0

Zebra’s All The Way Down

By | Ideas For Your Business | No Comments

I recently had the opportunity to participate in Zebra’s Developer podcast hosted by Dan Quagliana and Mark Jolley from Zebra. I spoke a bit about some of our experiences dealing with deploying Software and OS Patches on Android devices in the Enterprise.

Listen to the full Podcast here:

The following are some of the highlights and notes from the questions that I covered during the discussion:

Software Patch Cycles – “Do it more often to make it easier”

For software patch cycles on enterprise mobile devices, my experiences have formed a belief that companies should spend more time building capabilities that will support being able to patch software.

With the shift from Legacy Windows CE devices in the enterprise to modern Android and iOS devices, the risk exposure associated with un-patched devices has increased. A few of the key trends that I see contributing to this risk exposure include:

  • Usage of cloud services – Historically, companies had put their line of business applications on servers that were located inside the corporate network (protected by their network controls and firewalls). Over the last 7 years we have seen more enterprises adopting cloud technology to help reduce infrastructure spend and increase scalability.
  • External apps and libraries – Leveraging external libraries or applications can introduce additional vulnerabilities if not patched correctly. The Equifax breach in 2017 was related to a known vulnerability that went un-patched by the team running the application that was hacked.
  • Wireless Usage – Before 2003, I observed very few mobile applications that we based on wireless. These legacy applications were designed to sync data at the beginning of the day from a cradle or wired connection. As wireless has become more prevalent, mobile devices and wifi networks have become a potential point of breach into your corporate infrastructure. The release of the KRACK patch in late 2017 was a good example of why it is necessary to patch devices.

A mindset change is needed to the way we did software 15 years ago. We need to get into a practice of working out our patching and updating process. Some of the best practices I would recommend implementing include:

  • Planned Patch Cycles – Plan patches on at least a quarterly basis for planned OS patches or upgrades
  • Repeatable Process – Build a process and team that can support updates and patches to your enterprise devices. Have the rigor and cadence to be able to handle standard patches and emergency patches.
  • Involve Other Teams – Involve application teams in your planned regression. Confirm that they are reviewing the 3rd party libraries they are using for critical security updates.
  • Involve the Finance Team – Budget for OS patches should be included as part of your annual maintenance costs.

Take a look at this blog post for more best practices around improving your upgrade and patching processes: https://bluefletch.com/blog/simplify-zebra-android-os-upgrades-by-embracing-them/

Usage of 3rd Party Library – “Stick with the big guys”

A bulk of applications in use today make use of 3rd party libraries (both open source and paid). These libraries reduce your application development times and improve the overall quality of your applications. But there are potential risks to using 3rd party libraries. Generally we look for libraries with the following criteria:

  • Usage – If there is a lot of usage for a library, it is more likely to receive critical security patches.
  • Size of Contributing Companies – Normally larger companies have the resources and bandwidth to make updates to libraries that they have created. Use trusted libraries from companies that are focused on maintaining and supporting the libraries.
  • Longevity and Age – look for libraries that are not too new, but have had multiple updates since they were created.

Based on a review of our Enterprise Android Application, I Identified the following three vendors were the most common sources of our 3rd party libraries in applications:

Google

Square

Zebra

Understand risk of Updates. – “Change is Chance”

For the process of determining which updates to apply, I always force myself to think of the quote “Change is chance”. One of my former mentors would always tell this to a younger version of me whenever I would get excited about the newest and hottest technology or product update that I was considering having my team implement. The main take-way from this mentality is that you should be mentally performing a risk analysis of any changes you are considering making.

From a basic filtering perspective, if it doesn’t meet one of these criteria, don’t do it:

  1. Does it make your application meaningfully more secure.
  2. Does it substantially improve the business results of the application.
  3. Does it make the application substantially easier to support.

If you are planning on making changes to your applications or process. I do recommend thinking about the following processes to make it easier to reduce the amount of work for each of your

  • Build Process / CICD – Be able to build all of your applications in a consistent manner. You should have a shared code repository, shared asset repositories, and a shared automated build box.
  • Regression Testing – You should have at a minimum: a dedicated test environment that mirrors prod (or a region in prod), a consistent smoke test process for updated apps, a team that is capable of signing off on an updated build.
  • Business Acceptance Testing – Have a process where the business stakeholders are able to review and accept applications updates before you send it to all devices.
  • MDMs for Deployment – Use an MDM to control your deployments and deployment cadence. Expecting end users to install an application update will cause you problems. If you are using web based apps, have a Blue/Green method for selectively activating an updated application version for pilot sites.
  • Pilot Process – Have a consistent process for piloting changes. A process should include pilot pre-requisites, communication process, feedback process, and roll-back process.
  • Device Analytics – Be able to perform analytics of devices as you roll out application updates. You should be able to measure at a minimum: Devices reboots, battery consumption, network usage, application launch count, application crashes, and application usage time.

Next Steps

If you would like more information about BlueFletch’s best practices around building and deploying enterprise mobile applications, reach out to us at: info@bluefletch.com

Richard Makerson Wins Atlanta Business Chronicle Small Business Person of the Year Award

By | Ideas For Your Business | No Comments

Atlanta, GA – September 24, 2018 BlueFletch CEO and Managing Partner, Richard Makerson, was announced  the winner of the Small Business Person of the Year, Best Minority Entrepreneur Award.

The annual Small Business Person of the Year Awards recognized Richard Makerson as metro Atlanta’s outstanding  minority entrepreneur who has owned his or her business for at least one year. The event honored winners in seven categories where they were evaluated for exemplary business achievement, customer growth, community leadership, industry influence and entrepreneurial success and financial success in the past year.

“I am overwhelmed and appreciative of this award. This is a team effort and shared by everyone at BlueFletch.” said Richard Makerson. “Operating from a purpose and building a business model around what you and only you can do makes all of the sacrifices worth it. Thank you Atlanta Business Chronicle for the opportunity. The process and exposure that the Business Chronicle brings is one of a kind.”

BlueFletch is team of mobile development experts dedicated to helping our enterprise clients solve business problems using mobility. Since 2008 BlueFletch has grown into a widely trusted mobile company in the enterprise space by developing high value line-of-business apps for companies in Retail, Consumer Goods, Healthcare, and Transportation & Logistics.

The annual Small Business Person of the Year Awards is presented by Atlanta Business Chronicle in partnership with Metro Atlanta Chamber. Award winners were announced at the Atlanta Botanical Gardens on Thursday September 20, 2018. Read more about how Richard sets the tone and focus of BlueFletch for our enterprise mobility service and product strategy here.

 

Telling the Story of Retail Products

By | Ideas For Your Business | No Comments

I recently stopped by the Elliot Bay Book Store in Seattle and was impressed with the amount of personal reviews their team had hand-written for book titles. I ended up picking up a lot more books than I would have at a regular book store where I would browse covers or spines of books. In this era of fake internet product reviews, it was refreshing to see a handwritten review from someone who read the text… additionally some of the reviews got a good chuckle out of me (see below). Could this well executed strategy of telling stories about products be applied to more than just a bookstore?

“Nazi’s on Drugs. Makes a lot of sense, actually”

Stories as old as the stars

As humans, we love stories. They help to connect us to one another, they help us learn things faster, and they form our understanding of how we perceive the world around us.  Prior to the invention of written language, knowledge was passed down from generation to generation by orators in the form of stories and fables.

Not only have stories been influential in how we learn, they have also been used to define how we behave and the actions that we take. Religious texts such as the Bible or Quran have been used to guide people’s actions and foundational beliefs. When we think about engaging and connecting with consumers of our product, we need to spend less time talking about product features and more time telling the stories of the products to engage and connect with our buyers.

Read More

Strategies for Enterprise Android Deployments

By | Ideas For Your Business | No Comments

As with all technology in the enterprise, uptime is critical for handheld devices.  To ensure this, mobile software deployments for thousands of devices requires careful planning, testing and attention to detail.  I’ve outlined some best practices and tips learned from assisting many companies with their rugged Android deployments via Mobile Device Management tools (MDMs).   The following are the key areas that I typically will provide guidance to companies on:

Test Environments

Test deployment on lab devices.  Utilizing your lab devices to trial deployment packages ensures that payloads apply successfully.  For example, if upgrading an Android application it must be signed with the same certificate to properly upgrade.  If not signed properly, an uninstall and reinstall would be required for the application to rev. This is also the time to test backout process to ensure recoverability (more on this topic below).

For large corporations, we have seen the benefit of having a mock store which is as production-like as possible.  This ensures a pristine environment in which all functionality and integration can be tested post-deployment.

Risk / Impact Assessment

Determine impact of your rollout.  The higher the risk, the longer the rollout schedule.  Changes such as OS patches are high impact and often require brief outage time.  This type of activity should be spread out over weeks. Low impact / low risk deployments like application releases or system config changes can occur silently in the background. These types of deployments can occur in just a few days.

Rollout Scheduling

Create a rollout schedule cadence based on your type of deployment.  A full rollout should never be done in a single night.  Phase the rollout over waves of increasing size while avoiding days with heavy store trading or limited technical support.  We have often targeted Monday – Thursday during close of business for official releases. A well phased rollout has a schedule similar to the one below.  Note, this example is for a major release such as WiFi proxy changes:

Read More

Atlanta Business Chronicle Q&A with Richard Makerson, 2018 Small Business Person of the Year finalist

By | Ideas For Your Business | No Comments

We are proud to announce BlueFletch CEO and Managing Partner, Richard Makerson, is a finalist for the Atlanta Business Chronicle 2018 Small Business Person of the Year Award. An excerpt of the Q&A with Richard that appeared in the Atlanta Business Chronicle today is below and you can read the entire article here.

The Atlanta Business Chronicle Small Business Person of the Year Awards take place Thursday, September 20th. Register here to help celebrate the entrepreneurs who help make Atlanta flourish!

 

Is An MDM Really Necessary?

By | Ideas For Your Business | No Comments

Nifty Tricks for Big DIY Savings

Almost a third of tax paying Americans, according to the Pew Research Center, decide every year to do their own taxes. I can imagine them asking “What is more American than doing something yourself?” Especially if you are saving money and time by doing so. However, I would argue that some of the tax DIYers are leaving money on the table and defaulting to a suboptimal process because that is all they know. Also, the alternative seems too daunting and time consuming for the potential value. The fear of the unknown and the lack of investment in time to find the best solution will leave them in a constant state of ‘what if.’

We Start with Good Intentions

We all start with good intentions. When rugged devices first were deployed into the wild, the modern MDM solutions we know today did not exist. The pioneers of enterprise mobility had to create solutions for the problems they faced. Early in my career at Accenture we essentially built a platform on top of Windows CE that allowed applications to shared common components in order for us to rapidly build mobile applications. However, so many of the legacy devices that have served in warehouses, grocery stores, airports, etc., need to be replaced and so should the old way of managing rugged devices.

When Opting Out of MDM

In 2018, there are still organizations that are deciding a MDM is not right for their organization. It could be the comfort of keeping the same process, fear of the unknown or keeping unnecessary costs down. Below are the only three requirements you must meet when choosing not to leverage a MDM:

  1. Less than 20 devices – When managing less than twenty devices.
  2. One Deployment Location – These less than 20 devices are all deployed to the same site/location.
  3. Manual Daily Deployment – When these less than 20 devices being deployed to only one site/location are handed to the users and turned back in at the end of shift every single day.

Then you can negate a MDM because this is the manual job that such a solution would replace.

MDM

Read More

Near Field Communication: Reading Tags With Android

By | Android, IoT, Mobile Development | No Comments

Near field communications (NFC) is an interesting technology that is built into most modern smartphones. Recently I read an article outlining how to read NFC tags on Android. The article did a good job at giving a basic overview of the implementation, but using the steps described left me with some questions and for my use case it did not work.

I’ve created this primer as a condensed explanation and implementation for those looking to add reading of Near Field Communication tags to their own Android project.

NFCImplementation

Permissions

As with any Android application, you need to add permissions to allow your application to use the devices’ NFC hardware.

Within your Android.Manifest file, add the following:

   <uses-permission android:name=“android.permission.NFC” />

If you’re releasing your application to the Google Play Store add the following to your manifest to ensure your application only shows up for those devices that support NFC.

    <uses-feature android:name=“android.hardware.nfc”
                  android:required=“true” />

To really cover your bases, you might want to ensure the device’s minimum Android SDK is API level 10 (or 16 for Android Beam support) for complete NFC functionality:

    <uses-sdk android:minSdkVersion=“16” />

Read More

Considerations for Staging Enterprise Android Devices

By | Ideas For Your Business | No Comments

Your organization has just purchased a few thousand devices and now you’re responsible for setting them all up. How do you quickly, consistently, and securely stage these devices so return on investment can be realized ASAP?

Each organization will have a unique approach to staging devices; however, there are overarching principles that should be considered by all organizations.  Ensuring the topics below have been addressed should help shape a reliable and scalable process for provisioning ruggedized Android devices. These concepts and recommendations are based on BlueFletch’s experience of designing and piloting staging processes for many clients, from a few hundred devices to over forty thousand.

Issues to be Addressed:

1. The Who, What, When, Where and How:

  • Who will be staging devices? Are you able staff up in times of high-demand?  Do resources have the know-how to execute ADB scripts?
  • What range and quantity of devices can be staged? Ensure solution can scale up for all devices, with consideration to future growth.  Can staging solution be applied to all corporate-owned mobile devices to ensure consistency?
  • When can the devices be delivered?  How quickly can a device be staged?  What about 10?  100?  Calculate your rate to ensure business requirements can be met.
  • Where will staging occur?  Some companies choose to stage their own devices at a corporate location. Larger companies tend to rely on their managed services partner (MSP) to purchase, house, stage and ship devices to sites. The same staging tasks can be completed by both, but if using a MSP ensure you have a solid working relationship.  Are they are capable of quickly adapting to staging changes and providing sign-off after successful builds?
  • How will the devices be staged?  There are a few methods to initiate staging of Android devices:  scripting via ADB is complex, but powerful, while barcode scanning is simplified and less prone to user-error.  Zebra’s StageNow is great tool for creating barcodes or NFC tags that kick off device provisioning.  If desired, StageNow can be compatible with any MDM (if you have the Agent and supporting enrollment files).

Read More

Balancing Simple and Useful

By | Ideas For Your Business | No Comments

Lots of buttons means it’s awesome… right?

I had a recent Uber ride in a Ford Explorer and was incredibly overwhelmed by the quantity of buttons on the dashboard.  It occurred to me that there must have been dozens, if not hundreds, of people in the design and review cycles for this product before it went to market.  I wondered if at any point in time someone stopped the meeting to ask: “Is this the best design for our average user”

By contrast, the picture below is of the steering wheel of a Formula one car. The design is by no means simple.  But, every one of the buttons is designed for a specific use case that the driver needs to perform during the race.  Nothing in the car is there because a designer said to themselves “I guess they might need a button to do XYZ… lets throw it in so the marketing guys stop bugging us about innovative features.”

Upon further analysis of my preferences, I realized I have a bit of crush on things that are very useful but are also simple.  The trick is to figure out how to balance these two sides of the simple/useful equation… It’s harder than you think.

Read More

What Should be in Your Mobile Proof of Concept

By | Ideas For Your Business | 2 Comments

Editors note: This post was originally published in February 2015 and has been completely revamped and updated for accuracy and comprehensiveness.

With most companies focusing on mobile strategies and investing heavily in software, tools and devices, there is a natural need to kick the tires before pulling the trigger on their next mobile-related investment. A proof of concept (POC) is an excellent way to test the feasibility of an idea or demonstrate a theoretical concept in practice.

My career path to Chief Executive Officer at BlueFletch was built on years of mobile proof of concepts. Many of these POCs have been in large enterprises and governmental organizations with a key focus on replacing legacy devices. Usually these companies require devices that are ruggedized and can survive in the end-user’s workplace environment.

We are entering another era of ruggedized device replacement for enterprises. The current fleet of devices in service are well past their service lifetime and are running Microsoft Windows CE, with an operating system that is effectively 10+ years old. Others, are running terminal emulation applications that should have been replaced in the late 1990s.

Read More