pingpal.io

pals@pingpal.io

Enterprise Mobile Strategies - how to survive BYOD And mobile networks

The Secure Communication and Positioning Service Ephemeral | Anonymous | No data stored | Military grade encryption

pingpal.io

Are you ready for BYOD?

Here comes BYOD, Bring Your Own Device.

A lot of the traffic, internal corporate and with customers and market,

will be outside firewalls to mobile devices owned by the employees,

on public networks. A lot of sensitive corporate data must be stored locally

in the device to ensure that for instance sales people has updated and correct CRM data when visiting customers.

Employees will communicate internally on consumer tools like WhatsApp. This is not the safest environment,

rather more or less a ticking bomb. Gartner expects that by 2017, “40% of enterprise contact information will have

leaked on to Facebook via employees’ increased use of mobile device collaboration applications.”

To unlock the full potential of enterprise mobility, IT needs to allow people the freedom to seamlessly access all

their apps and data from any device, company owned or private.

It is now time to recover lost grounds and include secure mobility in your IT strategy.

pingpal.io

Being mobile means that you need to communicate.

The users discuss and share restricted corporate data on

their BYO devices, on open public networks.

When using “traditional” telecoms like voice call or SMS, your

security is in the hands of the operators.

When using Gmail, we know that Google scans all user mails for keywords for their business purposes.

When using Instant Messaging your users will use the same tools as they do privately, for instance

WhatsApp, now owned by Facebook.

And mobile devices are more easily lost or stolen with all that restricted data still in the device.

Being mobile means communication

pingpal.io

The best way to protect

Private information,

is to have no information

to protect

pingpal.io

You need a well-defined mobile strategy for your enterprise, no matter what size you are. This is the

necessary foundation for your important decisions on various mobile frameworks, development tools to

use, devices to support and mobile development providers.

Listen to the app agencies promoting their favorite tools, but decide on what’s best for you long term, not

the cheapest offer today.

9 Important aspects to consider

Security, safety

and integrity when

out of office

pingpal.io

pingpal.io

Have a common framework for authentication and

authorization of your mobile apps as they are more

vulnerable than desktop or web based applications protected

by the company firewall. Consider the whole transport

mechanism for all your applications, internal messaging, etc.

You need a secure “pipe” for everything.

The most common solutions for this are VPN’s and Mobile

VPN’s. A VPN provides an encrypted tunnel through the

Internet between your device and a VPN server. This is

called a tunnel, because unlike other encrypted traffic, like

https, it hides all services, protocols, and contents.

Depending on the actual network state (coverage, signal

strength, etc), there might be problems since the mobile

networks response time can be high and VPN connections

are very sensitive regarding response time. This is due to

security concerns but it means that a slow response might

interrupt a VPN connection, making it very difficult to work on

the corporate network from a mobile device.

A VPN connection is set up once, and only terminates when

you decide, but the tunnel is disconnected if the client loses

network connectivity or due to inactivity. This makes it a good

solution for a more permanent or continuous connection to

the corporate network, as long as you have a good enough

Internet connection. But it is highly impractical for e.g.

messaging that is more sporadic in its nature.

When using VPN from a mobile device all Internet traffic,

disregarding if it is corporate or private, will have to pass

through the company firewall.

You will also have to take into account management of

temporary (e.g. consultants) users, letting people participate

in secure discussions without connecting them to restricted

services inside the firewall.

1. Security and Privacy Outside the Firewall

No corporate data stored, no data lost

pingpal.io

pingpal.io

Mobile devices are used anywhere, often over untrusted

networks, with a significant potential for loss or theft You

must be able to remotely lock a lost device and wipe off

selected corporate data as well as emails, chat

conversations, etc.

The same goes for employees leaving the company and

consultants/sub-contractors that bring their own devices.

The solution must reduce the risk of leaking data by mistake

or by theft and it is here that the auto-deleting, or ephemeral,

mechanisms come in. Snapchat has popularized the auto-

deleting images for casual communication. The same kind of

mechanism can be used for any type of messaging or

corporate data when it is controlled by a specific app.

Possible ephemeral triggers are, for instance, deleting after a

set number of views, or at a set time, or by using a geofence;

“this information must not leave this building”.

You should also be able to push newer apps or versions of

apps to every employee so that everyone runs the same

version, as you have the app store update mechanisms for

commercial apps.

2. Device and local data Management and Monitoring

pingpal.io

Your IT infrastructure must be built with device independence

in mind. You have to protect sensitive information wherever

and however it’s used and stored—even when business and

personal apps live side-by-side on the same device.

Support for various current and future mobile platforms and

form factors should not pose too big a challenge and a

fortune to implement and support.

Do not try to throw in every feature of an existing web app or

desktop app into your mobile app. This will only increase

bulkiness and development and maintenance cost. Build

smaller apps that only take care of a handful of features, that

are easy to replace when your organization or IT

implementation changes.

Provide a suite of such apps and let customers, partners and

employees pick and choose what may be the best fit for

them. Remember the high interoperability and ease with

which mobile apps can kick off another mobile app based on

user’s inputs and preferences.

Also keep in mind, the integration possibilities with

independent productivity apps like Evernote, Email clients,

Document and Image editing and management tools.

3. Device Independence

pingpal.io

A mobile application isn’t the same as a desktop application,

and while the difference starts in the device, it’s the server

side of the mobile equation that will make the difference

between productivity gains and losses.

If you do not already have an enterprise bus infrastructure in

place or your current infrastructure is too old to handle mobile

requirements, consider revisiting the brokering and routing

requirements.

An optimum server-side mobility solution will consider state

control in transactions, presentation of information and

management of mobile data flows.

You also need to analyze and minimize data volumes. Mobile

applications rely on a relatively low-speed link to the devices,

and available mobile bandwidth may vary considerably,

depending on the user’s location and the local cellular traffic

load. In many cases there may be usage charges applied,

which could make mobile applications expensive to run if

data volumes are high.

4. Server side implementation

pingpal.io

Database synchronization presents one of the toughest

hurdles in deploying distributed mobile solutions. You need to

set up advanced synchronization and filtering between each

mobile device and the central system, deciding what data

they share, and the manipulation rules. The complexity grows

exponentially with the amount of shared data so it is

necessary to select good tools to manage this.

The data in the app should be stored in a secure local

database in the device with strong encryption. There should

also be an automatic self-delete (ephemeral) mechanism

implemented in the app to automatically remove data in

accordance with the internal business processes, as well as

a complete wipe through a remote command.

The synchronization mechanism should also take into

account the mobile network characteristics of everything from

high to low speed data connections, dropped connections in

the middle of processing and even complete off-line

situations.

The data synchronization should be done partially on

connection losses, giving clients the opportunity to continue

synchronization where it was when the connection got lost. It

should also handle multi-user conflicts, primary-key changes

and other problems usually associated with database

synchronization.

5. Data synchronization

pingpal.io

Employees must be able to download corporate data in their

device. It could be as simple as Excel and PowerPoint files,

but also for instance all CRM, customer support, order

delivery, etc data related to a specific customer for a meeting.

People need access to important and sensitive data to

perform their job even when traveling on an airplane or

visiting a remote site with poor data network coverage.

Partners and associates might also need to download offline

data, like actionable items, messages and reports. For your

customers you might want to offer the ability to download

receipts, order status, and special offers even when they are

off the network.

The highly sensitive nature of this data makes it critical to

develop security mechanisms, like database encryption and

the ability to remotely wipe everything from lost or stolen

devices.

There might also be privacy or other regulatory compliances

needed to investigate.

6. Offline behavior of app

pingpal.io

Mobile customers’ attention span is shorter than that of

desktop and webapps. Customers use devices everywhere

and at any time of day. Mobile app infrastructure has to be

scalable as once an app becomes a big hit, it becomes

extremely important to scale up the back end within hours or

days. Otherwise you will end up having a short-lived success

and by the time you scale up the customers will be all gone.

The simple way is to apply vertical scaling by adding more

resources to your server. This might be OK for a small niche

app but will not be sufficient for massive scaling. Design your

app and backend solution for horizontal scaling where you

distribute data and route messages over several servers.

This is especially important if your app is customer facing.

7. Scalability

pingpal.io

Mobile apps are setting the stage for what users expect from

their working environment. People expect the same look,

feel and power from your internal apps as they expect from

commercial apps. This has raised the stakes for IT.

As you work to deliver a superior user experience, look for

ways to give people more than they expect and provide

useful capabilities they might not have thought of yet.

For example:

• Think mobile first!

• The design and layout of the app is at least as

important as the functional task it is intended for.

• Compare your intended app with similar commercial

consumer apps. Is your app looking as good or better?

It should, if you want your users to love the app.

• Allow people to access their apps and data on any

device they use, complete with their personalized

settings, so they can get to work right away.

• Automate controls on data sharing and management,

such as the ability to copy data between applications,

so people don’t have to remember specific policies.

• Define allowed device functionality on an app-by-app

basis, so people can still use functions such as printing,

camera and local data storage on some of their apps

even if IT needs to turn them off for other apps.

• Make it simple for people to share data with colleagues

by for instance sending a link.

• You should measure and analyze usage of various

features to decide future development of the app.

8. Prioritize user experience

pingpal.io

The app will reflect on your brand and you as a supplier and

it’s important that the app feels and behaves as good, or

better, than a commercial app.

Social networking is increasingly becoming an important

aspect of mobile app development. It could mean as simple

as enabling app authorization using customers social IDs, for

instance signing on with the users Facebook ID. If

implemented correctly it will also offer insights into

demographics of customers as well as help manage your

company’s online reputation and address customer concerns

before it is too late, all important aspects for developing your

products, offering and brand.

The app has to be appealing and will need regular facelifts to

keep competition at bay unlike the previous generation

webapps wherein functionality alone was enough to keep

customers engaged.

9. Customer facing apps

pingpal.io

PingPal Overview

Anonymized We only know your users by an anonymized ID,

organized in anonymous groups. You maintain all your

user data in your own environment.

No data Stored We send messages point-to-point with nothing stored on our

system. It’s your data, we don’t want it. You decide what should

be recorded and stored in the app, and you store it on your

servers, not in our system. The best way to protect your

information is that we don’t have any information to protect.

Messaging with self-Destruct PingPal is designed for the ephemeral messaging

paradigm. We transport any data between anonymized

users without storing on our servers. Add self-destruct

mechanism like “show once”, “delete at 5pm” or “this

message should not leave this house” (GeoFence

delete).

Positioning with self-Destruct The most sensitive private data is the location of individuals, like

children, family members or VIP’s. PingPal provide secure

positioning dialogs for full protection. Use it for solving logistics,

people management or add geographic position to your security

tools.

pingpal.io

secure point-to-point Communication PingPal is a platform for military grade encrypted privacy protected self-destructing (“ephemeral”) communication and

positioning. Like Snapchat or WhatsApp on steroids for ANY app developer or organization. Simple implementation

and low cost traffic subscriptions means great ROI.

And more

And more

Military grade encryption During the message transport, or if the receiver is offline,

the message is temporarily managed by PingPal queues.

To prevent any possible intrusion or leaking we add a

point-to-point encryption layer. The keys are stored in the

sender and receiver devices. Not even we at PingPal can

read your messages, even if we where required to.

Security & Safety in the field Implement a simple alarm button to push the user position to

friends or security personnel. Start a position tracker if

needed. Or set off an alarm if the user enters wrong area or

deviates from planned route. Include automatic data delete.

The possibilities to enhanced safety in the field are limitless.

Instant PingPal messaging is extremely fast, as close to instant

as it is possible on mobile networks. PingPal messaging

is perfect for urgent or quick questions, group messages,

alert-style announcements, user-to-user messaging, etc.

With all those abilities including positioning.

Notifications PingPal pushes messages immediately to the receiver. If he

or she happens to be off-line we fallback to iOS and Android

push message. Use this mechanism to push messages to

single users, groups or all users.

Internet of things The PingPal communication interface can be

implemented on any Internet connected product. A few

pages of pseudo-code translated into the language your

device understands, like C or C++, and the device

becomes a user like any other user available to your app.

Traffic Subscriptions PingPal is a mobile backend service or ”App Carrier”. App

developers buy privacy protected traffic from us, in monthly

subscriptions just like a monthly phone bill. We also provide

business and enterprise accounts with SLA´s and support

contracts.

pingpal.io

Off the record

pingpal.io

Secure Sharing

pingpal.io

Military grade

encryption

pingpal.io

Teamwork anywhere

pingpal.io

Find them

pingpal.io

When something

goes wrong, tell them Where,

Automatically

pingpal.io

pingpal.io