Self-protecting apps and the future of mobile application management


One of the more interesting areas of mobile security right now is the future of mobile application management (MAM). Earlier this year, I had a chance to speak with Andrew Blaich, lead security analyst at Bluebox Research who introduced me to the concept of self-protecting mobile apps.

Blaich explained to me that self-protecting apps are aware of where they’re running. The apps are aware of attacks that can happen on the application, passive or active attacks. Because self-protecting apps are device and environment independent, such apps could be an interesting option for an app you are deploying to partners and customers.

There are tools that malicious actors can use to hook into mobile apps to affect the app’s behavior or to change modification patterns. A self-protecting app can detect and protect against such malicious hooking.

He also gave me the example of a company that’s deployed a mobile app out to its employees. The company still allows its employees to use rooted devices. A self-protecting app can detect if the employees are trying to tamper with the app, trying to access data residing in the app, or trying to reverse engineer the app.

An app policy can either notify the admin or clear the data from the app.

Blaich points to Bring Your Own Device (BYOD) deployments and the fact that there are lots of Android device manufacturers doing their own thing. It’s a mass proliferation of Android devices with only a few vendors following Google’s Android standards. This lack of standards make is especially challenging to secure Android devices in enterprise mobility and BYOD environments.

Jailbroken devices remain a security threat across enterprises of all sizes. People can jailbreak their devices intentionally, or it can be something they aren’t aware of when they buy a device on Craigslist or eBay.

Blaich also pointed out to me that the mass proliferation of Android devices from vendors isn’t about to stop anytime soon.

“They all just do their own thing for the most part,” he said. You can do anything you want with Android, and with iOS for that matter. It’s a fact of life that mobile security professionals have to face and adjust their security strategies accordingly.

He also mentioned that his company examined some Android mobile devices where the true vendor origins of the devices were in doubt. Blaich and his team couldn’t be sure whether a given device was actually from that vendor or not.

Blaich gave the example of a Chinese-manufactured Android device where everything looks like it’s the real device, but the software on the device has been modified in a way where it introduced malware on the system.

“You’re continually going to have this problem where the devices might get modified in line in the distribution channel,” Blaich explained.

Self-protecting apps, MAM, and the future

Change has been the only constant in the mobile threat landscape, and that’s not about to change. The self-protecting app concept that Blaich introduced to me thrives on a changing threat landscape.

While I subscribe to a platform-centric future for mobile security, self-protecting apps complement such platform-based mobile security strategy. I especially like the concept of self-protecting apps for applications that an organization distributes to partners and customers since they’ll never have control over those user devices.

Where do you see the future of mobile application management going?

Image by Thom via Unsplash.com

Will Kelly is a technical writer and analyst based in the Washington, DC area. His writing experience includes writing technology articles for CNET TechRepublic and other sites. Will’s technology interests include collaboration platforms, enterprise mobility, Bring Your Own Device (BYOD), project management applications, and big data. Follow him on Twitter: @willkelly.

5 reasons to use personal spaces on wikis & collaboration platforms


I’ve been using Atlassian Confluence for about a month now as part of a new technical writing contract. While I’ve been a wiki and collaboration platform proponent forever, the move from work at home to client site based technical writer got me thinking about my attitudes and stances around wikis and collaboration again.

Personal spaces on collaboration platforms are such unrealized opportunities. For example, Atlassian Confluence includes Personal Spaces, and Microsoft SharePoint 2013 includes MySite. There’s so much that individual contributors and teams can do with these personal spaces including:

1. Share team only and non-project materials

If your wiki is organized around product or services workspaces, there are still going to be a few use cases that slip through that organizational schema. A personal workspace is where users can share content and items that would only be of interest to their co-worker and not applicable to the project as a whole.

For example, a technical writer might want to capture any research they’ve done on a technical writing best practice and place it in their personal space. Likewise, a personal workspace can be an ideal place to post any internal job aids for applications the team uses.

2. Capture and share notes and supplementary materials

I’m on record for being a fan of collaborative note taking versus sticking somebody (usually the person who was out sick the day before or the technical writer) with taking meeting notes. A personal workspace is ideal for sharing notes after a meeting or presentation.

A personal space is also useful to share any camera shots of the whiteboard and any meeting recordings as well.

3. Embrace the personal space as a social hub

SharePoint positions MySite as a social hub (amongst other things) and even if your enterprise hasn’t fully embraced enterprise social tools, personal spaces on a collaboration platform can make attractive social hubs with just making a few extra steps to setup and use the space on a regular basis.

4. Test out new features and page designs

If your wiki or collaboration platform is underutilized, a personal space can be a great way to test new features and page design before you unleash them on the rest of the unsuspecting collaborators in your organization. In more polite terms, start using new features in a personal space (if feasible) and introduce them to new users on a small scale.

5. Establish and communicate your expertise internally

Not every enterprise is rolling out an enterprise social network (ESN) or should they. The personal space on a wiki or other collaboration platform can enable users to share their business and technology knowledge with their co-workers.

A personal workspace is also where you can keep up to date personal brand information including:

  • Link to your LinkedIn Profile
  • Link to your GitHub presence
  • Downloadable resume (for proposals)
  • Downloadable bio (for marketing materials)
  • Long and short bios for marketing purposes

A personal space for you, a personal space for me

When project team members establish a personal space on a collaboration platform, it adds yet another channel for collaboration and communications, that the whole team can use.

This post was originally published on willkelly.org in January 2015.

Will Kelly is a technical writer and analyst based in the Washington, DC area. He has worked with commercial, federal, higher education, and publishing clients to develop technical and thought leadership content. His technology articles have been published by CNET TechRepublic, Government Computer News, Federal Computer Week, Toolbox.com, ZDNet.com and others. Follow Will on Twitter:@willkelly.

5 tips for outsourcing your technical writing


Even as so much of the software development and cloud industries move to agile development and DevOps, they can’t escape technical documentation. Having product and operations documentation in place can also help foster your corporate knowledge base taking technical information out of oral history and making it available to your entire technical staff and partners.

While you may not have the budget to have a full-time technical writer on staff, you can always outsource technical writing to a contracting agency, independent technical writer, or an editorial services firm on a project basis.

1. Write your technical writer job description

The technical writer role can be quite subjective so it’s best just to write your technical writer job description and set your organization’s standard for a technical writer. In the IT industry, there are workers with the technical writer job title who format documents and do light copy editing with no concern for the technical subject matter to technical writers who author original technical documentation based on their analysis of the subject matter.

If you want a proofreader, desktop publisher, or copy editor that improves the technical documentation produced by your technical staff, then you can go to an editorial services firm and save money because those jobs carry a lower hourly rate than a technical writer does.

However, if you want a technical writer who works independently and interacts with your technical team and with experience in your technologies, so be it. Put it in the job description. To spare your technical team and the project the indignities of a long learning curve, be specific on technical fluency of the technical writer you want to hire. A broad question can tax your team’s time unnecessarily while a technical writer already somewhat fluent in your technologies asking short questions and verifying technical facts means they are a benefit and not a resource hog.

2. Seek a technical writer with similar industry experience

While the last time you may have written a lengthy document was in Junior Composition class in college, you can still find and judge an outsourced technical documentation provider to meet your documentation requirements. When talking to the prospective contractor are they engaging you in a language you understand? Alternatively, are they just telling you what they think you want to hear? Probing prospective technical writer candidates for how they interact with technical staff

Don’t be duped into “Ignorance as an asset” because it is an industry myth that says a technical writer doesn’t need any technical grasp of what they are documenting. Bringing a technical writer onboard who can work independently and communicate effectively with your technical staff is going to be worth the extra dollars in hourly rate if it keeps your staff focused on the core business. While documentation reviews and iterations are the nature of well-done documentation, putting a writer on the project that is analytical and technically savvy can mitigate risk and shorten review cycles.

If the technical writer’s resume leads heavily with Society for Technical Communication participation and contest wins you may want to disqualify them outright. The Association is a vehicle for college technical writing professors to publish their theories. While they count many professional technical writers amongst their membership, the organization’s focus is on the theories and methodologies supporting technical communications and forgets about the execution and delivery.

Focus on their experience that meshes with your technical documentation requirements and not academic awards. SME Datacenter managers seeking a contract technical writer in most metropolitan markets can focus on the technical writer with data center and large-scale network infrastructure.

While you may not feel qualified to judge a technical writer for their work, you are more than equipped to hold a technical conversation with them during an interview. Probe them on their previous projects

3. Use a third party contracting agency to find a technical writer

Contracting agencies can be a viable third party for outsourcing your technical documentation because they handle the back office paperwork and have a staff of recruiters.

Unfortunately, since most agency sales people and recruiters come from non-technical backgrounds, you must be explicit in your position descriptions and statements of work and prepare yourself to explain to them the job at hand. Active feedback on the candidate resumes you receive from an agency is important because you don’t want to tie up your time sorting through resumes that don’t meet your requirements.

One minus is if you find a technical writer, you like is that most contract agencies

4. Hire a freelance technical writer

If you want your organization to skip past a contract agency’s high margin to provide you a technical writer, then you can always seek an independent technical writer.

5. Contract the work to an editorial services firm

There are full-service editorial services firms that may be an option for you. All the tips in this article still apply, but the agency’s margin remains.

Building the Better Technical Writer

Outsourcing your technical documentation doesn’t mean you have to forgo control. You can write your position description, and with some discrimination in the hiring process, you can find a technical writer who complements your technical team and does the heavy lifting on technical documentation projects leaving your technical team to focus on their core duties.

Will Kelly is a technical writer and analyst based in the Washington, DC area. He has worked with commercial, federal, higher education, and publishing clients to develop technical and thought leadership content. His technology articles have been published by CNET TechRepublic, Government Computer News, Federal Computer Week, Toolbox.com, ZDNet.com and others. Follow Will on Twitter:@willkelly.

Image by Negative Space via Unsplash.com

5 things your technical writer isn’t telling you


You can learn a lot about an organization when you develop their project documentation. In my time, I’ve had the benefit of working with a lot of smart people and even more people who thought they were the smartest person in the room. When you dig into project features, then the fun begins as the dynamic between engineering, product management, sales, and the executives can make or break a product and gamble with the future of the company. How folks answer questions remains a fascination to me.

Technical writing can also be a real interesting venue for observing ego and human nature.

Here are some more things your technical writer or requirements analyst isn’t telling you:

  1. If you fessed up and told me your product is vaporware, I’d be OK about it and could offer you some appropriate documentation and communications options that can satisfy (y)our potential customers or venture backing to give you and (y)our management team some breathing room. Just be honest with me and we can come up with a professional solution. However, you seem to think you are fooling me and many others. If I know you are full of s**t, then lots of other people sense the same thing that I do.
  2. While I am not an expert in the technology, I know you don’t know what you are talking about when it comes to the intricate technical details. If you aren’t fooling me, then who are you fooling?
  3. I am keeping a lot of project meeting notes. You’d be surprised how much you contradict yourself outside of those meetings.
  4. You danced around my technical questions. I played it off, so you could save face. I kept asking you the questions because I knew you couldn’t answer it.
  5. You don’t know as much about our technology as you portray. Your lack of technical knowledge isn’t a bad thing. However, you make it suck because you aren’t willing to sit down with the people who know and educate yourself about technology. Your underlings are willing to help if you would only ask. You can’t hide forever.

Will Kelly is a technical writer and analyst based in the Washington, DC area. He has worked with commercial, federal, higher education, and publishing clients to develop technical and thought leadership content. His technology articles have been published by CNET TechRepublic, Government Computer News, Federal Computer Week, Toolbox.com, ZDNet.com and others. Follow Will on Twitter:@willkelly.

An earlier version of this post was published on willkelly.org

Image by Thomas Martinsen via Unsplash.com

Mobilizing your corporate content in 2016


As a technical writer, I have a keen interest in mobile content management and how a mobile workforce can best interact with corporate documents anytime, anywhere, from any device. Looking forward, I think 2016 could be a good year for mobilizing corporate content but not without some challenges.

Challenges to mobilizing content in 2016

Here are some challenges that remain in 2016 for mobilizing corporate content:

Security
A top challenge to mobilizing corporate content remains security. The enterprise mobility management (EMM)/mobile device management market (MDM) saw some consolidation in recent years. The end user experience for these platforms varies with end users in some organizations not pleased with secure containers.

SharePoint
Collaboration platforms, in particular Microsoft SharePoint can pose another challenge to mobilizing corporate content. Getting past this challenges starts by having to get your SharePoint house in order as whole.Opening up SharePoint to mobile users means:

  • Opening up your network with virtual private network (VPN) access
  • Reviewing your SharePoint licensing
  • Convincing your user community to try using SharePoint again
  • Moving to Microsoft Office 365 (potentially)

The soon to launch SharePoint 2016 could help move the whole SharePoint and mobility story to a new chapter.

Commoditization of cloud storage and collaboration
While mobile collaboration champions point to issues around SharePoint and mobility, I’m going to go out on a limb and say the commoditization of cloud storage and cloud collaboration of the past few years is another challenge to mobilizing corporate content in 2016. Dropbox and Box amongst some other providers made some strategic moves.

Data governance
Unless there’s a watchful eye of a compliance auditor, it can be easy to ignore data governance for some organizations. I recommend that enterprises review data ownership prior to going to Bring Your Own Device (BYOD) and advise the same when mobilizing your corporate content in 2016.

Content fragmentation
Huddle, a startup cloud collaboration platform vendor (and Microsoft SharePoint challenger), created a white paper entitled Content collaboration for the mobile workforce captures another issue that I’ve seen dog enterprise content for years:

Content fragmentation is another issue. The vast majority of enterprise content is locked away in separate, siloed desktops, email, mobile, personal storage, and cloud environments. The problem is set to get worse too: the volume of content being produced is increasing exponentially every day, much of it duplicated and the vast majority of it only viewed once.

Mobility as a game changer

I wrote about mobile apps from Colligo and harmon.ie when I was freelancing for CNET TechRepublic. Both company’s mobile offerings along with Microsoft Office 365 are bright spots amongst the challenges facing enterprises wanting to mobilize their content. While I’m a fan of the SharePoint mobile client apps from both, there might be some need for end user training depending on the SharePoint culture in your organization prior to you mobilizing your corporate content.

My 2016 predictions about mobilizing corporate content

Here are my predictions for mobilizing content in 2016:

  1. Blackberry’s assimilation of the Good Technology platform stalls in 2016 as leadership and senior developers on the Good Technology side leave the company.
  2. More powerful tablets including the iPad Pro open up more opportunities for mobilizing corporate content in 2016, but the adoption of these new tablets won’t be enough to help mobilize corporate content in the new year.
  3. Consolidation in the MDM marketplace continues at an even quicker pace through 2016.
  4. A third party mobile SharePoint client developer becomes an acquisition target for Microsoft.
  5. Another EMM/MDM vendor pulls a Globo PLC winnowing that market down even further.
  6. Application programming interfaces (APIs) play an increasingly important role in mobilizing corporate content in 2016.
  7. An identity management provider suffers a security breach catastrophic to their client’s data in 2016 leading to sweeping changes in that market.

Final thoughts

I’ve had the pleasure to see the mobile and collaboration technologies up close in the past few years. What I hope to see in 2016 are more corporations find the right balance between technology, mobility, and data governance to mobilize their content securely.

Are you mobilizing your corporate content in 2016?

Will Kelly is a technical writer and analyst based in the Washington, DC area. He has worked with commercial, federal, higher education, and publishing clients to develop technical and thought leadership content. His technology articles have been published by CNET TechRepublic, Government Computer News, Federal Computer Week, Toolbox.com, ZDNet.com and others. Follow Will on Twitter:@willkelly.

Image by William Iven via Unsplash.com