Tag Archives: Apps

At Dreamforce, Salesforce applications take center stage

Apps, Einstein and Quip are expected to be the focus at Dreamforce, with Salesforce keeping any new clouds it may be building under wraps.

For its first 18 years, Salesforce focused inward, building its clouds and the infrastructure to support them. This year, with many business processes covered by one cloud product or another, Salesforce is turning its attention outward — to the applications side of the aisle — hoping that building out its community of developers will help propel new growth.

Salesforce applications will be a big focus at the start of Dreamforce, the company’s annual conference, which is expected to draw more than 170,000 attendees, according to a recently published report by USA Today. In its initial announcements ahead of Dreamforce, Salesforce focused on existing products and how to improve the user experience, including a bevy of app-building tools.

Einstein apps and bots

The company’s apps can now be embedded into Einstein with the release of myEinstein, which allows users to create custom AI models. Salesforce Einstein AI bots can also employ artificial intelligence to assist with customer service workflows. Einstein Prediction Builder enables admins to craft AI models that predict business outcomes.

Salesforce Einstein AI was the big reveal at last year’s Dreamforce — the accumulation spending more than $1 billion on AI-centric companies. And while no new clouds or platform-wide products were unveiled this year, some analysts see this year’s Dreamforce as a Part Two to last year’s Part One.

“It’s an evolution from what [Salesforce] talked about last year,” said John Bruno, principal analyst at Forrester Research. “Right now, Einstein is still in the early adopter phase. That being said, the stuff Salesforce has done has matured [Einstein] over the past year.”

Apps extend to Apple, Google stores

One key example of that, according to Bruno, is the availability of Einstein Prediction Builder, which allows companies to embed AI functionality into its own business processes.

“Prediction Builder is Salesforce stepping out and saying, ‘Everything you’ve known Salesforce to be as a platform is in the past,'” Bruno said. “Prediction Builder is the next generation of that. Salesforce placed its bets on AI being the future, and, if that’s the case, you can’t rely on the first-party capabilities you put out there.”

Beyond improving and building out Einstein, Salesforce released several other upgrades, many of which focused on building Salesforce applications and company branding.

The Salesforce mobile application will go from Salesforce1 to mySalesforce — allowing for employees at all levels to build custom Salesforce applications. App builders can also publish Salesforce applications to the App Store or Google Play with a Listing Wizard capability. Lightning received the app upgrade with myLightning, including better branding capabilities and an improved App Builder.

Quip makes collaboration push

Quip also received an application-centric upgrade, with Live Apps embedding real-time collaboration and document viewing, a calendar app that can be used to track projects, and workflow templates for quick document and spreadsheet use for specific industries and projects.

The added collaboration features for Quip can lead to the question of whether this is Salesforce positioning itself to challenge the Slacks and Microsoft Teams of the world. Salesforce denies any posturing, saying that Slack remains a partner.

Salesforce wants to be the one place where employees conduct all of their work-related activities.
Bill Quinn, director of customer experience solutions, Tata Consultancy Services

“Slack and Quip are allies in changing the way people work, and Slack continues to be a great partner of ours,” said Rafael Alenda, vice president of marketing at Quip. “Slack has seen success in communication, while the Quip Collaboration Platform is focused on document, collaboration and, in the end, transforming the enterprise culture into something much more modern, less reliant on emails and less reliant on meetings.”

Alenda added that with an open API, Quip could be embedded into other document-based tools that customers use.

While Salesforce continues to play nice with Slack, others see it as the company subtly positioning itself into the growing collaboration market.

“I think they’re essentially working to make Salesforce the ‘hub’ for all the work you do as an employee,” said Bill Quinn, director of customer experience solutions at Tata Consultancy Services, based in Mumbai, India. “Salesforce wants to be the one place where employees conduct all of their work-related activities. It started with Chatter but has grown with Quip.”

To help companies with development of Salesforce applications, Trailhead has also been expanded into myTrailhead. The move allows customers to create custom learning pages with their own content and branding to assist with onboarding and company-specific skills.

More information regarding these features and other future features will be released throughout the week at Dreamforce. Be sure to check back to SearchSalesforce for updates.

Helping customers compete and accelerate innovation with the cloud, AI and a new approach to Talent

Ever since the mainframe, customers have been dealing with business apps that were little more than forms, over siloed data, tied to monolithic CRM and ERP suites that were hard to customize. We believe we can do better. Today, at our Business Forward event in Chicago, Judson Althoff, James Philips and I are excited to meet with business leaders from a range of industries to share how Microsoft Dynamics 365’s modern, unified, intelligent and adaptive business apps can help them innovate and compete.

Dynamics 365 is already helping more organizations, than ever before – in fact, more than 60 percent of the Fortune 500 industrial companies. Last week, we highlighted how several of these organizations plan to accelerate their own digital transformation, including HP, Inc., who will be using Dynamics 365 AI solutions for intelligent customer care and service, along with the U.S. Department of Veterans Affairs and the Seattle Seahawks who are using Dynamics 365 to reinvent ways they connect with people and deliver improved experiences.

United Technologies enhances customer experiences with Dynamics 365 intelligence

Today we’re excited to welcome United Technologies Corporation (UTC), to that family of customers, and announce a strategic agreement designed to help UTC leverage Dynamics 365 and Azure to optimize its sales, customer care and field service operations.  For example, UTC will use Dynamics 365 to empower service technicians and sales teams in its Otis Elevator business. This will provide them with a unified view of the customer relationship and real-time elevator health data to enable predictive maintenance, dynamic field dispatching and a more seamless customer experience.

UTC manufactures and services millions of products for customers in the commercial aerospace and building industry that move the world forward. We are excited to partner with them to respond more quickly to sales opportunities with automation and intelligence, predict maintenance by operationalizing product data and empower thousands of service technicians in the field with mobile connectivity.

Make modern talent experiences a competitive differentiator

Extending our momentum with customers – and the incredible customer experiences we can deliver together – I’m also excited to share new innovations we are delivering to help our customers transform how they empower their people – arguably their most important resource.

Today’s human capital management systems are subject to the same challenges I see in most business applications – siloed, complicated and difficult to extend to embrace new opportunities. With Dynamics 365 for Talent, we take a modern approach helping you start where you are, allowing you to transform HR at your pace. We augment your existing systems of record with modular, intelligent cloud apps focused on critical scenarios. The result: immediate benefits, little to no disruption, and the flexibility to add new capabilities however and whenever you want.

Generally available today – Dynamics 365 for Talent: Attract and Onboard modular apps

These new modular applications can help you capture the best talent and shorten time to impact by offering a smooth and transparent candidate and new hire experience, then streamlining the hire to onboarding experience for employees and hiring managers.

Dynamics 365 for Talent: Attract puts LinkedIn knowledge, Office 365 integration and Microsoft AI to work to help hiring managers capture top talent and streamline a time-consuming, expensive hiring process, from initial candidate application to offer acceptance. Attract offers a simple out-of-the box process flow, configurable for more sophisticated needs, with centralized candidate profiles, scheduling intelligence, and engaging web and mobile experiences for both interviewers and candidates alike.

Dynamics 365 for Talent: Onboard integration with Office 365 and LinkedIn helps set new employees up for success. With it, you can create personalized onboarding experiences that get new hires engaged before they even join the team. A clear onboarding checklist, important resources and a pre-built network of key contacts help accelerate their ability to deliver impact and we give you an up-to-date view of their experience through a consolidated HR profile.

Customers can purchase and deploy the modular apps on their own to rapidly augment the rest of your human resources technology. They are also included as part of our comprehensive human capital management platform, Dynamics 365 for Talent.

Start with your own team and evolve your company’s conversation about talent

You can even get started using Attract and Onboard for just your team, or department, while continuing to work with HR and official systems of record by signing up for a free 60 day trial of Dynamics 365 for Talent: Attract or Dynamics 365 for Talent: Onboard.

Attract and Onboard are available for purchase directly from the web:

In closing

From new modular applications to transform how you engage with new hires, to cutting edge AI deployed against streams of data from IoT devices that quite literally move the world around us, Dynamics 365 offers our customers a platform to transform their business, one critical business process at a time. Learn how we can help by visiting our comprehensive overview of Dynamics 365 or finding out more about new capabilities we are bringing to market through our long term Dynamics 365 Roadmap.

Scality Connect ports S3 apps to Azure Blob storage

Object storage vendor Scality is moving to connect Amazon S3 apps to Microsoft Azure Blob storage in multicloud setups.

Scality Connect software, which launched last week, can help customers overcome the hurdle of porting an application based on the Simple Storage Service (S3) API to Azure Blob storage.

Scality plans to announce in December advanced Amazon S3 API support, along with versioning and a bucket website, said Wally MacDermid, vice president of business development for cloud at Scality, based in San Francisco.

John Webster, a senior partner at Evaluator Group in Boulder, Colo., said the multicloud play will be of particular interest to the DevOps groups within organizations. Many developers spend a great deal of time doing API modifications to applications.

“Anytime you can relieve the user of that burden is good. [Lack of interoperability] is a big issue. This is the last thing customers want,” Webster said of the need to modify APIs. “They just hate it. They have to modify APIs to work with other APIs.”

MacDermid said there is no hardware requirement for Scality Connect.  It is included as a stateless container inside an Azure subscription. Connect stores data in the Microsoft Azure Blob storage native format, and the container runs in a virtual machine within the customer’s subscription.

“We don’t hold any data. We just pass it to the Azure cloud,” MacDermid said. “An application that works on S3 can run in Azure without requiring any modification in the code.

“Once the data is up in Azure, you can use the Azure management services on top of it.”

Scality Connect makes it easier for developers to deploy applications within Microsoft Azure and use its advanced services. The software is available through the Azure Marketplace.

The Microsoft Azure and Google clouds do not support the Amazon S3 API, which has become the de facto cloud standard in the industry. That means the Azure Blob storage does not talk to the Amazon S3 API, which limits a customer’s ability to use multiple clouds.

“One side talks S3, and the other side talks the Azure API, and neither talks to each other,” MacDermid said. “This is a problem not only for customers, but for Azure, as well. [Microsoft] would admit that. The Scality Connect runs in the Azure Cloud. It gets your data up to the Azure Cloud and allows you to use the Azure services. We are the translation layer.”

Scality Connect is not the vendor’s first multicloud initiative. Scality in July unveiled its Zenko open source software controller for multicloud management to store data and applications under a single user interface no matter where they reside, including Scality Ring. It helps customers match specific workloads to the best cloud service. Zenko is based on the Scality S3 Server.

Your favorite apps—now available in Outlook on Android

Earlier this year, we launched add-ins for Outlook on iOS—bringing your favorite apps right in Outlook—so you can get more done on the go. We are now rolling out add-ins to Outlook on Android customers with Outlook.com and Office 365 commercial email accounts. Additionally, we’ll be bringing add-ins to Gmail customers on iOS and Android soon.

This launch will bring some of the most loved Outlook add-ins from iOS to Android, including Evernote, Microsoft Dynamics 365, Microsoft Translator, Nimble, OnePlaceMail, Outlook Customer Manager, Smartsheet, and Trello. We will also be launching several new add-ins for Outlook—including Wrike, JIRA, MeisterTask, Gfycat, and MojiLala. These add-ins will be available for Outlook customers across the web, Windows, Mac, iOS, and Android.

Get more done on the go with add-ins for Outlook

Add-ins help you accomplish tasks quickly—right from Outlook. Whether you want to save an email to your customer relationship management app, quickly add email content to your project board, translate emails on the fly, or add a bit of flair and personality to emails—add-ins have you covered. There is no need to switch back and forth between apps or copy/paste email information. With add-ins, your favorite apps are just a tap away in Outlook.

To start using add-ins for Outlook on iOS or Android, go to Settings > Add-ins and then tap the + sign next to the add-ins you want to enable.

Here’s a closer look at the new add-ins:

Wrike—A powerful online project management software for teams. The Wrike add-in for Outlook keeps you on top of work projects by enabling you to quickly capture your team’s communications in one place—giving team members greater visibility into work and making the team more productive. To use the Wrike add-in, tap the Open Wrike add-in icon to create Wrike tasks from emails, view and edit tasks, and collaborate in real-time—without leaving Outlook.

Animated image showing the how to convert an email to a task using the Wrike add-in.

Stay on top of your work projects by quickly associating any email with a Wrike project.

JIRA (by Yasoon)—Designed specifically for software teams, JIRA provides best-in-class agile tooling, deep developer tool integrations, and a single repository for every step in your software project’s lifecycle. The JIRA add-in for Outlook helps you stay on top of software project issues and communication with customers, partners, or vendors by enabling easy tracking of your project’s progress, right from Outlook. Tap the New issue or Add to issue icon to create a new issue or update an issue using content from email and attachments. Tap View issues for an overview of open issues and due dates for the current conversation or sender.

To keep your business data safe, your JIRA administrator must configure a secure connection to JIRA first. See Getting started with JIRA for Outlook for more information.

Animated image showing how to open an issue related to a project using the JIRA add-in.

Use the JIRA add-in to create and update issues using email content.

MeisterTask—A highly intuitive task manager that adapts to your team’s workflow. The MeisterTask add-in lets you quickly save emails as tasks in your project board—without needing to copy/paste or re-enter the content into another app. To use the MeisterTask add-in, tap the Create Task icon to quickly create new tasks from incoming emails, assign them to your coworkers, and easily access task details.

Animated image showing how to convert an email to a task using the MeisterTask add-in.

Stay on top of your work projects using the MeisterTask add-in.

Gfycat—Discover and share awesome GIFs to make your emails more engaging, expressive, and fun. Congratulate your coworkers or thank them for a job well done with the new Gfycat add-in for Outlook. To use the Gfycat add-in, tap React with Gfycat to search for the GIF you are looking for, such as “Congratulations” or “Thank you.” The selected GIF will then be sent as your reply—adding a touch of your personality to the conversation.

Animated image showing how to search for a GIF image to send as a reply to an email using the Gfycat add-in.

Easily discover and share awesome GIFs, right from Outlook using the Gfycat add-in.

MojiLaLa—Designers bring you their best stickers to help you share emotions and communicate with one another around the world. The MojiLaLa add-in adds color, imagination, and humor to your emails. To use the MojiLaLa add-in, tap the Reply with MojiLaLa icon and then search for a sticker, such as “Great work” or “Happy Birthday.” The selected sticker will be sent as your reply.

Animated image showing how to search for a sticker to send as a reply to an email using the MojiLaLa add-in.

Add fun, humor, and a touch of personality to your emails using the MojiLaLa add-in.

In addition to these new add-ins, several existing add-ins available for Outlook on iOS will now be available on Outlook for Android, including:

  • Evernote—Easily save emails from Outlook to a project notebook in Evernote.
  • Microsoft Dynamics 365—Quickly look up customer contacts, associate an email or appointment with an existing opportunity, or create new records with just a few taps.
  • Microsoft Translator—Translate email messages on the fly, with support for 60+ languages powered by Microsoft Translator.
  • Nimble—Get insights on any contact in Outlook, including broad social profiles, shared relationships, mutual interests, industry and company profile, revenue, and more.
  • OnePlaceMail—Seamlessly save emails and attachments to SharePoint without leaving the familiar Outlook environment.
  • Smartsheet—Easily manage your work and collaborate with stakeholders in real-time by quickly creating, assigning, and updating tasks and capturing other project information right from your email.
  • Trello—Quickly associate any incoming email with an existing board, create cards, and edit descriptions. In addition, the Trello add-in has now been updated to save email attachments to your Trello board.
  • Outlook Customer Manager (coming soon)—Track and grow customer relationships right from Outlook.

Try the new Outlook add-ins and send us your feedback

Add-ins bring your favorite apps right into Outlook, so you can accomplish more, faster. We hope you give them a try. If you have feedback or suggestions on adding your favorite apps in Outlook, visit the Outlook for Android UserVoice—we’re eager to hear from you!

Developers—If you are a developer looking to build add-ins for Outlook, check out the Outlook Dev Center for more resources.

—The Outlook team

Frequently asked questions

Q. How do I enable add-ins for Outlook on iOS and Android?

A. To start using add-ins for Outlook on iOS or Android, go to Settings > Add-ins and then tap the + sign next to the add-ins you want to enable. For detailed steps, refer to our support article. Note that add-ins for Outlook on iOS and Android are currently available when reading email.

Q. Why do the animated images in the blog look different from what I currently see on my Outlook on Android device?

A. The animated images in the blog show the new conversation experience that is coming to Outlook on Android customers over the next few weeks. It is already available to customers using Outlook on iOS.

Q. I have Outlook on Android with an Outlook.com or Office 365 commercial email account, but I still don’t see the add-ins.

A. Add-ins for Outlook on iOS and Android are rolling out to all Office 365 commercial customers and Outlook.com customers over the next few weeks. If you have an Office 365 commercial email account (a mailbox in Exchange Online) or Outlook.com email account, you should be able to see the Add-ins section in the settings tab over the next few weeks.

Q. When will add-ins be available to Gmail users?

A. Add-ins for Outlook on iOS and Android will be available to customers with Gmail accounts in the next few months.

Q. As an administrator, how do I manage access to add-ins for my organization?

A. Administrators can manage access to add-ins for users in your organization using the Exchange admin center. For more details, refer to the Add-ins for Outlook TechNet article.

Windows DevOps tools rehab legacy enterprise applications

As Microsoft shops struggle to modernize legacy apps that weren’t designed for distributed cloud environments, they must also rethink the infrastructure where these apps are deployed.

Most enterprises have at least one application that’s so old, no one on the current IT team recalls how it was written, nor understands the finer intricacies of its management. Now, these companies must weigh the risks and costs to refactor these apps for a cloud-first, continuously developed world.

“It’s always an investment to replace something which does exactly what you need, but it’s just old software,” said Thomas Maurer, cloud architect for Switzerland-based itnetX, a consulting firm that works with large enterprise clients in Europe. “Traditional, classic enterprise apps cannot just be migrated into the DevOps world in a nice way — they may have dependencies on legacy code, or they’re not designed to scale out.”

Windows DevOps tools have improved, and IT shops are finding ways to link them together. But many client-server apps in the Windows world, particularly rich-client apps, don’t lend themselves well to continuous development or rapid provisioning, said Chris Riley, DevOps analyst at Fixate IO, a content strategy consulting firm based in Livermore, Calif., and a TechTarget contributor. Riley has developed Windows applications, such as SharePoint.

Some standard client-server applications must be compiled before they are tested. Dependencies and prerequisites also bog down legacy Windows apps; installing older versions of SQL Server or SharePoint takes days. Some legacy Windows environments also function best when apps are installed locally on the developer’s machine, whereas web and mobile applications typically integrate with REST APIs and avoid binary codes on a local machine, Riley said.

Without the ability to spin up development and test environments easily, organizations tend to reuse one test bed.

“This severely limits when you can do your testing, because you don’t want to pollute that environment, or make a mistake and rebuild it,” Riley said. “Whereas in DevOps, it should be easy to make a mistake — you actually want to do that and move forward.”

Windows DevOps tools give legacy apps a makeover

If organizations decide to refactor legacy apps to run in a more cloud-native fashion, they can first use tools and services from Microsoft partners to help make those apps more efficient to test and deploy.

“Skytap and CloudShare provide on-demand environments for these tools,” Riley said. “So, you can spin up a new database environment in 15 minutes instead of days, and then delete it, then spin it up again.”

The two companies take different approaches to hosting legacy apps on flexible cloud infrastructure. For example, Skytap Cloud supports more, older versions of Windows than Microsoft does, so customers can modernize apps at their own pace. CloudShare’s on-demand versions of Windows apps, meanwhile, are “somewhere between hard [and] impossible to run on the commodity clouds like Amazon [Web Services],” said Muly Gottlieb, the company’s vice president of R&D.

CloudShare, a 10-year-old privately funded Israeli SaaS company, lets users set policies and spin up and down dev and test environments with complex traditional apps, such as SharePoint and SQL Server. The service can accommodate customers that aren’t a good fit for Azure Cloud services, such as VMware shops that support legacy Microsoft apps.

Legacy apps set up in CloudShare’s environment can circumvent problems around fast and ephemeral provisioning and provide workable dev and test services in Windows DevOps shops.

“In the past, developers would all share five or 10 master labs, which is bad for velocity, and lab scarcity is a productivity-killer,” Gottlieb said. With this approach, code is not always reproducible, and environments spun up from snapshots aren’t always consistent.

Electric Cloud has a similar offering in the Windows DevOps tools arena, called ElectricAccelerator, which automatically parses legacy apps into distributed form and speeds up dev and test. Startups such as IncrediBuild and Thriftly also look to optimize dev and test for legacy Windows apps. Third-party services, such as Zapier, attach REST APIs to legacy applications and bring them a step closer to the Windows DevOps world.

Good ol’ trusty VMs can give Windows apps a leg up

For on-premises IT organizations, advanced automation features within virtual machines also provide a steppingstone to modernize with containers and microservices.

“There are ways to build this agility, and it’s going back to taking another look at how we use virtual machines,” Riley said. “Companies can treat VMs exactly how they were supposed to be treated, which is more like containers.”

Companies can treat VMs exactly how they were supposed to be treated, which is more like containers.
Chris RileyDevOps analyst, Fixate IO

Enterprises can use a VM template with heavy applications to spin up and delete environments for virtualized legacy apps. It’s not as fast as containers, but there’s much more agility than what users may have had previously, Riley said. VM templates can call for Microsoft Visual Studio to be automatically installed at startup and linked to a source repository, so developers could pull down a branch, write code, test it, commit and destroy the environment — and then do it all over again in a new VM.

VM-based automation works well with rich-client apps, where heavy dependencies and prerequisites make it tricky to test functions with Windows DevOps tools, said Anthony Terra III, manager of software architecture and development at a law firm in the Philadelphia area.

“The only difference is that you need to run that rich-client application in a shell or a separate VM,” Terra said. “Normally, we have that VM already built, deploy the code to the VM and run it that way.”

Terra’s company also uses a Microsoft database tool called a Data-tier Application Component Package (DACPAC) to smooth the delivery of updates to SQL Server VMs.

“You have the ability to create, change and delete tables, but it never actually interacts with the database,” Terra said of DACPAC. “It creates a change set file, which can be run against any database that has the same structure.”

When code is deployed to dev, test or quality-assurance infrastructures, the Windows Microsoft DevOps tool Team Foundation Server calls on DACPAC’s change set file and applies the changes to the database environment. Terra’s firm has added some safety guards: If a change could cause data loss, for example, the build fails.

The firm plans a move to containers in the coming year, but for now, VMs can slot in with Windows DevOps pipeline tools for a more consistent process.

“You’re not having people build VMs anymore because a tool is building them,” Terra said. “There is some fear in adopting something like that, but I think it’s misplaced, because it’s not like there’s less work because of it — the work you’re doing is just more focused on what’s around it.”

Beth Pariseau is senior news writer for TechTarget’s Data Center and Virtualization Media Group. Write to her at bpariseau@techtarget.com or follow @PariseauTT on Twitter.

Better team messaging app security could boost enterprise adoption

Team messaging tools have been available for a few years, but use of these apps has been departmental in nature. Typically, small and agile project-based teams have picked one of many vendors and worked more efficiently than with traditional collaboration tools. Other business communication tools went through similar adoption cycles. 

Remember the early days of chat? Business users downloaded AOL Instant Messenger, Yahoo Messenger or a range of other applications. Eventually, many businesses standardized on certain tools, such as Cisco Jabber and Microsoft Office Communications Server, Lync or Skype for Business.

The transition from ad hoc adoption to an enterprise standard happens when businesses need enhanced control, security and analytics to understand the use of the app and protect the organization from unnecessary risk. 

Tighter security for enterprise-wide adoption

As the use of team messaging becomes more widespread, businesses must choose a product with enterprise-grade controls and security. Without these features, a company might find its data scattered over multiple platforms, making it difficult to secure and to meet compliance requirements. 

Also, purchasing apps in an ad hoc manner might be fine with a small amount of users. But, as the population grows, corporate standardization has a number of benefits, such as policy development, application integration and license agreements.

IT and business leaders should get a handle on team messaging now, as the number of users is still relatively manageable.

IT and business leaders should get a handle on team messaging now, as the number of users is still relatively manageable. Decision-makers should ensure their service — whichever one they choose — offers the required level of security and management to scale the product across the company.

Highlighting this need for security, Cisco recently beefed up its Spark collaboration service, hoping to get it ready for the next phase of adoption. The Cisco Spark updates, announced this week, include:

Enhanced security. Security has always been a differentiator for Spark, as it’s the only platform to encrypt data from the cloud to the device. This security feature is critical for groups that want to share sensitive information, such as financial data or patient records.

Cisco has now added an e-discovery tool to search through Spark messages by email address, date range or keywords. This feature has been standard with email for many years and is important for legal reasons.

Compliance improvements. Spark now has configurable retention policies, so data can be purged from Spark spaces as determined by company policy.  Activities, shared whiteboards, files and messages can be deleted.

Also, through APIs, Spark can integrate with third-party data loss prevention vendors and cloud access security brokers. Third-party vendors that integrate with Spark for compliance or data loss prevention include Actiance, Symantec, Skyhigh Networks, Global Relay and Cisco Cloudlock.

Administrator portal and analytics. The Cisco Spark Control Hub provides administrators with information that could improve the end-user experience. For example, administrators can use the portal to see who had poor call quality, where the person was calling from and whether it was isolated to that individual or more widespread.

Also, the portal shows usage information for Cisco Spark, WebEx and Spark Hybrid, which can be helpful for different business-related tasks. For example, if Spark was provisioned across a company, the business unit leader can find out who is not using the service and determine if training is required or the license should be revoked.

Another use case might be to compare the use of WebEx and Spark to worker productivity. The business leader may find a direct correlation and mandate the usage of the collaboration tools. Through the portal, enterprises can access a range of data that can deliver insights to business unit leaders, security officers and other responsible parties.

Cisco Spark updates
Cisco Spark updates include extensive analytics and usage reports.

BYOD enablement. The use of personal devices by business users is rampant today. Almost every professional carries some combination of a laptop, tablet and mobile phone, often owned by the individual. With personal devices, it’s often difficult to enforce such things as password-protected screens. Since IT can’t control the endpoint, Cisco moved some of the security to the app. 

Cisco Spark now includes PIN lock and Web Smart Timeouts; the latter lets the Spark web app automatically lock after a certain time when running off the company network. The updates also include Enterprise Certificate Pinning, which protects users from breached public hotspots without requiring the use of a virtual private network.

On-premises key server. All Spark data is stored in the cloud, and that seems to be fine with most customers. However, many organizations, such as regulated verticals or ones that are ultra-security-conscious, may want better control over that content. For those customers, Cisco offers an on-premises key management server where the data may still be stored in Spark Cloud, but the key management is done on premises.

Now, if the Cisco Spark service is attacked, the data will appear encrypted and unreadable. This essentially creates the security equivalent to maintaining the storage on premises.

Cisco Spark is not for everyone, as there is a wide range of controls. However, the features Cisco has built into Spark do prepare it for enterprise-wide usage.

Editor’s note: Cisco is a client of ZK Research.

Cross-platform app support settles on web development

SAN DIEGO — Cross-platform apps are the future of enterprise software, but it’s not that easy for many organizations to adopt them.

To create an application that works across different operating systems and form factors, developers must focus on making its internal architecture compatible with multiple platforms, not necessarily focus on its front-end interface. But the options for deploying these types of apps can be expensive, so a compelling alternative for many organizations is to develop web apps.

“Web technologies are more than capable of delivering really high-end user experiences,” said Kirk Knoernschild, research vice president at Gartner. “Web has maximum portability to different form factors.”

Knoernschild and IT professionals discussed the challenges of cross-platform app development and deployment here at this week’s Gartner Catalyst Conference.

Cross-platform apps a hard sell

Whether an organization builds a cross-platform app in-house, hires third-party developers or purchases the app from a software provider, it can be a costly proposition. And it’s difficult to convince the business to spend money on technology that does not directly provide a financial return on investment.

“The savings are hard to quantify,” said Chris Haaker, director of end user computing innovation at Relx Group, a business information and analytics provider in Miamisburg, Ohio. “If this made you 20% more productive, can you show that?”

The last thing you want to do is deliver a compromised user experience.
Kirk Knoernschildresearch vice president, Gartner

Haaker’s branch of the global company has no in-house or third-party developers and instead buys any software it needs directly from vendors. Eighty percent of employees there use smartphones for work, mostly for corporate email access, but the office can’t afford to hire mobile developers, Haaker said. So a few tech-savvy interns are building web apps that can work across different operating systems instead.

“If we could have an app for all endpoints, that’s a place I would love to get to,” Haaker said. “That’s wonderful.”

But for now, unified app development is too new of a concept for the company to invest in, he said.

“There’s got to be somebody at the top that’s going to buy into that,” he added.

Low-code cross-platform app dev

One way organizations can develop cross-platform apps with less cost and effort is through low-code development tools. Rollins Inc., a global pest control services company based in Atlanta, used OutSystems to create a web app that helps employees track service information and communicate with customers.

The responsive web app adjusts the interface to suit the endpoint, whether it’s a desktop in Rollins’ offices or on salespeople’s iPads out in the field. OutSystems, which allows companies to build web, mobile or cloud apps, lets Rollins build dashboards that show customer site maps, the pests prevalent at those sites and other information.

“You can see, does this customer’s contract cover bees?” said David Christian, manager and senior architect at Rollins. “If it does, we can send out a technician to deal with that.”

The web approach is common today because it means developers can use a single code base to write an app that works across multiple endpoints. When organizations don’t have to write multiple versions of the same app, it often results in cost savings.

“It’s something we’re seeing more and more of in development teams, but it has to be for the right use case,” Knoernschild said. “The last thing you want to do is deliver a compromised user experience.”

Native mobile apps often provide more device-specific capabilities, however, so responsive web apps aren’t always the best choice.

“You’ve got more things available when you code for native mobile,” Christian said. “[A web app] won’t be quite as responsive. The phone format is not the best format for some of the larger dashboard views.”

Cross-platform app support

To make it easier to deploy cross-platform apps and ensure their security, IT must limit users’ device and operating system choices, said Andrew Garver, research director at Gartner, in a Catalyst session.

“This is not giving users what they want all the time,” he said. “It’s an art to maximize productivity through the benefits of end user choice while balancing your risk requirements.”

To prepare for a future where apps are independent of operating systems and devices, organizations must also ensure that they don’t rely on a single OS or OS version, plug-in, browser or browser version, Garver said. They should also plan for emerging device types, such as wearables, he said.

For successful cross-platform app support, IT departments should follow these steps, Garver said:

  • Identify gaps in IT skills and start to fill them.
  • Make it clear to business leaders that cross-platform computing is not a single project, but rather a long-term approach that will evolve.
  • Merge disparate IT teams that need to work together, such as desktop and mobile groups.

“It’s just a matter of getting all of us moving in the same direction,” Haaker said.

Get ready for fall with Back-to-School Discounted Apps Collection in the Windows Store – The Fire Hose

If you’re getting ready for fall classes and activities, the Back-to-School Discounted Apps Collection in the Windows Store has some great deals.

They include 20 percent off Complete Anatomy in-app purchases, 30 percent off Stagelight in-app purchases and 50 percent off Movie Edit Plus Pro Windows Store Edition.

Find the Back-to-School Discounted Apps Collection in the Windows Store. Also, keep up with what’s hot, new and trending in the Windows Store on Twitter and Facebook.

Vanessa Ho
Microsoft News Center Staff

Tags: Windows Store

Mobile data theft a risk from shared app libraries

Researchers said shared third-party libraries used by many mobile apps could increase the risk of mobile data theft through “intra-library collusion.”

The issue was detailed by Alastair Beresford, teaching fellow at Robinson College in Cambridge, England, and Vincent Taylor and Ivan Martinovic, a doctoral student and associate professor, respectively at Oxford University, in the paper, “Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones.”

According to the researchers, the issue has often been overlooked because mobile security “has typically examined apps and third-party libraries in isolation.” However, they claim these shared libraries could cause more damage if used together for mobile data theft.

“This attack, which we call intra-library collusion, occurs when a single library embedded in more than one app on a device leverages the combined set of permissions available to it to pilfer sensitive user data,” the researchers wrote. “The possibility for intra-library collusion exists because libraries obtain the same privileges as their host app and popular libraries will likely be used by more than one app on a device.”

The team studied 30,000 smartphones and found that, because different apps are allowed different permissions, a malicious actor could combine the access granted to each app in order to build a user profile or perform mobile data theft.

Matthew Rose, ‎global director of application security strategy at Checkmarx, an application security software vendor headquartered in Israel, said there were a number of ways a shared library might be infected by a malicious actor.

“Typically third-party libraries are maintained by a group of people who maintain the code base. Since these libraries have many contributors it is sometimes difficult to have one person responsible for the entire library code base which can potentially allow malicious code to be inserted,” Rose told SearchSecurity. “There is also the question of these libraries inheriting functionality from other code bases so there are definite tradeoffs in terms of risk versus the utilization of existing third party libraries.”

The researchers said advertising libraries could be granted additional permissions to make this kind of attack more dangerous. The researchers wrote that libraries can track users without their consent.

The research focused on Android due to “the availability of data on lists of apps installed on Android devices,” but the team noted that they believe their insights would also hold true on iOS “due to similarities in access control and app deployment.”

Neither Google nor Apple responded to requests for comment at the time of this post.

Mobile data theft and permission creep

Unfortunately, the researchers had no easy answers for mitigating the threat of mobile data theft from intra-library collusion. The researchers noted that one approach would be to limit the permissions granted to these libraries, but doing so might hamper the ability of developers to monetize their apps, which “could serve as a deterrent to new app developers entering the market and thus the end users may ultimately suffer from reduced content.”

If the permission request is not in line with what you intend to use the app for then do not install it or grant the permissions.
Matthew Roseglobal director of application security strategy, Checkmarx

Additionally, the team suggested that the companies running the app stores or even nation states could enact policies or laws to detect and remove malicious third-party libraries, but each approach would be problematic. Detection would be difficult because apps can have legitimate reasons for sending data off-device, and enforcement may not scale beyond an app-by-app basis.

John Bambenek, threat intelligence manager at Fidelis Cybersecurity, said “it is very likely that a malicious library would remain undetected,” but noted there are easier paths to mobile data theft.

“In order to perform this attack, a malicious individual would need to create a library that then is used by multiple applications. They would then need to convince users to download an app [or multiple apps] with many permissions,” Bambenek told SearchSecurity. “In the real world, a malicious individual would just get a victim to install an application with a lot of permissions in the first place because it is more direct and easier. I wouldn’t expect this to be weaponized in the short-term by criminals.”

Rose said the more important issue was that “people need to be cognizant of what permissions a mobile app is asking for when they install it.” 

“Does the app really need to have access to your file system, geo location, or camera? Think about what the intended usage is for the mobile app and ask yourself if it is asking for more permissions than it actually needs,” Rose said. “If the permission request is not in line with what you intend to use the app for then do not install it or grant the permissions.”

Bambenek said developers also need to be careful to make sure it doesn’t appear their apps are attempting mobile data theft through permissions overreach.

“Mobile developers, and developers in general for that matter, need to always focus on secure coding and, in particular, least privilege,” Bambenek said. “Adopting a development model that writes code doing only what is necessary for it to do and little else would help greatly.”