’s our data that is at risk.

Domingo Guerra is the president and co-founder of Appthority, a company focused on mobile security in the enterprise.

Top image courtesy of Viorel Sima, Shutterstock

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

SAN DIEGO, Calif. — Fear and loathing in the workplace. It’s the gigantic problem brought on by the bring-your-own-device (BYOD) movement as management pushes to lock down company data and workers clamor for personal freedom.

Unfortunately, the answer is by no means a simple solution, Symantec CTO Stephen Trilling said onstage today at the MobileCON conference.

Symantec, a 30-year-old anti-virus and security company, is playing to the fears of enterprises everywhere and using the conference to peddle a new arsenal of enterprise-friendly security products, including management and security tools to help app-makers make their applications more secure.

I do feel like Trilling from @symantec is playing the FUD factor here at #mobilecon cc/@swarnapodila—
Brian Katz (@bmkatz) October 09, 2012

But the company’s take on BYOD safety is admittedly incomplete, as the perfect system that will meet user and employer needs is one that calls on all mobile players to take part, from handset vendors to the carriers, according to the vision Trilling outlined.

“Users and corporations have different needs,” Trilling said.

Workers, he said, want the freedom to download apps, visit websites, use public WiFi, and access personal and work information wherever they are. Corporations, meanwhile, want to encrypt data so that it can’t be transmitted, and they need to know when devices are compromised. “Companies, ultimately and understandably, want to control access to all sensitive data,” he said.

Trilling concludes that a single solution must be flexible, impermeable, granular, manageable, resilient, and seamless.

In Trilling’s visionary BYOD world, the model system consists of four parts: industry standards, platform, containerization, and management.

More specifically, a single set of industry security standards serves as the base of the system. The platform tier assures, at the hardware level, that data is siloed, encrypted, and protected. Here corporation applications and associated data are isolated, protected from all the other applications on the device, he said.

Containerization, or the process of putting a secure bubble around an otherwise insecure app, gives enterprises the ability to control and contain application data. A worker, for instance, can only copy information between containerized applications owned by the same company and would only need to use passwords to access company services. With containerization, enterprises can look through enterprise data without scanning an employee’s personal data, and they can selectively wipe enterprise applications.

In the management tier, Trilling envisions a way for companies to manage these containers and set different authentication requirements for each application.

“No one company can do it,” he said of the Symantec vision.

Great point from Steve Trilling from @symantec: "70% support industry/government collaboration" #mobileCON http://t.co/92DicSMx—
Scott Griffith (@SWGriffith) October 09, 2012

The vision, dreamy though it may be, is integral to Symantec’s bottom line. The company made a majority of its fiscal year 2012 revenue, or $4.63 billion, from enterprise services.

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Anyone considering buying the iPhone 5 and iPod Touch will be wondering whether the new features make it better suited for personal and professional use.

Before releasing new devices to market, Apple can’t ignore the “consumerization of IT” trend and the growing user base that brings its cell phones and tablets to work. So with each new release, it’s driving deeper into the heart of the enterprise.

The suite of new features may not bode well for IT teams. For starters, they can expect to see an influx of reports from employees ‘accidentally’ dropping their corporate phones in the toilet and asking for an upgrade to an iPhone 5!

Apple’s new iPhone 5. (Credit: Meghan Kelly)

In all seriousness, in the enterprise, this will strike long-time Microsoft advocates down a few pegs. As Forrester’s CIO expert, Ted Schadler, puts it in a recent blog post, “With this release, it’s clear that Apple plans to keep making hits, to grow its ecosystem to solar system proportions, and draw in all the supporting players it can.”

Experts agree that all the buzz around today’s launch could prompt more companies to mandate a “bring your own device” (BYOD) policy, as employees will want to show off their swanky new devices at work. In addition, the 4G LTE will help Apple fans convince their IT teams, as frequent business travelers will no longer have to rely on company-issue phones.

Read more here about Apple’s launch event here.

New features that are relevant for Apple BYOD users include:

• The new aluminum backing — it’s far more difficult for employees to break than the glass screen. This will reduce repair costs and keep employees productive if they rely on an iPhone at work. As well as being less fragile, this is also the lightest model ever made.
• The larger screen-size — If iOS developers can develop applications to fit a larger screen, this will make it easier to view numbers and charts on business applications, and conversations on tools like Yammer. It’s the same width as the iPhone 4S, but is longer, now 4 inches on the diagonal with an aspect ratio of 16:9.
• Better video – Apple now has a full 1080p high-definition video on the iPhone 5. Good news for those who need to record video on the fly in their professional lives.
• Faster WiFi and LTE — in business situations, this will make it easier to run and display videos, presentations, and reports. For frequent business travelers, the 4G LTE will no doubt be useful.
• Improvements to Siri and triple microphones – Two of the mics are at the top front and back of the unit, and the third is located at the bottom. The boost in audio will come in useful at work, particularly during conference calls.

Top image via Shutterstock 

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Months after getting picked up by Ctirix, “Yammer with apps” platform Podio is making another big move: To the iPad.

Podio allows business users to create and integrate custom apps in a single collaborative workspace. This gives users an extreme amount of flexibility, allowing them to structure their workflows in ways that best suit their projects and businesses. With its new iPad app, Podio brings that flexibility to a device that’s just as mobile as those using it.

As with previous iterations of the platform, custom app creation remains the prime selling point of Podio. Podio says that over 65,000 apps have been created using the Appbuilder, which gives Podio users a fairly robust set of options even before they decide to create their own.

Citrix collaboration vice president Tommy Ahlers summarizes it well. “Bringing Podio’s all-in-one work platform to the iPad makes it easier and faster to collaborate while on the go with the convenience of a lightweight mobile tablet, but without sacrificing Podio’s functionality or sophistication,”Ahlers said in a statement.

As with the most basic Podio subscription, the iPad app is free. For larger businesses, Citrix offers Podio Premium, which runs for $8 per user per month.

Watch this video to get a better idea of how the platform works on the iPad.

By “device” I’m referring to anything that connects to the company servers or network. This includes a computer, laptop, tablet and/or smartphone.  The company network and server can be as simple as the wireless access point in the office for Internet or email service or as complicated as custom applications with encrypted VPN access.

First, there is no presumption of privacy at work as it relates to web browsing, email, or other activity. Yes, it is true, the cute message you sent to that special someone in your life or the website regarding an odd hobby you have that you visited during a break is not private and can be reviewed by company management regardless of your device.

Most people who have an iPhone love to use it. Consequently when given the choice, they opt to use their iPhone or similar device to have access to their email, calendar, tasks, and contacts while mobile; this is good for everyone involved since it can free up time for the employee as well as make them more productive. The developers of systems that provide the mail, calendar, tasks, and contacts work hard so things are readily available across all devices, including computers in and out of the office, smartphones, tablets, and web browser access. They also work hard at having things fully synchronize so that data is more difficult to lose. This is typically a great feature to have until you realize you may not want fellow employees to have access to your personal contacts, including “Uncle Sketchy” whose address includes prisoner number XXX. By being careful and selective about how the device is configured, typically you can keep different accounts separate, but as a rule, this is not the default.

My office manager brought up a good point a few months ago. I used over 6GBs of data with my smartphone in one month. The plan we are on has unlimited data, so it didn’t matter financially; it was more of a conversation starter since we are all pretty boring around here. But had this been with a provider that charges for excess bandwidth, I may have been charged with additional fees. And unlike telephone calls, it is difficult at best to prove whether the bandwidth was used for frantically downloading documents while at a client site or streaming Netflix movies on the weekend. Obviously, who pays for the service and how much is something that should be considered before merrily surrendering your iPhone so that it’ll sync with the company email.

Finally, what kind of support can you expect from the company in the event things stop or are not working properly with your equipment? Imagine that malfeasant employee you did not meet during the interview process gives you a file that turns out to be a virus requiring a complete system rebuild. Who is going to spend the time to do this? You on your weekend or the company IT staff?

As with any relationship, the parties bring different perspectives, qualities, and resources that can be mutually beneficial to all if they are willing to work together. Having a frank and honest conversation with your employer can help everyone involved.

Mark Oliver is the founder of Group Oliver a technical services organization that has been in business for more than 15 years.

[Top image credit: Robert Kneschke/Shutterstock]

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

The saying “Trying to catch a cloud and pin it down” is how many people feel about cloud security. But Zscaler believes it can actually do the job, and so does its first round of investors including Lightspeed Ventures, which just pumped $38 million into the company.

Zscaler’s set of products helps customers manage e-mail, Web activity, mobile devices, and various coud applications such as Salesforce through one hub, the “Secure Cloud Gateway.” The company calls it a “check post for all Internet traffic.” In the Secure Cloud Gateway, companies can set various policies and rules which the apps and devices must follow, and the secure gateway enforced those policies.

The San Jose company is far from alone when it comes to trying to protect the cloud. The fact is, people are bringing their smartphones to work and using social networks to be more productive in their projects, and companies are realizing that they don’t want to inhibit an employee by blocking their means of productivity with a firewall. So companies such as Zscaler, Qualys (which recently filed to go public), and on the mobile side, Mocana, are coming up with a slew of new ways to protect enterprises from the bad guys.

Thus far, Zscaler’s Secure Cloud Gateway protects its 2,500 enterprise customers, or over eight million. These customers are located across 160 different countries and the product itself monitors and protects over five billion “transactions” each day. In order to do this, the company has set up 100 different data centers, located globally, to deal with the traffic.

Aside from the Secure Cloud Gateway, Zscaler also conducts regular research in the field, which can be found in its ThreatLabZ section.

The company was founded in 2007 and hasn’t taken on venture funding in the past. It plans to pour the $38 million from this round into its products.

Security camera image via Shutterstock

Mocana wants to be a huge public security company one day. It thinks of itself as the new kid, beating out old guys who have trouble moving away from the PC. Looks like it’s the new, rich kid on the block too, as the company announced $25 million in its fourth round of funding today.

“It’s rare that team, tech, and brand align like they do inside of Mocana right now against a market that’s confused and so large — all of this with the backdrop of the incumbents tripping up,” said chief executive Adrian Turner in an interview with VentureBeat. “When we look forward, we think it’s actually of the scale to go and build the next Symantec or the next Citrix.”

Mocana’s investors in this round include Symantec and Intel, which owns McAfee, two huge security companies that you could certainly consider as Mocana’s competition. Trident Capital led the round.

The company has two lines of products: one protects mobile applications, the other is an “OEM” line that protects all kinds of connected devices. This includes televisions, smart meters, cars — all the way up to the SCADA industrial systems that the computer worm Stuxnet compromised in 2010.

The OEM product is all software, installed on the premises. It has 22 different modules that protect smart devices in different way. For example, one module monitors the interface technicians use to service smart devices remotely. Another encrypts data moving between devices. Customers can mix and match modules based on product needs.

The newer mobile apps protector is very similar, as it uses a lot of the OEM line’s intellectual property.

When thinking of how Mocana protects apps, Turner says we should imagine an embassy. The embassy is in a dangerous country, surrounded by enemies. But those inside are safe because of the embassy walls. The mobile apps sit in a kind of embassy, where enterprises can plug in various protections without affecting the rest of the phone, which is often a personal phone. For example, an employee may not protect his phone with a pin, but a developer can use Mocana to make sure he has to enter a pin to access the company’s app.

Currently, Mocana only services apps that are created in-house at an enterprise, not external ones such as Dropbox.

The company has a 12-month product roadmap, and Turner is confident that the decisions made in the last 12 months “have actually predetermined who’s coming out on top here.”

Mocana previously received $22 million in total funding from Intel Capital, Shasta, Southern Cross, and Symantec.

Security guard image via Shutterstock

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

The bring-your-own-device (BYOD) movement may be a dream come true for office workers, but it has one big problem: Office workers are really bad at securing their phones.

That’s the message embedded in a survey by IT risk and compliance services company Coalfire, which talked to 400 non-IT workers to get a sense of how well they are securing their mobile devices outside of the workplace.

And the numbers are, well, scary.

Let’s start with the big one: 84 percent of respondents said that they use their phones for both work and personal matters. That might not usually be a problem, but this use is joined by a worrying lack of basic security protocol: 47 percent of respondents say they didn’t have passwords on their phones, which immediately becomes a problem if the devices land in the wrong hands. (Just as bad: 36 percent said they reuse the same password, breaking Password Rule No. 1.)

But we can only blame the workers too much. Fifty-one percent of respondents said that their companies lacked the capability to remotely erase the data on their phones (28 percent said they weren’t sure). That’s a basic feature embedded in a large number of consumer-focused services and apps (including iCloud and Prey), so IT departments have no excuse for not doing so.

Perhaps worse, 49 percent of the survey-takers said that their IT departments had never talked to them about the state of mobile security, which likely explains why the survey’s respondents were so bad at securing their devices.

The only good news here is that users are increasingly turning to password management systems and encrypted desktop password files — which is a start, certainly.

Below is a infographic detailing some of the survey’s results.

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

The growing BYOD (“bring your own device”) trend, that’s seeing ever more businesspeople use their iPhones and iPads for work, has left IT managers scrambling to address the resulting security and support issues. But with Microsoft getting ready to launch Windows 8, the OS that will power Windows-based tablets such as Microsoft’s own Surface, that could soon change.

BYOD is an IT challenge that had its origin in RIM’s inability to develop a credible enterprise class alternative to the iPhone. As company executives began adopting iPhones for their personal use, the legacy nature of the Blackberry became intolerable, and they began to demand that IT make the iPhone an option in the corporate environment. Apple cooperated by providing its email clients with the ability to natively interface to Microsoft’s Exchange email server, IT required that the employee surrender some control of their device, and equilibrium was reestablished.

The initial introduction of the iPad did not disrupt the equilibrium. Based on the same software as the iPhone, corporate email connectivity came with the device out of the box. It was the growing pool of iPad applications and the accompanying user experience that changed the game.

Business executives, smitten with the almost sublime nature of the user experience associated with a well written iPad application, began to contemplate how this device could be used to enhance their business. And this is where IT’s challenge really ramped up. Line of business applications that could expose internal data through a relatively unmanaged device brought the full basket of normal IT concerns to the stage. Security, manageability, governance, and support are not in the genes of a consumer device. And even if they were, there is still the need to build parallel infrastructure to address these requirements, as the traditional IT players like Microsoft, IBM, and HP were not ready to incorporate these devices into their existing management products.

The ideal solution for IT is the ability to deploy devices with an equivalent user experience to the iPad that is natively manageable and can leverage existing development skills to build these newly envisioned line of business applications. And that’s exactly where Windows-based tablets come in.

Microsoft’s enterprise pedigree positions it perfectly to offer an enterprise-ready alternative to the opportunity the iPad has opened up. The company has spent over 15 years learning the enterprise. Servers on the backend. Clients on the desktop. Management and deployment servers around them. And an entire ecosystem that fills in the gaps between their products.  Windows 8 running on tablets, bringing the full updated — and some say improved — user experience that, if secure and managed, will give IT everything it needs and business leadership everything it wants.

The company’s heavy investment in the form of Windows RT for economical tablets, Windows 8 for consumer PCs, and an application store that can also be leveraged by IT to deploy internal applications further strengthens its position.

Business leaders have one core concern: Will investing in this technology improve our financial performance? The original decision to let the iPhone into the enterprise was driven by the productivity gap between existing smartphones and the iPhone. The iPad’s position today is rooted in its status as the best user experience that money can buy. With Windows 8 and its Metro-driven user experience stepping onto the stage accompanied by the ability to support all existing applications and ITs ability to manage it, Apple is finally facing a real competitor.

Mark Eisenberg is director at Fino, a business technology and consulting firm that provides cloud and mobile application design and development services to Fortune 1000 organizations. The company is headquartered in New York City.

[Top image credit: Vasilchenko Nikita/Shutterstock]

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Currently, one tenth of tablets sold worldwide are being used by corporations. More and more, mobile devices are finding their way into the workplace in a movement commonly referred to as BYOD (bring your own device).

While this has provided IT departments with a host of new security challenges, companies are now finding ways to work with the flow by creating and releasing proprietary, internal apps for smartphones and tablets; some even using their own app stores to do so. A recent survey of IT pros at 6,275 organizations found 66 percent were considering developing a corporate app store.

The influx of mobile devices into the workforce has created ample mobility, an increase in shared content, and instant access to presentations and conferencing capabilities. The apps on those devices need to target the specific needs of the enterprise in order to increase productivity and streamline workflow.  Consider, for example, General Electric which launched its own corporate app store, GE AppCentral, in 2009. So far, employees have downloaded applications more than 350,000 times, including apps for productivity and service-oriented software. GE has made mobilization a strategy to enhance business, as well as showing an ability to work with the growing popularity of BYOD.

While most consumer apps are distributed through systems like Apple’s App Store or Google’s Play, it can often be difficult to obtain approval for proprietary enterprise applications, because of the terms and policies of the store, as well as the concerns the company has about intellectual property and security. Stores such as App47, Apperian and AppCentral (not connected to the GE system) all contain a simple and familiar user interface, but are designed to distribute and share applications needed in the workplace.

Industries such as health care, pharmaceuticals, truck design, and architecture have begun developing their own applications. The Economist, Barclay’s, and PepsiCo are all setting up internal app stores for employees; Pfizer has an app that makes it easy for employees to track down and contact coworkers who are traveling; Aflac has several apps that allow the sales team members to access customer data and claims records, and IBM and Medtronic are both creating internal app stores to provide employees, contractors, and authorized users with apps that will enhance their abilities to complete job tasks. Even the military is looking into apps that can remotely control the camera on a drone from a tablet, as well as smartphone apps that give soldiers digital markers of unit members, receive images from drones or satellites, and an augmented-reality app which overlays an image from the camera with additional sources.

The possibilities are just beginning to be explored; Volate, a start-up, modifies smartphones for doctors and nurses and has developed several proprietary apps that allow employees to look up different medications and their side effects, or identify pills brought in by patients. Staff now only has to carry one device, and the noisy overhead paging system is used much less frequently. Some companies are even incorporating apps for an internal social-network such as Chatter, the social-network for Salesforce.com employees, or Blue Pages, IBM’s internal social network.

iPad at work image via Jenica26/Flickr