Tuesday, December 14, 2010

Decoding Apple's Human Interface Guidelines: Part 1

So, you are ready to build an iPhone an app. The good news is that a lot of the decisions are already made for you in terms of how things should look and work navigationally. The bad news is, there are a lot of guidelines (rules) to follow to make sure your app gets through Apple's App Store review process. Apple has a set of Human Interface Guidelines that, coupled with the the built in features and on-screen controls available out of the box in the SDK, give you what you need to build a solid app. These are more than just guidelines but rather explain the method and rationale behind design best practices and maximizing the end-user experience on the iOS platform. Through the Human Interface Guidelines Apple is expecting iPhone app designers and developers to reinforce and embed the consistency people expect when using an Apple product. If you plan on creating an iPhone app for mass consumer consumption, these guidelines are a must to follow.

This is the first of a 3 blog series where I'll dive into the components of the Human Interface Guidelines. This post focuses on three of the seven guidelines:

  • Platform Characteristics

  • Human Interface Principles

  • Application Design Strategies

Platform Characteristics
Embrace the iOS as a platform. This means embracing the way people expect to interact with with the iOS platform and the "gestures" the go along with navigating and executing tasks. Gestures such as the pinch and zoom, making changes to device orientation (horizontal to vertical), tapping vs. clicking. Other platform considerations such as where users expect to set one-time app preferences ( via the native settings app, not within an app itself) is important to note when designing your own app. Did you know that the comfortable amount space to allow for a "tap zone" is 44x44 pixels? Apple figured this out and accounted for the fat finger. Allowing a tap zone 44x44 pixels avoids the issue of having elements too close and creating end-user mis-taps.

Human Interface Principles
The Human Interface Principles revolve around designing an app that behaves intuitively. It should be designed with aesthetic integrity. Meaning it looks the way it functions. Have a clear single purpose for your app and make sure it looks the way one would expect to complete that task. Help people transfer knowledge by providing consistent use of common controls and on-screen elements. If they already know what a control or icon means, then they expect it to behave a certain way when they see it again. The iOS platform allows for direct interaction with on-screen controls. Allowing people to directly interact with controls on-screen as they would in their native form helps people already know how to use your app. A great example is the iPod app. The on-screen controls for playing, fast forward, and rewind, look the same as they do in their native format on the stand-alone iPod device. This means users who already know how to use an iPod, know how to interact with the on-screen controls translated to the iPhone app version. Another great example is the Compass app. It looks and behaves just like a "real" compass when you change the orientation of your iPhone device. No instructions needed because you are able to translate your knowledge of how a compass works to the compass app.

Application Design Strategies
The Application Design Strategies guidelines provide a framework for determining what it is that you want your app to do. First and foremost it's important to have a clear statement of purpose for your app. What goal(s) does it help the user achieve? And along the lines of purpose - don't attempt to do too much with your app. The best apps do one thing really well. The worst apps try to do/offer too much. To narrow what it is that your app should focus on it's important to know who your audience is. And not just general segmentation by demographics, really dig into who it is that your targetting and the common characteristics of those people. Pick 2 or 3 characteristics to tailor your app to. Then filter the features of your app tailored to those audience characteristics. Now your getting to filling a need for a very specific audience and designing the interaction in a way that delights your target. With design discipline and diligent focus you have the recipe for creating an app that is "sticky" and gains faithful followers who evangelize the app. Evangelizing = more downloads = $$$$.

Next up, Part 2: User Experience Guidelines and Element Usage Guidelines.

Monday, November 15, 2010

m-Learning: The Next Evolution in Enterprise Training

"As the bell rings, the teacher reminds students that Podcasts of the lecture are available for download, and queries that come up during study review can be messaged to her number. "

Sound familiar? If you have school age children - K through college - you are probably getting well acquainted with the new way of learning. Teaching is no longer tied to the walls of the classroom or what's on the blackboard. This is more than just e-Learning. While the concept of e-Learning was a technological advance in the way teaching is done, it is still about being tethered to a computer. m-Learning is about on-demand content delivery anywhere.

Wikipedia defines m-learning as - Any sort of learning that happens when the learner is not at a fixed, predetermined location, or learning that happens when the learner takes advantage of the learning opportunities offered by mobile technologies. In other words, mobile learning decreases limitation of learning location with the mobility of general portable devices.

This is not just a concept relevant for the classroom. The enterprise should recognize m-learning as a powerful add-on tool to their learning strategy. With corporate culture moving more to toward the concept of the "deskless worker" and smartphones moving up the ranks from the "third screen" to the "primary screen" for end-users, the enterprise should re-think and refresh it's strategy for delivering training material. Here are some considerations and business drivers for taking your enterprise learning strategy mobile:

From Push to Pull Learning

m-Learning affords the benefit of contextual learning. The opportunity to get the learner in the environment they need that content. Making content available in a format and context that is most meaningful to the learner aids in absorbing and reinforcing the material.

Start with Sales Force

Looking for a pilot group to tactically test your m-learning strategy? Start with your sales force. The folks in the sales organization tend to be early technology adopters. These are the people that live outside the office, often on the road, and can be the most disconnected from what's happening inside the walls of the enterprise. They want relevant information when they need it and are sensitive to time. Time they spend training is time they aren't selling. Since individual compensation rides heavily on sales, finding time to train can be a low priority. Mobile affords your sales force with just in time training. And it shifts the perception of training from a "forced necessity" to "valuable information when I need it".

Make Mobile Part of a Blended Learning Approach

Mobile learning makes the most sense when it's part of a larger program. It supports and re-enforces the learning process and offers the learners not only the opportunity to learn both together and apart but also to learn in their optimal environment.

Build Your Business Case: Stats to Consider

Don't just take it from me that mobile is going to be the platform of choice. Industry trends are pointing in that direction already.

Mobile subscriptions are on track to hit 5 Billion worldwide this year. That means more people will have access to data through their mobile device than through TV and PCs combined.

Avoiding the Pitfalls

Deploying an m-learning strategy is as much about the people and technology as it is about the content. This feeds directly into the decisions the enterprise must make around supported mobile devices (smartphones, tablets) and the people required to maintain and build-out capabilities. Technology can be a huge competitive advantage but think before you build. Here are some challenges to address before you deploy:

  • Connectivity, battery life, and bandwidth restrictions - know how your end-users will be connecting and device limitations before you build.
  • Device requirements/restrictions - Screen size, key size, Multiple standards, multiple screen sizes, multiple operating systems. Mobile platform standardization is a precursor to deploying m-learning within the an enterprise.
  • Number of file/assets' formats supported by a specific device - make sure your m-learning development team is aware of the technology requirements and limitations.
  • Content security - don't forget about encryption for any content that will reside on a mobile device. An enterprise mobile policy should address content security requirements/standards.
  • Reworking existing e-Learning materials for mobile platforms can be labor intensive - it's not a copy and paste exercise so plan for it upfront.

Is your company deploying training to mobile devices? Post comments and share your stories.

Tuesday, October 19, 2010

3 Great Resources Ready for Your Complex Projects

With so many new trends with mobility, agility, and the Cloud, there are a lot of questions on which emerging technology fits into your business needs. When it comes to making those tough decisions, having an expert with a long list of successes is the way to go. Meet our list of available experts who can solve any of your business problems and help get your from A to B faster.

Nina Jagannathan is a solid Project Manager and Senior Business Analyst with over ten years of professional IT experience, spanning from Electric Utilities, Direct Marketing Order Processing, Digital Data Mapping and Fleet Management. She is successfully wrapping up the enterprise Mobile project at a Fortune 500 financial institution.

Nina utilizes her strong math acumen that she acquired from her Masters degree in Electrical Engineering, as well as her past experience as a DBA to develop and analyze a variety of compelling metrics reports, which provided clients substantial savings. She is eager to continue her tradition of pinpointing issues and spotting trending that will help increase business efficiencies. Nina is highly skilled at eliciting both business and technical requirements and developing process flows and system use cases. Nina has excellent communication and presentation skills and is able to effectively communicate to both IT and business focused stakeholders.

How can Nina help your projects? Nina has expertise in:
- Business requirements gathering and use case documentation
- Business process re-engineering
- Facilitating team JAD sessions
- Application development project planning, resource allocation, and daily tracking/issue resolution
- Data analysis and metrics reporting to feed business decision making

Sathish Chittibabu is a seasoned Senior Java Developer/Architect and accomplished technology consultant with over ten years of experience developing mission critical applications using Java/ J2EE related technologies. Sathish has a a solid understanding of SDLC and Agile methodology. In Sathish's past projects, he has successfully architected and developed custom technology solutions for his clients in the areas of Governance, Risk Management and Compliance (GRC). Sathish has implemented key Separation of Duties (SOD), SAS70, and SOX compliance technology controls for his clients. Sathish was also integral in both designing and implementing a highly customized Identity Management solution for a multi-phase IdM/RBAC program at a Fortune 500 bank located in Chicago. Sathish is well versed in both the Sun Identity Management and Sailpoint Identity IQ products. Sathish is currently wrapping up an enterprise mobile development project for a major financial institution which will enable existing application functionality to the Blackberry platform. From his past experiences and his desire to stay ahead of the technology curve, is a team player and is a must have for any of your complex projects.

How can Sathish help your projects? Sathish has expertise in:
- Java/ J2EE technical development
- Designing and Implementing Identity Management solutions
- Porting functionality from Sun's Identity Manager product to new technology
- Sailpoint Identity IQ product installation/configuration/customization
- Custom Application Development
- Mobile Application Development

Matt Bata is a Business Analyst who is an incredibly fast learner of all technical and business terminology. With a double major in Management Information Systems and Accounting, Matt has the knowledge to exceed at a variety of analytical tasks. Matt uses his strong business sense and critical thinking skills as well as his Operations Analyst experience to identify issues. On his past projects, Matt has leaned operations processes, performed data analysis on financial reports, and created metrics for future department reporting. Matt has top notch communication skills and is able to work on and lead a team.

How can Matt help your projects? Matt has expertise in:
- Financial reporting analysis
- Business requirements gathering and documentation
- Website management
- Multiple department support
- Manage and track project budgets

Contact me if you'd like to talk about any of these resources for your projects. As always, 1-2 hour project discovery sessions are complimentary.

Sunday, August 29, 2010

Welcome to Facebook Gramps!

Read this article in the Tribune today about seniors getting on facebook. Some interesting data is suggesting that social networking use by seniors is growing faster than any other demographic. Senior use has doubled from 2009 to 201o.

What are your thoughts on how the growing adoption of social media by seniors will impact how that channel is used by businesses? Is there an opportunity being created by seniors getting bit by the Facebook bug? Add your thoughts and comments below.

Monday, August 23, 2010

3 Ways to Start Using the Cloud Today

The cloud is big right now but it's still a difficult transition for many companies to make. Cloud hesitation is mainly related to FUD (fear, uncertainty, and doubt) rather than based in real-life experiences. Small businesses have embraced the cloud and SaaS offerings as a great democratizing offering. Through various cloud based applications, IT infrastructure and storage capabilities, and collaboration and productivity suites, the cloud has afforded the small guys with IT capabilities that would not have been possible on smaller budgets just 10 years ago. This is allowing more innovation, faster product development cycles, and overall more time to focus on the core business and less time worrying about supporting and administering an IT infrastructure or upgrading application capabilities.

Here are a few ways enterprises can start testing the waters to find the right balance between cloud based and traditional IT:

This may sound like a big leap, but along with storage, email is quickly becoming one of the biggest commodity services. With names like Microsoft in the arena, and their hosted Exchange offering, the transition may not be as daunting. These services are cheaper for the provider to run and make a great enterprise business case for migrating more capabilities to cloud provider alternatives.

Collaboration/Idea Generation/Brainstorming

All 3 of these equal innovation. Give employees quicker ways to capture and share ideas. The Google apps platform and Microsoft BPOS are examples. With remote and distributed workforce becoming the norm, these platforms let you quickly co-create and share information. Easier collaboration and co-creation can lead to more innovation faster. A great example is using Google Apps to quickly create a shared spreadsheet to capture ideas that can be shared with remote participants - no conferencing technology or screen sharing technology needed.

Knowledge Management
Let your staff organize and share what they know, what's important, and what they are working on. Sharepoint is a common example but I'm a huge fan of Google Sites. Google Sites provides simple, easy to use, pre-defined templates to get you started. Starting a project? Create a site. I've used Google Sites to manage the execution of projects as well as a repository for final deliverables. These tools provide a quick consistent way to allow staff the self-service capability to make information accessible.

What is your company doing in the cloud? Is it embracing the cloud? As always I welcome your thoughts on the topic. Please share below.

Monday, June 28, 2010

A Product Managers Guide to Designing an iPhone App

One of the biggest questions facing my clients is "What should we mobilize?". The nuts and bolts of HOW to mobilize are actually a lot simpler than figuring out WHAT to mobilize. The mobile environment creates both an opportunity and a challenge for the Product Owner - we now need to get reacquainted with our end-users, learn their behaviors in the mobile context, and what's important to them on-the-go. The opportunity is in discovering a new facet of your target customer and discovering a new way to connect with them and fill a need. (If you don't fill the customer need....... someone else will).

The Golden Rule
The Golden Rule of Mobile application design: your mobile customers WANT TO FIND and DON'T WANT TO BROWSE. You want to create that eureka moment for your end-user as soon as the app loads, without requiring a lot of end-user interaction to get them there. Here's one of my favorite examples:

QVC is a large direct to consumer retailer with mainly a television based business. But they translated their TV sales approach into a highly functional and product rich online e-Commerce site. The website has a wealth of navigation options for refining the browsing experience and arriving at exactly the product you are looking for. Navigation is organized by product category, brand, type, etc... When translating the website experience to the mobile context they stepped away from navigation and just present the most relevant products based on -
  • what's on air now
  • items other customers have indicated as "top rated",
  • the special value of the day.
A very simple, uncluttered, page design presents the most current information most prominently with a secondary focus on searching for something more specific. QVC is an example of a company that "gets it". As tempting as it might be to display a traditional homepage with a window into the tens of thousands of products available to purchase they successfully translated the TV equivalent of "what's on sale now" to the mobile app experience. And if you want to watch TV from your mobile device... you can do that too.

Use Existing Analytics to Drive Mobile App Approach

Anticipate the end-users need, use existing website analytics info to drive this. If you have a desktop browser based site, then chances are you already have some great insight into what your visitors find most useful on the site. Use existing website analytics to determine what also might be most useful in the mobile context. Not only what features are useful but also what OS and browsers are your visitors coming from.

Make it Useful, Useable, and Delightful

It needs to be relevant and fill a need now be easy and fun to use. The example I think of is Shazam.
  • It answers that question "What song is that" in the moment (useful).
  • Simple to use(useable).
  • And who doesn't love watching that icon spin before spitting out the song you are listening to? And how DOES it work? How DOES it know what song I am listening to? (delightful).
There are a lot of ways to skin a cat but to make your app sticky it has to be fun to use, in addition to filling an immediate need. As described in the book Tapworthy most people use their mobile apps when they:
  • are micro-tasking,
  • want to know what's near me now,
  • or are bored.
Keeping these simple ideas in mind when designing your app will help give your app and your brand the contextual relevance needed to make it sticky.

Monday, June 21, 2010

Creating a Culture of Innovation: 3 Lessons on Innovation from Pixar

CNBC aired a great biography recently on the story of Pixar. I was expecting the typical rags to riches story but instead, this was a story of building a culture of innovation. I learned how a few people with a passion for their craft and the confidence and willingness to push the limits of technology can not only, win the infusion of $10 million in investor dollars (from Mr. Steve Jobs) , but also win the hearts of millions of Americans -young and old - by blazing new trails while doing what they LOVE. Now, we can't all be blessed to have careers that bring pure joy to the young and young at heart, but we can take a lesson in how to foster innovation and push people to use their talent to the fullest. So what did Pixar do that we can apply? Here's what I learned:

Create a space that encourages unplanned collaboration
Even if you are bound by the limits of traditional cube-farm style office space, there can be ways to create a more open feel. Place team tables in central places. Centrally located white boards and easels are great ways to signify that this is a space where thoughts can be developed. Give the space a feeling of having a place to "squat" when the need arises instead of relying on planned meetings and pre-arranged meeting space. Keeping open collaborative space provides the canvas for impromptu idea generation and problem solving.

Treat individual office space as an empty canvas
If you've seen any stories in the news about the Zappos company culture, you'll understand this. Zappos allows employs to decorate cubicles and offices with as much style and individual flair required to inspire them. Just the fact that employees have that freedom to personalize their space is empowering to the employee. That feeling of empowerment and individuality helps create a culture where people feel safe to be themselves. When the guard is down that's when some of the best unedited ideas start flowing.

Embed frequent candid, critical feedback loops as part of your product development process
Pixar does this by having daily meetings where editing teams meet to present the movie segment they worked on to peers. The peers give candid and critical feedback. It's not sugar coated. But in an environment where people feel safe, they don't take feedback personal. This free flowing feedback early and often can help turn something that is good into something great quickly.

Innovation is not just a buzz word but is something that good companies truly work at. Apple as the poster child for innovation. Companies that see everyday things differently and create a culture where people are empowered, feel safe, and have the freedom to be themselves are the ones the others are trying to catch up to.

What does your company do to support idea generation, creative thinking, and innovation?

Sunday, May 16, 2010

4 Enterprise Barriers to Agile Transformation

Delivering projects (both business process and technology focused) for the bulk of my career, I have found these themes to ring true as barriers to agile transformation within the enterprise:

Resource Management
While resources are cross-functional often wearing many hats, they are often part of a matrix organization and deployed to simultaneous projects at once. This creates conflicting priorities, lack of visibility, and the inability to fully participate in the day to day needs of any one project team. The Agile solution - dedicate resources to a single team. Allow resources to fully participate in the daily team interactions, forge relationships, and share accountability for the overall project goal. Dedicated participation will speed the overall delivery and ease communication barriers. Freeing the resources to move onto the next priority rather than working on several at once.

Physical Location
Large corporations (even the not-so-large) have always been fond of cubicles. Building physical walls between people for privacy. What suffers is team communication. So meetings become the main way for talking with each other. Instead, break down the walls and allow the team members instant communication anytime it's needed. Co-located team members is also a huge issue. The business often lives in one building and the technical in another. Again, creating physical barriers to communication and collaboration. Keep project teams together and break down the physical wall for the duration of the project.

Requirements are a huge stumbling block in large enterprises. Not only the requirements themselves but the politics surrounding them. Politics such as - who had input? who signed off? when were they signed-off? are they in scope? when is a change request required? The traditional assumption around requirements is that the business knows exactly what it wants and that it won't change for the duration. Any changes are considered risks to project delivery. The agile mindset says - keep requirements light, keep them just-in-time, allow them to evolve with the needs of the business. This works because the cross-functional team is in constant communication. As requirements evolve real-time business decisions can be made based on the current state of the product. Together, the team takes input from a product owner to help craft ultimately how the product meets the goal. The product owner isn't expected to give detailed how-to requirements. Only to know what the business needs and, through a series of product demos, collaborate with the team to make the product just right. Traditionally the enterprise has encouraged a long very detailed upfront requirements gathering phase in which everything is written in documentation prior to building. This produces nice documentation that can quickly become outdated as business needs change (and business needs ALWAYS change). The project starts swirling around creating change requests before one line of code has even been developed. Stop the madness, document what's necessary to give the team a running start, evolve the documented requirements as the product evolves, not vice-versa.

Compliance Requirements
Agile promotes just enough process to get the job done. Sometimes in larger enterprises the "just-enough" becomes too heavy weight and prescriptive in the name of compliance. This is a huge misfortune and one of the largest barriers to starting and being successful at Agile. The key to compliance is a keen understanding of what controls need to be in place and what the purpose of the control is. The enterprise must provide the tools, resources, and guidance necessary for teams to be successful in meeting the controls NOT provide a detailed how-to for doing something. Education and shared accountability with actionable recourse are keys to compliance.

What are your experiences and barriers encountered when bringing Agile principles to your projects?

Tuesday, April 20, 2010

A Single Trick for Remembering Passwords

In both our personal and work life we are faced with remembering countless passwords - ATMs, Amazon account, iTunes, the LAN at work. I found this interesting tip for creating secure passwords that are complex to crack but easy for you to remember.

Tuesday, April 6, 2010

Identity Management meets Augmented Reality

Imagine pointing your mobile device/smart phone at a co-worker and seeing a holographic depiction of all the system access assigned to that person. Sound far-fetched? It may be a reality sooner than you think.

Although still experimental, the technology is available. Using face recognition technology to match the person's face with a picture stored on the server, any stored information tied to that profile picture can be sent back and displayed to the requestor.
Imagine an environment where authorized people could perform spot Access Certification checks by simply pointing a mobile device equipped with a camera at a co-worker's face. System access is looked up and displayed in a meaningful way as a holographic image/text floating around that person's face. Think of the possibilities and enterprise use cases this immediate access to information could serve. Read more about this technical capability here:

Sound like an interesting concept? Please comment below to let me know what you think.

Thursday, April 1, 2010

5 Best Practices for Developing a Mobile Strategy

Whether your company has already embraced mobile platforms as a business reality or just getting started, the "next big thing" is here. Here are some best practices to keep in mind when planning your approach to mobile.

1. Know "Why"
One of the first important questions to ask is "Why?" The mobile context is significantly different that the desktop world. What's driving your move to mobile? Simply porting your existing desktop content or creating miniature versions of existing websites for mobile is not a wise move. The content you are providing needs to be useful in the mobile setting. Your end consumer has different needs in the mobile context. As I outlined in previous blog, The 3 Cs of Mobile Website Design, visitor context is a huge factor when considering what to develop.

2. Decide what business functions should be mobilized

What functions will give you the biggest bang for your buck? When determining functionality to port into the mobile context, you want to pick something with a measurable ROI or something that gives your business a competitive advantage. Show value early to help build your business case for expanding into more mobile functionality.

Look at which applications are most important to your company, review your use cases, and re-define how those use cases look on the mobile context. How is the use case different for a mobile user? What's important in the mobile context? Keeping in mind that mobile users want to find not browse.

3. Deploy useful functionality incrementally
This isn't a 6 - 12 month initiative. You need to build and release quickly, solicit feedback, and refine. Think about how to chunk up functionality into small, agile releases. The sooner you get functionality out there the sooner you can start making it more useful. Consider piloting to a limited set of users on specific mobile devices. Start expanding audience and supported devices once it's been around the block a few times and you've had a chance to kick the tires.

4. Develop Standards
As an enterprise it's important to have technical standards in place before they get decided for you. Once the enterprise has momentum with mobile, it's not time to start figuring out what your standards are. Security standards, supported devices are all up for consideration when defining mobile guidelines.

Adopt and adhere to common body of knowledge development best practices. Organizations like the W3C have developed thought leadership and application development standards for mobile.

5. Decide How
App or Mobile website? The answer to this question is important and based on the device capabilities of your end users. If you are targeting an audience that will be using a common device than the robust offerings of a native device application may be the right answer. Native apps allow you to fully exploit the capabilities of the device for an optimal end-user experience. For supporting cross device compatibility a mobile website be the best approach. Although more testing time should be factored in, a mobile website offers widest range of possibilities for a broad user base.

In summary, Mobile is hot, but as with any emerging trend, don't implement technology for technologies sake. Know the audience you are serving, what they want, and what you expect to get out of it - your ROI. Strategic thinking and systematically rolling out mobile capabilities are the keys to success.

Friday, March 5, 2010

5 Tips for Giving a Great Presentation

In my role at Solstice Consulting, I do a lot of presenting on topics that interest me, case studies on project successes, and Solstice's domains of expertise. While my audience has ranged in size and background and the content is different each time, I have found a few prensentation techniques that seem to apply to all situations.

  1. Be confident no matter how unprepared you feel. Projecting confidence is a sure fire way to build credibility with your audience and help ease your nerves.
  2. Dress smart and confident. What you wear impacts how you feel about yourself. Splurge on that smart suit or stylish shirt.
  3. Be interesting and engaging. Pull people into your world with stories, anecdotes, and humor. The more they laugh, the more they'll like you, and the more they will remember you.
  4. Read the room and get a pulse on the audience. When you feel things are going south and people loosing interest, start asking them questions to keep them engaged. Get them talking and learning from each other. Your audience will appreciate your facilitating knowledge sharing. And they might have the content or answers that you don't.
  5. Keep the slides light on text. The more text the more tempted you are to read directly from the slide. Use key phrases and words. This helps keep the presentation conversational when you use your own words and stories to deliver the content.

As always, I'd love to hear your thoughts. What are some techniques that work for you?

Tuesday, March 2, 2010

The Information Security Profession: Today and Beyond

The information security profession is changing. I've been asked to present my perspective at NetSecure on how the profession is changing and what's driving the change. If you can't make it to the event, here is a sneak preview of my presentation.

Monday, February 1, 2010

Shedding Light on the Information Security Landscape: An Interview with Sandra Toms LaPedis, Area Vice President and General Manager, RSA Conference

The Information Security landscape is changing. In the face of dealing with more sophisticated threats, these recessionary times are driving innovation like never before. Sandra Toms LaPedis, Area Vice President and General Manager, RSA Conference , sheds light on information security challenges, technology trends driving the CSO agenda, and how today’s environment is creating opportunities.

1. What are the top organizational challenges facing security professionals today?
The number one challenge is that IT departments are currently working with fewer resources. While Gartner research shows that IT budgets will be up in 2010 by 3.3 percent, the industry will still be playing catch-up with 2009’s 5.2 percent decrease. And according to the U.S. Bureau of Labor Statistics, 9.4 percent of the population is currently without a job – with California being hit particularly hard at a rising 12.4 percent. Unfortunately, many security practitioners are in these ranks.

With these limited resources and the loss of talented security professionals in IT departments across the country, no one is minding the proverbial store. Many organizations are left with stripped-down departments that have fewer people watching for threats. We know more issues can occur during these times of economic hardship, so having more eyes on the security posture of an organization is more important than ever before.

2. What are the top three technology concerns for organizations?

Based on the abstracts that were submitted and the agenda we have set for RSA Conference 2010, we see that three particular areas of concern are cloud security, security in the face of consumerization and mobility and cyber warfare.

3. How is today's business environment impacting how security challenges are addressed?

In July 2009, we surveyed nearly 150 C-level executives and professionals charged with directing, managing and engineering security infrastructures within their respective organizations to find out their pain points for the coming 12 months. Fifty-seven percent of respondents cited budgetary constraints as their biggest concern. This means organizations have to get creative with the way they protect their infrastructure since they have fewer dollars to spend. This may include finding new tools that address multiple issues, learning how to make what they currently have adapt to changes in the landscape or architecting new solutions.

4. How has the current environment created opportunities for security-focused service providers? Is today's environment driving innovation?

Recessionary periods drive the most innovation. Especially today, when entrepreneurs and developers have so much technology to get them started, industrious individuals are required to be more creative and resourceful. You can simply look at events like TechCrunch50 and DEMO to see that technology professionals are capitalizing on missed opportunities by debuting truly innovative products and solutions.

The information security industry is no exception. Codes are becoming more malicious, botnets are getting smarter and attacks on corporations and nation states have become more frequent – such an environment is ripe for information security innovation. At our Innovation Sandbox program we showcase and honor companies and individuals that are at the cutting edge of security innovation and have the most promise for offering a solution to the information security industry’s most pressing issues. On February 8 we will select 10 finalists from a pool of 40+ submissions to compete for the title, “Most Innovative Company at RSA Conference 2010.” With this program we plan to highlight the entrepreneurial spirit of the security industry while also giving early stage companies a venue to be seen by their peers.

5. What have you seen in terms of innovation in security?

In the last year we’ve seen new companies address the security concerns associated with the proliferation of cloud computing and virtualization in IT architectures, as well as significant advances in the way organizations can secure their employees’ mobile devices. The list goes on and on, but there is a need for so much more – which is why Innovation Sandbox is such an important program, and why information security professionals sharing best practices at RSA Conference becomes a business imperative.

This year we’ve had companies submit products that can emulate a phishing attack on an employee to provide education on how to identify risks via email, solutions that address the security risks associated with password resets and products that have turned authentication as we know it on its head by integrating image recognition to the fold.

Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conferences, joined the company in 1998 and is responsible for the global promotion and successful execution for the Conference. This includes content, strategy, logistics, industry relations, brand extensions and partnerships.

Monday, January 25, 2010

4 Point Plan for Testing Mobile Websites

When building a website targeted for mobile platforms, having a good testing strategy is one of the keys to ensuring end-user satisfaction. The mobile context is different than desktop. With so many different devices with varying capabilities it can be challenging to develop functionality that works well on all. Here's a 4 point strategy to use when determining how to test your mobile website:

1. Define testing scope
There are many variables at hand when considering the mobile context - device capabilities, operating system, propietary browsers, carrier network performance - it's difficult to test every aspect thoroughly. Mobile testing is about focusing your efforts. Hone in on your intended audience, do your homework on devices the majority of your end-user base will be using. Build a testing plan around your target audience's device hardware, operating system, browser, and network. Utilize alternatives to native device testing to cover other user populations (i.e. mobile test emulators, see below).

2. Test functionality first on a desktop
Get the functionality working first then focus on cross device, cross operating system compatibility. Dealing with all the possible issues at once - basic functionality, OS and browser specific graphic design issues - can be time consuming. Keeping your testing focused on functionality first then look and feel and navigation will avoid wasted energy.

3. Utilize mobile emulators

Once the functionality works as expected, test the user experience on emulators. Emulators exist to test specific operating systems, browsers, and devices. If you aren't familiar, emulators run on your desktop and emulate the mobile OS and mobile browser environment. Here are a few of the most popular:

It's not always a slam dunk installing these so be sure to allocate time for installing all required components and configuration.

The W3C also has a great resource for validating the mobile friendliness of a website. As mentioned in my previous blog - 3 C's in Moble Website Design - The World Wide Web Consortium (W3C) is founded on the principles that the web should be accessible to all and on as many devices as possible. To realize this, the W3C body of knowledge has developed technical standards and best practices for the development, design, and content authoring. Simply enter your website URL into the W3C MobileOK checker and the checker validates your site against the mobile best practices as defined by the W3C.

4. Test on native devices
Finally, execute testing on the native devices, operating systems, and browsers outlined in your testing plan. At this point all functionality issues should be worked out and your testing is focused on user experience and useability on specific devices.

The basic principles of desktop application testing apply to the mobile web context as well. A good plan and focused execution will help reduce post-production issues and eliviate end-user frustration.

What are you doing to test your mobile websites? Comments and discussion welcome!