Challenges to Consider with Enterprise Android OS Upgrades

By | Enterprise Mobility

OS Upgrades and Security Patches in the enterprise hardly ever consist of just a simple step. Apps need to be targeted for a new Android SDK, newly introduced settings must be decided on, and mobility extensions may need to be updated. On top of that, there are considerations for the varying environments and device states that must be accounted for. This post will highlight some of the challenges BlueFletch has encountered managing OS Upgrades in hopes to get your team thinking about hurdles that you may experience along the way.

BlueFletch has been tasked with developing a process and deploying OS Upgrades for many large fleets of enterprise Android devices numerous times over the years. Some of the problems are common across the board, and some are unique. In any case, we can group these challenges into three core areas: Network, Device Behavior, and Store Operations.

Networks

  • Poor networks: It’s 2019 and we still see sites with slow network connections resulting in unreliable downloads from limited bandwidth. This is especially true and problematic in rural areas, as we experienced when upgrading devices from inland Australia.
  • Unreliable downloads: Downloading large files from a remote server occasionally leads to partial or corrupted downloads. We have seen multiple retries needed to successfully and completely download the update package. Ensuring that remote servers are scaled properly or using local servers instead reduces the frequency.
  • Network over-utilization: After business hours, systems like POS’s run backup that impact bandwidth during OS Upgrade service windows. It is important to find these windows of limited network utilization and deploy during them to ensure you have reliable download performance. OS Patches can easily exceed 100Mb and when 40 devices concurrently attempt to download, networks quickly go pear-shaped.

Device Behavior

  • Persistence storage: An OS Upgrade will wipe everything from the device unless it is designated as persistent and stored in a secure folder. Unfortunately, some clients overuse this folder and the resulting lack of memory will cause nothing to persist. Ensuring only critical applications and settings are included in Persistence will provide a higher likelihood of success. At a minimum, the WiFi settings and MDM Agent must be persisted to apply to all other desired images.
  • Loss of proxy: When migrating devices from Jellybean (4.1) to KitKat (4.4), we found that the WiFi profile would remain on the device but wouldn’t carry over the proxy settings. The client required proxied traffic to reach the cloud-based MDM, thus all control over the device was lost.
  • AirWatch unenrollment after Upgrade: After an Upgrade, the AirWatch Agent reinstalls and validates enrollment. During a large deployment, we found a bug that affects about 5% of devices. Instead of re-enrolling, the Agent unenrolls the device and the link to the MDM is lost. The device becomes nearly a stock Android device that must be reconnected and enrolled.
  • Battery levels: Android requires at least 30% battery level to apply any patches or OS Upgrades. Ensuring the device is in a cradle increases upgrade success rates, but we have seen clients with not enough cradles to house all of their devices. One client didn’t even have cradles at all!
  • Non-compliant devices: Devices that are not fully compliant will always be an issue with a large enterprise fleet. How will these handle upgrade flow if they are missing a critical component like Zebra Power Manager? We separate these devices off into a different remediation path and clean them up periodically.

Operational

  • Non-business hours: Deploying during non-operating hours becomes tricky when dealing with stores across multiple time zones. Having the ability to phase deployments across local times will maximize service windows and give the most runway for Upgrades. Ideally, sites and devices are already grouped for the waves.
  • User interaction (barcode scan): We’ve experienced some scenarios where a process cannot be completed entirely over-the-air. For example, a client needed to connect to a proxied network to receive download and install commands so a StageNow barcode scan was required to add to the network. Barcodes should also be on-hand for remediation activities when a device does not re-enroll correctly or WiFi does not connect.
  • End of shift process: Stores should already be cradling their devices on close of business, but if they are not a huge opportunity to service devices in an ideal state is being missed. Enforcing proper device check-in ensures they are charging, close to WiFi, and most importantly – accounted for. Extra communications should be broadcast to cradle during the OS upgrade service window.
  • Automation in MDM: An OS Upgrade is rarely composed of just one .zip file to update the operating system. Many times there are driver updates, application updates required, and new settings that must be applied. Being able to automate these through triggers and inclusion rules will reduce breakpoints and minimize service time. A device should be able to have a “one-click” process that is thoroughly tested and escape proof.
  • Cleanup of old files: Devices may have gone through upgrades in the past already. Legacy files from prior OS upgrade activities sometimes are not cleared off and space needs to be made for the download of new packages. Surveying device storage ahead of time indicates if files need to be deleted early in the process.

Many of these challenges we’ve experienced can be overcome in a variety of creative ways. However, some required us to write code to handle them programmatically. We decided to combine all the solutions into a single OS Update Tool for Zebra. In my next blog post, I will address how our tooling solves these problems in detail. If you are interested in learning more, feel free to visit our microsite for our OS Update Tool or contact us at info@bluefletch.com

Richard Makerson Selected to Join Leadership Atlanta Class of 2020

By | Ideas For Your Business

ATLANTA – (May 1, 2019) – Leadership Atlanta, one of the oldest sustained community leadership programs in the nation, today announced BlueFletch CEO & Managing Partner, Richard Makerson, will join the Leadership Atlanta Class of 2020.

The Leadership Atlanta Class of 2020 program includes 84 established leaders from areas such as education, law, nonprofit, technology, media, healthcare, politics and government and are chosen to participate in a nine-month, executive-level series. Through retreats, full-day seminars, service projects, discussion groups and community tours, members explore critical community issues, examine themselves as leaders and build relationships of trust and mutual understanding.  The year’s class program is created and executed by a dedicated team of hundreds of Leadership Atlanta alumni volunteers, under the direction of the organization’s staff.  Each of these volunteers donates his/her time, experience, and expertise in order to create the best possible experience for class members.

“We are thrilled to welcome our 50th Class,” said Pat Upshaw-Monteith, Leadership Atlanta president and CEO, in a news release. “We are proud to continue Leadership Atlanta’s tradition of bringing together the region’s most influential, engaged, and creative leaders dedicated to working together for the greater good.”

This year’s Leadership Atlanta class consists of 84 individuals selected from more than 400 applicants across a variety of businesses and backgrounds around Atlanta. See the entire 2020 class here.

About BlueFletch
BlueFletch is team of mobile development experts dedicated to helping our enterprise clients solve business problems using mobility. Clients come to us to build mobile solutions when their IT teams lack bandwidth or available skills. Our team of 40+ experienced consultants, all based out of Atlanta, Georgia, help our clients move fast and deliver results for mobility projects that are critical to the business.

About Leadership Atlanta
A group of concerned citizens at the Metro Atlanta Chamber of Commerce formed Leadership Atlanta as a formal initiative to address the growing need for a well-informed cadre of committed leaders. The first class was selected in the summer of 1969. It is the mission of Leadership Atlanta to build a better community for everyone in the Atlanta region through education about the key issues facing the region and inspiring members and others to take on and exercise real leadership committed to serving the common good. Since 1969, a diverse group of over 3,000 men and women from metro Atlanta counties has completed this program.

Best Practices for Mitigating Device Loss

By | Enterprise Mobility

As enterprises decide to invest in purchasing modern rugged devices, they should also be taking steps to mitigate devices from being lost or stolen. The true cost of losing a mobile device (including laptops, tablets, and smartphones) goes far beyond the price of replacement and poses many dangers to an organization if the right measures aren’t in place.

Device loss happens in a variety of ways. Some of the most common include:

  • Employees misplacing them in the store (e.g. left in a box, behind items on a shelf, in a locker or drawer)
  • Employee theft
  • Public theft

It’s important to understand and communicate to stakeholders that device loss is not 100% preventable. Occasionally devices get misplaced by an employee or stolen by a curious customer wanting to resell the hardware on eBay; point being, sometimes things happen that are beyond our control. You can, however, put measures in place that mitigate device loss and protect you from security risks. 

Device Accountability

Putting device accountability measures in place is a great way to mitigate device loss for companies of all sizes. Let’s walk through a few measures that can help your organization begin mitigating device loss.

Device Level Single Sign-On

Single sign-on involves users logging in and logging out of whichever device they are using during their shift. Each time a user logs in and logs out of the device an auditable trail, known as check-in and check-out, is created. Having an auditable trail in place often helps reshape employee behavior by improving the level of care they put into handling and securing devices throughout the workday.

Device Telemetry Data

Telemetry data captured on devices can be used as breadcrumbs to hone in on a device’s current or last-known location. It’s especially useful for the warehouse use-case, where finding a misplaced device is difficult due to the large space and noisy environment. Let’s say a device has not checked in since the previous night and an employee during the morning shift needs the device to do their tasking. If the device administrator has access to battery information and network information, along with the check-in/check-out data, they would be able to see who had the device last, when the device was last seen on the network, which network access point the device was pinging and it’s signal strength. With those data points, the admin could begin a more informed search for the device.

Device Tracking

In an age where consumers are accustomed to being able to “find” their devices by simply logging into a portal and clicking a button, it should come as no surprise that Enterprises would want the same level of convenience. Device tracking in real or near real-time is another great way to mitigate device loss and as a result, becoming standard requirements for more and more enterprises.

Audible Alerts

If you own an iPhone or Android smartphone, then you are likely familiar with their respective “Find My iPhone/Device” features. When a device goes missing, the user logs into a portal and sends a command to the phone to force it to play an audible sound, usually at a high volume to make it easier to locate.

Some top-tier solutions, such as BlueFletch EMS, take this feature a step farther by utilizing automatic alerts. Automatic alerts can be leveraged through baked-in configurations that cause devices to play an audible sound whenever certain criteria are met, such as:

  • Predetermined battery threshold is reached (e.g. 15%), the device has not detected movement, and it’s not charging.

We’ve heard the stories before – an employee leaves a device on a shelf in the stock room, accidentally misplaced on top of a box, or left inside a locker with no eyes on it. Automatic alerts to the rescue right? Well, just like the tree falling in the woods, if no one is around to hear it, then…you see where I’m going here? Luckily, there’s a solution for that, and it’s a concept known as broadcasting.

Broadcasts

In a similar vein to the configured automatic alerts, broadcasts occur when certain criteria are met. But instead of dispatching an audible noise, the device sends a notification in a number of different formats, such as:

  • Email
  • Text
  • Notifications to dashboard

Broadcasts are especially advantageous for supply chain, warehouse-centric, or other industries that have large outdoor spaces where hearing an audible alert may not be possible.

Visual Tracking

Arguably the most complex form of device tracking is visual. Visual tracking usually involves a real or near real-time visual representation of devices overlayed on a map or diagram of the site where the devices are deployed. There are a number of factors that need to be considered in order to make visual tracking successful, such as:

  • Sites need to be mapped and recorded, including updates and changes to the layout
  • Strong network infrastructure to support triangulation via access points
  • Define the level of precision that is required
  • Impact study how items stored in a location may affect signal strength (e.g. walking through an aisle of packaged liquids will affect signal strength at certain frequencies
  • Availability of GPS

Device-to-device locating is a more recent development of Visual Tracking. Think of it as using one device as a homing beacon or metal detector to locate another. Solutions can be innovative by leveraging augmented reality (AR) to guide the user towards the missing devices, or as simple as displaying a map or diagram of the site on the screen, which is more in line with the traditional method of visual device tracking.

Final Thoughts

Although there are a number of valuable solutions currently available to help mitigate the loss of enterprise devices, protecting against the loss of enterprise devices starts with employee training around device use best practices. Employees should be responsible for taking simple actions such as:

  • Putting devices on their cradles/chargers whenever an employee finishes their shift
  • Using holsters or lanyards for devices when carrying devices on their person
  • Avoid putting devices down in random places throughout the day
  • Avoid placing devices in drawers or lockers

Rugged enterprise devices are not only expensive to replace, they may be carrying valuable and sensitive data which, if breached, can be costly to the organization in ways that money alone cannot cover.

If you’d like to learn how BlueFletch can help you mitigate device loss, please contact info@bluefletch.com.

Device Loss and Potential Threats to Your Organization

By | Enterprise Mobility

Rugged devices from Zebra Technologies, Honeywell and Samsung are closing the gap in performance to their consumer counterparts, which is allowing enterprises to gain operational efficiencies and provide better customer experiences. However, with the continued adoption and replacement of legacy mobile devices, the security threat that lost devices create should not be ignored.

A recent study from Kensington reveals 4.5% of company-issued smartphones are lost or stolen every year. To put that in perspective, some of your favorite brands managing over 100k devices could be losing nearly 5k devices each year if the organization is not properly protected. IT systems are vulnerable to threats if they don’t facilitate a comprehensive security strategy that includes protocols for lost or stolen devices. 

Below are 3 critical impacts from a lost or stolen device that all organizations with shared devices should prepare against:  

1. Exposure of Company Data

Data should be encrypted at rest and encrypted in motion. Period. Having a device within your 4 walls or only on your network is not enough protection. Data encryption at rest prevents the visibility of business-critical information in the event of its unauthorized access or theft. Many applications, especially on cellular devices used in the field, will need to collect, store and transmit data once a connection is available. Is your data currently protected?

Data encryption in motion has become very commonplace. All the major cloud providers by default support HTTPS connections to ensure that consumers are securely accessing data. However, many enterprises are still hosting APIs on-premise on self-managed infrastructure. Are all connections over HTTPS for your organization?

Questions to consider:

-Are all data connections for the organization over a secure protocol? e.g. HTTP
-When is the last time the organization has conducted an audit of how, where, and what type of data is stored on device?
-If a data breach did occur, how nervous would the organization be?

2. Financial Impact

Lost or stolen devices can also be a financial drain on an organization. Replacing a lost rugged device is not cheap. Many of the rugged devices from Honeywell and Zebra Technologies have a list price north of $1,000 per device. Gartner also estimates that the cost of an unrecovered mobile phone is at least $2,500 per device. These costs are based on the value of the data on the device – the loss of intellectual property and the impact of potentially compromised proprietary data.

When you consider the cost implications of employee downtime, the financial impact rises even further. Lastly, device loss drains IT resources for large organizations, as they would typically have to outsource the break/fix support functions to resellers like Stratix. These additional costs can be saved with the right solutions in place.

Questions to consider:

-What is the ROI for reducing lost and stolen devices by half the organization?
-Does your organization have the correct tools to support lost or stolen device scenarios?

3. Network Vulnerabilities

Back to my earlier point that data must also be encrypted in motion. Why? Not encrypting data in motion gives a bad actor the opportunity to reverse engineer how data is transmitted to APIs and possibly see how devices are connected to your network or access points.

Many software developers use reverse engineering to improve their own code or to improve interoperability between programs. However, a bad actor looking to gain business intelligence or inject malware into a system could begin the reverse engineering of an organization’s infrastructure with a lost or stolen device.

A lost or stolen device can become the key to your network if left unprotected. In December of last year, Blue Cross Blue Shield of Michigan had to inform nearly 15,000 members of its Medicare Advantage health care plan that their personal data was at risk due to the theft of a device containing their data.

Questions to consider:

-If a rogue device gained access to the network, would that intrusion be detected?
-How often is the network’s firm and access updated?

Enterprise mobility is at the core of what we do at BlueFletch. Typically when organizations bring us in for mobility transformation engagements, preventing lost or stolen devices are not at the top of the priority list. Having the correct processes, procedures and solutions in place are key to protecting IT systems and your mobile investment.

Device Accountability vs. Device Tracking – How They Differ

By | Enterprise Mobility

Rugged devices enable employees to streamline daily tasks and deliver excellent customer service in more efficient ways than ever before. As a result, companies are making wise investments in rugged devices and mobile strategy. 

But what happens when those investments disappear? Well, when they disappear for good, we call that device loss. If they happen to reappear, we call that luck…unless you have good tools in place to mitigate the loss. We won’t go in depth about how to mitigate device loss in this article, but instead, I’d like to set a baseline for two key concepts: Device Accountability and Device Tracking, which together are part of what we will call Device Visibility.

Device Accountability and Device Tracking are often used interchangeably, and understandably so. A few weeks ago, I was sitting in a meeting where I was talking to some clients about Device Accountability and how our EMS product can help mitigate their device loss. During the Q&A session after my presentation, I was asked about the various features of how our product could help “track” their devices. It was in that moment when I realized that technology and solutions around understanding the whereabouts of rugged devices in enterprises is still emerging, and so are the concepts behind them. That said, let’s dive into the differences between Device Accountability and Device Tracking.

Device Accountability

Think of accountability as an auditable trail of who, what, when, and where the device has been. The “accountability” helps to reinforce associate behavior in how they handle and maintain the devices. Here are some example questions that may be raised during an audit trail of Device of Accountability:

  • Who had it?
  • When did they have it?
  • How long did they have it?
  • Was it returned to its charger/cradle?
  • Where was it last seen (AP, SSID, cell tower)?

Device Tracking

Tracking is pretty much exactly how it sounds. “Tracking” devices focuses on seeing a device’s movements or history of movements through some form of visual representation or through actions that cause the device’s location to be known. Here are some ways tracking devices occurs:

  • Ping the device
  • See the device on a map (from a terminal or another rugged device)
  • Automatic defensive measures on the device itself
    • Device plays audible tones set to configured thresholds and events
    • Device broadcasts an alert or notification set to configured thresholds

Now that you’re well-versed on the differences between the concepts of Device Accountability and Device Tracking, be on the lookout for my next post discussing best practices for how to mitigate device loss.

BlueFletch Named as a Top 40 Innovative Technology Company

By | BlueFletch Culture & News

Technology Association of Georgia Honors 40 Companies for Innovation and Contributions to the State’s Technology Community

ATLANTA — (Jan. 23, 2019) — The Technology Association of Georgia (TAG), the state’s leading association dedicated to the promotion and economic advancement of Georgia’s technology industry, today announced BlueFletch as one of its Top 40 Innovative Technology Companies in Georgia. TAG will recognize honorees at The Summit 2019 event on February 11-12, 2019, at the Cobb Galleria Centre.

TAG’S Top 40 Awards recognize Georgia-based technology companies for their innovation, financial impact, and their efforts at spreading awareness of Georgia’s technology initiatives throughout the U.S. and globally. Read More

BlueFletch to Introduce Enhanced Enterprise Launcher with Facial Recognition at NRF’s Big Show

By | BlueFletch Culture & News

ATLANTA, GA, Jan. 9, 2019 – BlueFletch, an Atlanta-based mobile development firm focused on building innovative solutions for enterprises, and a Zebra Technologies’ PartnerConnect Premier Independent Software Vendor (ISV), will be exhibiting in Zebra’s booth (Booth #2101) at the NRF Big Show 2019, Jan. 13-15, at the Jacob K. Javits Convention Center in New York.

BlueFletch will demonstrate “Touchless Authentication: Fast Employee Login”, showing retailers how their associates can quickly and efficiently log into Zebra’s TC52 and TC72 devices and immediately access their applications using facial recognition technology.

  • Touchless single sign-on results in increased productivity through faster log in. With our solution, associates would only have to log in to the device once, rather than every time they open an application throughout the day. Having a simplified login process reduces helpdesk tickets related to login issues.
  • Facial recognition technology offers increased device control and accountability. Companies can lock down settings and restrict applications based on user permission levels (e.g. managers vs. associates). Logging in/out of devices creates a record of who last used or is currently in possession of a device.
  • For more information on the National Retail Federation, please visit: https://nrfbigshow.nrf.com

 

Brett Cooper, Founding Partner, BlueFletch

“We’re looking forward to showing our touchless authentication solution at NRF running on Zebra’s enterprise-class mobile devices. Finding ways to increase productivity, security, and control is a top priority for all retailers, so we’re excited to showcase a solution that can make an immediate impact.”

Richard Makerson, Founding Partner, BlueFletch
“Retail’s BIG Show is always a BIG deal for us at BlueFletch. I am personally excited to showcase the new features of our BlueFletch Enterprise Mobility Suite that take advantage of the capabilities on Zebra’s newest mobile computing devices.”

About BlueFletch
BlueFletch is team of mobile development experts dedicated to helping our enterprise clients solve business problems using mobility. Clients come to us to build mobile solutions when their IT teams lack bandwidth or available skills. Our team of 40+ experienced consultants, all based out of Atlanta, Georgia, help our clients move fast and deliver results for mobility projects that are critical to the business.

Media Contact:
Paige Pickert BlueFletch / paige.pickert@bluefletch.com / 855-529-6349

New Year’s Resolutions for Developers

By | Development, Enterprise Mobility

I am not big on New Year’s resolutions, mainly because if you need to change something, don’t wait till the new year, just make the change. While I was driving home from vacation, stuck in traffic, I started wondering what the development teams I work with can do differently in the coming year.  Thinking about what we should focus our energies on,  I came up with some “resolutions” for the new year. As with any resolution or goal, not all are needed to be completed or followed, but as a developer, if you can accomplish any of these, you will improve your development skills and also help teach the developers that follow you.

Read More

How to Tell When You’ve Been Given a Good Project Estimate

By | Enterprise Mobility, Thought Leadership

Let’s say you are a member of your organization’s IT Department, and you have engaged a third party vendor to develop a customized software solution for your company. When they provide you with a cost estimate for the statement of work, you will have to determine whether the estimate at hand provides good value for your company and can be delivered by the proposed timeline.

Here are five suggestions for how to determine if your software vendor has made a good project estimate:

Don’t Cut Corners During the Design Phase

In the hurry to get a Development SOW signed, design is often taken as ‘easy’ or as a ‘given’; however, rough drawings or high-level descriptions of what software should do does not provide enough information to understand the true complexity of a project. Good design often takes months. Companies who have deep experience in software development will have an active design team that will work hand-in-hand with the project Architect AND end users to detail each and every flow, feature, and edge case for a project. If your software vendor provides you flow diagrams, high fidelity prototypes (such as Invision click-throughs), detailed written requirements, and have had at least two full design feedback sessions with your software end users, you are in a good place. Money spent on design will almost always save you time and expense on the overall project. Read More

BlueFletch and The Home Depot deliver key insights on rugged vs. consumer-grade devices at Zebra Partner Summit

By | BlueFletch Culture & News

Brett Cooper, a Partner at BlueFletch, will be joining a session panel at the Zebra Partner Summit on Thursday, November 8th at the Orlando Omni Championsgate to discuss Zebra’s real-world mobility solutions that give them an advantage over competitors. He will share the stage with fellow panelist Todd Stankiewicz, Senior Manager Information Systems at The Home Depot, and moderator Andy Cauffman, Zebra Account Manager for the Home Depot.

Read More