Four months after Quip launched on iOS, the company delivers on its promise of an Android app for its eponymous word processor. Today's release comes on the heels of a major update to its Web and iOS apps that finally lets you import Microsoft Word files, a feature the Android version lacks for now. Still, with these two updates, Quip edges closer to its ideal of being a collaborative cross-platform word processor.
Embrace freedom: Forget about securing your employees' smartphones
Mobile device management or MDM was a hot topic a year or two ago, but IT pros are beginning to recognize there's more to mobile security than the device.
You need basic device-level control like password resetting, VPN support, and perhaps even remote wiping capability, but that is only part of the mobile security equation -- and as employees increasingly bring their own devices, they don't necessarily want IT having that much control over their phones.
Perhaps that's why, last week when I was hosting a Twitter chat on mobile security, an interesting point came up about MDM. Brian Katz, who is a frequent contributor to these chats and head of mobility engineering at Sanofi, came straight out and said MDM as a product is dead and it's become just a feature set -- part of a broader mobile security strategy.
Walter Paley, who is marketing manager at Bitzer Mobile, makers of a secure workspace for mobile devices, says that device management is part of an overall security approach now, and suggests we look at the mobile security issue more comprehensively. To him, enterprise mobile management (EMM) starts with the data and works its way up to apps and finally the device.
In this context the device is the least important. As a phone owner, you probably want to be able to track your phone if you lose it or somebody steals it. You also want to be able to be able to prevent people from accessing any content stored on the phone, but what you probably don't want is IT wiping your device and all your personal content in the name of enterprise security --Ah, excuse me, but you just wiped out my vacation pictures from last summer.
But users are accessing work content on that phone. So how do companies secure that content and ensure that outsiders can't gain entry to the work-related content on your phone?
That would mean securing the apps themselves and you can see that would involve a comprehensive strategy that moves beyond the device.
Let's look briefly at the components of a mobile security strategy in order of importance.
There seems to be near universal acceptance now that the device is the least important part of the equation. What you want to make sure is that your data is secure at the back end. If you do that, it doesn't matter what device a user has: It could be a tablet, smartphone, wearable, or something we haven't considered yet. If you secure your enterprise data, you are protecting the most important piece of the equation from the enterprise perspective.
Traditional MDM vendors like AirWatch are working on this problem. AirWatch encrypts the data on the way to the app. You can only unencrypt the data inside the app by providing proper credentials in the form of a user name and password.
Another angle is relying on the companies who provide cloud-based data storage and sharing to encrypt and protect the data stored in those services. For instance, Box encrypts the data in transit and at rest using SSL encryption on transit and 256-bit AES encryption at rest, while cloud storage vendor Copy.com provides 256-bit AES encryption at rest and in motion. Some providers, like Watchdox, go even farther, wrapping files in encryption that travels with the file regardless of where it ends up -- even if it's taken outside the cloud service. The right solution depends on how you want to balance usability versus data protection.
The next layer to protect is the app itself. This involves building a container around the app, so that IT can update the app or remove it. In this scenario, if the phone is lost or stolen, or you leave the company with your BYOD phone, your company can simply unplug you from the enterprise by deleting the app or shutting down your access to it.
With news this week that Google Compute Engine cloud is now generally available, the battle in the Infrastructure-as-a-Service market has hit a new level. The biggest question is: Can Google give the kingpin of the public IaaS market, Amazon Web Services (AWS), a run for its money?