eric.lai

    April 2012 Previous month Next month

    Are laid-off investment bankers taking programming classes? They should be, now that salaries for enterprise mobile developers and architects are matching and exceeding Wall Street pay scales.

     

    My Thursday blog highlighted a conversation I had with an IT recruiter, who said that mobile architects with SAP backgrounds today are getting paid about $240,000.

     

    Or as outside consultants, they are able to easily charge hourly rates of between $150 to $175 per hour.

     

    I got a bit of reaction to those claims, including one e-mail from Tom Benson, founder of a mobile consulting firm, iOptimal.

     

    "Our consultancy is specializing in mobile Oracle and mobile SAP (SAP wins by a long shot)," wrote Benson. "Any great ideas where we can get more SAP mobile people, or train them up faster?"

     

    Benson elaborated via phone later that day. iOptimal is building custom enterprise app platforms tailored for specific industries, such as healthcare.

     

    Benson and his partners have big ideas on what they want to deliver to enterprises. The demand is there, he says. What's stopping them is not being able to find the talent.

     

    "Mobility is a rare skill set. SAP is a rare skill set. Put the two together, and [that developer] is one in a million," he said. The experienced SAP mobile architect who will work for only $160,000? "I don't think those people exist."

     

    Instead, "what we've been doing is finding Objective C (the native language for developing in iOS) developers and others tied to a specific platform, like Appcelerator or RhoMobile," he said.

     

    This is not what we at SAP desire. In an ideal world, we would have a vibrant ecosystem of partners and developers (1 million+) like iOptimal collectively producing thousands of apps all on the Sybase Unwired Platform.

     

    Opening up SUP and SAP Netweaver Gateway to popular Web development frameworks such as Adobe PhoneGap, Appcelerator and Sencha is all about achieving that goal.

     

    (Speaking of 3rd-party frameworks, join SAP next Wed May 2nd for the webinar, "Getting the Most Out of Third-Party Tools for Mobile Development." Sybase mobile CTO Jagdish Bansiya will talk about how developers can use tools like PhoneGap or Sencha to quickly build apps that communicate with SAP back ends via NetWeaver Gateway.)

     

    This ecosystem is building, for sure, but it won't happen overnight.

     

    For one, says Benson, any experienced SAP developer or consultant is probably already working steadily and making good money. For another, building skills in both SAP applications and mobility requires "extremely high learning curves."

     

    Also, going overseas for talent is harder than with other types of development.

     

    "I've managed big offshore teams. There are wonderful people offshore. It works better when you give them a big discrete project," he said. "It's already so hard to find people with both skills. And with enterprise apps, there's so much back and forth between the programmer and the customer. You might as well do it here."

     

    Bottom line is that developers and firms who build up their skills now in SAP and mobility will have no shortage of well-paying projects and customers to choose from, today and in the future.

     

    "I don't think rates are going to come down. It's not like people are going to flood in," Benson said. "None of my competitors are going to have an easier time trying to hire, either. But this way, I can charge top dollar."

     

    *********

     

    I've written before about how SAP can get enterprise apps running for customers in a matter of weeks.

     

    Now, listen to an expert from SAP Rapid Deployment Solutions tell you how to make it happen.

     

    Hari Prasad Subramanyam, Global Rollout Manager for RDS, will be the guest expert on Wednesday May 9th.

     

    Sign up here.

    Now I know what working at Apple must feel like.

     

    After SAP (my employer) announced April 10th that it had bought mobile app vendor Syclo and inked partnerships with development framework vendors Adobe (PhoneGap), Appcelerator and Sencha, praise quickly turned to skepticism.

     

    Oh, the reaction initially was positive.

     

    "SAP will use Syclo’s application portfolio and global customer base to continue boxing out rivals in the race to satiate business customers," wrote ZDNet's Andrew Nusca.

     

    (Fun fact: Syclo CEO Richard Padula has been developing mobile business apps since the mid-1990s, or several years before the WAP-based Mobile 1.0 era.)

     

    "SAP may have put itself in position to be the end-to-end development platform that enterprises are looking for," wrote ReadWriteMobile's Dan Rowinski.

    John Wargo has a great post at the Sybase Unwired Platform Developer Center expanding on what that means, and how we hope to attract one million+ developers.

     

    But doubters quickly emerged.

     

    "I cannot see how SAP is going to get to that number, and in what time," wrote Vijay Vijayasankar, an IBM consultant and SAP Mentor.

     

    "SAP needs its developers but does nothing to encourage them," wrote analyst, Dennis Howlett.

     

    There were more comments in that vein. I half expected someone to criticize SAP President and Corporate Officer Sanjay Poonen for not sweatily re-enacting Microsoft CEO Steve Ballmer's "Developers!" chant.

     

    Some of their points are on the mark. It's far easier for developers at large consultancies and system integrators with SAP enterprise licenses to access the Sybase Unwired Platform than developers at small firms. The library of training materials for SUP is fast-growing (see the Developer Center above) but could still be more plentiful.

     

    The good news is that SAP executives like Poonen are well aware of this issue, and have told key influencers that positive changes are near.

     

    SAP + Mobile Skills = Payday
    For you the mobile developer, all of this is noise. What you probably want to know is: right now, is it worth my time and trouble to learn SUP and other SAP technologies?

    Naturally, I would say yes. But don't listen to me. Instead, let's hear from Jason Cohen, who is a vice-president for Cyon Recruitment Consultants, an Orlando, Florida-based IT recruiting firm. Cohen has been a recruiter since the late 1990s, with a focus on enterprise software from both Oracle and SAP.

    "Enterprise mobility is definitely on an uptick," he said. "There's been more activity in the last several months than we've ever seen."

    A search of the Indeed.com job aggregator shows 71 ads looking for SUP skills.

     

    One of those was from Cohen's client, which is looking for an enterprise mobility architect with deep SAP experience. The job, located in the San Francisco Bay Area, would pay between $145,000 to $160,000.

     

    That salary range is extremely low for the Bay Area, acknowledged Cohen, who unsuccessfully tried to persuade the client to sweeten the pot. He says that SAP mobile architects in urban areas like Silicon Valley should be able to command $200,000 a year and up.

    "I've personally spoken to a number of people in similar roles in the Bay Area and Los Angeles that are making $240,000 a year," he said. "The ones that have the skills that everyone demands are in the driver's seat. Companies are at their mercy."

    By contrast, Cohen spoke recently to a mobile architect skilled in Microsoft technologies who was making about $150,000 a year in Seattle. SAP developers and architects typically make 15% to 20% more than those with skills in Microsoft and other technologies where demand is lower and developers more numerous, he said.

     

    "The demand for SAP skills is much higher. Syclo, Kony or Good? Not so much," he said.

     

    Or check out this survey from SAPrankings.com, which found that SAP mobile consultants with 10 years experience earn  about $125 per hour, higher than the $120/hour average for SAP consultants. Cohen says the $125 per hour figure, while accurate nationwide, is low for SAP mobile consultants in major urban cities. They are typically charging $150 "and even $175 per hour."

     

    "The need for talent is growing, but the talent pool is not very large," Cohen said.

     

    So however difficult getting trained up on SAP mobile technology is for you today, it seems like it will pay off.

     

    Of course, if SAP fulfills its dream and brings in legions of developers it could rebound on those developers already in the market, as one SAP developer warned recently.

     

    "Mark my words, we'll be looking for alternative careers because the rates will be destroyed," he wrote.

     

    But it's safe to assume that those who get into the SAP mobile ecosystem sooner will still have a leg up on others. And we've only seen the tip of the iceberg in terms of companies mobilizing.

     

    "There's going to be a tremendous increase in the demand for enterprise mobility professionals over the next five years," Cohen said. SAP mobile salaries and rates will continue to rise "for the foreseeable future."

     

    ***********

     

    Enterprise Mobility for Dummies is a new eBook sponsored by SAP.

     

    Think of it as a crash course perfect for the non-techie in your work or personal life: your line of business manager, your CFO, your CEO. Get a copy or send the download link above.

     

    Apple's stock price could bounce around anywhere between $300 and $1,000 over the next several weeks. I really have no idea. What I am certain, though, is that Apple's Q3 earnings results announced Wednesday show Cupertino again blazing the trail into the mobile era.

     

    Here's the stats that especially blew me away:

     

    1) Apple shipped 46.9 million iPhones and iPads, versus 4 million Macs. That's nearly 12x more mobile devices than PCs.

     

    2) If we count tablets as full computers, as a growing number of analyst firms are doing, than Apple shipped 15.8 million computers in the slow post-Christmas quarter. That would put it ahead of the global PC market leader, HP. Hewlett-Packard shipped about 15.3 million PCs in calendar Q1, according to Gartner Inc. On the strength of Macs alone, Apple still ranked 3rd in the U.S., said Gartner.

     

    3) Apple had $110 billion in cash at March 31st. That's enough to buy the 5 largest PC makers outright, and still have $13 billion left over.

     

     

    (And remember, for most of these companies, PCs are still only a fraction of their overall business. HP is probably the most extreme case - PCs only bring in about a fourth of its overall revenue.)

     

    4) Apple has sold 67 million iPads in the last 2 years. It took Apple 24 years to sell that many Macs. In other words, it took Apple 12x the time to sell as many computers as it did tablets.

     

    5) We can also estimate how many iPhones and iPod Touches that Apple has sold altogether in their nearly 5-year history. That's based on 4 things:

     

    - An Apple legal filing from March 2011, when it revealed it had sold 19 million iPads, 108 million iPhones and 60 million iPod Touches;

     

    - Apple's shipment breakdowns in the last 4 quarters;

     

    - CEO Tim Cook's statement Tuesday that Apple now had 365 million iOS mobile devices in use today;

    - CFO Peter Oppenheimer's statement that iPod Touches "continue" to make up slightly more than half of all iPod sales. I'll assume that they comprise about 56%.

     

    Based on that, I calculate that Apple has to date sold nearly 81 million iPod Touches and 218 million iPhones. See my table below (right-click to view and save):

     

     

    And here I am trying to do my best Asymco imitation:

     

     

    And finally...

     

    6) Apple now has 600,000 apps in its App Store (200,000 specifically for iPad). That's 4.5x greater than the number of PC software titles (128,959) in Amazon.com's software section, which includes Windows, Mac and Linux.

     

    -------------

     

    Advertisement for my Pals: My ex-IDG colleague Ian Lamont's new startup, Invantory, has released a free iPhone/iPad app of the same name for browsing Craigslist ads.

     

    Now, if you are savvier than me, you know that there are already multiple good Craigslist browsing apps out on the market.

     

    Invantory's hook? Taking a cue from photo-centric apps like Flipboard and Web sites like Pinterest, Invantory turns Craigslist searches from a text-centric experience to slick, pleasurable one akin to browsing a favorite catalog. See the screenshot below.

     

    Download it from the App Store here and rate it, too.

     

    As it was in 2011, mobile enterprise buffs will have an overflowing buffet of great content to choose from at this year's SAPPHIRE NOW conference in Orlando.

     

    Besides the app demos to check out at the Test Drive Tables, the customers and experts to interrogate and mingle with, there will be 143 talks, discussions and panels to attend.

     

     

    Most of the activity will take place at the Mobile Campus (last year's pictured above), with some scattered at other campuses such as Analytics, or Partner, or Database and Technology.

     

    If things are at all like last year, expect many of the mobile sessions to be standing room only. Take the microforums, which are discussions limited last year to 12 people max. Many microforums last year drew crowds of 50 or more people. One session about iPhones and  iPads in the enterprise even drew 100 attendees.

     

    This year, there will be 76 microforums. And seating will be doubled from 12 to 24 seats. But expect many of them to be just as crowded.  The moral of this story: don't procrastinate on pre-registering!

     

    That's how I spent the better part of Wednesday, building up My Agenda for May 14-16.  Besides the keynotes, what's on my can't miss list? Here they are, in no particular order:

     

    "Introducing the New SAP Mobile Platform." 7376 Last week, SAP Executive Board Member Vishal Sikka officially announced the fusion of the Sybase Unwired Platform with Sybase 365 m-commerce services together into the SAP Mobile Platform. Hear VP for mobile solutions and strategy Tony Kueh dive deeper into how this will help enterprise developers better build mobile marketing and commerce apps that target consumers and integrate with your internal SAP applications. And follow Tony @tonykueh on Twitter to get his thoughts before the show.

     

    "Mobile Commerce Services: 2012 and Beyond." 7538 Or if you already know SUP and want to learn more about Sybase 365, come and listen to Haridas Nair, SAP vice-president for mCommerce quiz two Sybase 365 customers, Dutch-Bangla Bank Ltd. and Citigroup Inc. The former is reaching 160 million Bangladeshis via Sybase 365's mBanking platform, while Citigroup is alerting its customers worldwide via SMS text messages.

     

    "Partner Mobile Apps for..." Various This is not one session, but ten different 20-minute demos, each presented by SAP partners with different specialties, including Analytics, Procurement and Supply Chain, Sales and Marketing, Workflow, Human Capital Management, etc. Check them out, all taking place continually in the Mobile Demo Theater.

     

    "Mobile Apps from SAP: Vision and Roadmap." 7434 SAP still hopes to build a software ecosystem in which 80% or more of the apps come from partners. At the same time, we're accelerating the pace of creating our own apps. Hear SAP VP, Mobile Global Center of Excellence, Vishy Gopalakrishnan tell you what's on SAP's app roadmap. As a partner/ISV, this will let you zig where SAP zags.

     

    "Gamification: Not Just for Kids." 8764 It's also for management consultants, like Deloitte CTO Mark White. With the Consumerization of IT, end  users increasingly get to choose their technology. Having gravitated towards slicker, sexier gear like iPads and MacBooks on the hardware side, expect them to favor easier-to-use, fun apps, too. For a preview of White's talk, check out Deloitte's paper on the most important technology trends of 2012.

     

    "Enabling Enterprise Mobility: The Impact of Consumer Technology." 7889 SAP CIO Oliver Bussmann, recently named European CIO of the Year, will share his experiences enabling BYOD and deploying 14,000+ iPads at SAP. He'll be joined by Georges-Edouard Dias, senior vice-president for   digital business at L'Oreal S.A., Wally Fisher, director for   implementation and readiness at Standard Bank South Africa, and Manish   Choksi, CIO of Asian Paints Ltd. They'll all no doubt have great things to share, too.

     

    "SAP Runs SAP: Bringing our Expertise in Mobile to Your Organization." 7890 To get more insight into how SAP balances the conflicting needs of delighting employees and securing them, hear SAP Americas Mike Golz. Golz will also speak on the similar-but-more-targeted panel called "BYOD: Managing  Personal Mobile Devices in  your Enterprise" along with watchmaker Fossil's VP  for IT, Mark Reynolds and  Pepperidge Farm IT director John Dutsar.

     

    "The Power of Mobile Analytics." 8767 There's nothing better than hearing directly from customers. Come and listen to T-Mobile USA and 3M be interviewed by SAP Mobile Analytics Marketing Head Mimi Spier on what SAP mobile analytic apps are doing for them.

     

    "Transforming Your Industry..." Various Ok, I know I'm cheating, but I just had to share about these 8 sessions, each showing how companies in different industries, ranging from banking to utilities to retail and more, are taking advantage of mobile apps. What's great is that each will be a Q&A between an SAP expert and an IT Director or CIO from a large enterprise user. I plan to catch Executive VP Chris McClain interview Peabody Energy on how its executives are taking advantage of tablet dashboards to track KPIs and react to them in real-time.

     

    "Real-Time Mobile Devices, Apps, and Expense Management." 8822 The latest Afaria 7.0 not only features a fresh new UI, but it also includes new Telecom Expense Management (TEM) features. Hear SAP product manager James Naftel explain them.

     

    "Innovating with Enterprise Mobility in..." Various This set of 28 microforums will be an opportunity for those in the same industry, be it transportation or life sciences or finance, to share their achievements or pain points. Each discussion will be led by a relevant SAP expert. I'm planning to check out the Consumer Products one.

    That startling statistic and prediction comes courtesy of Javelin Strategy & Research of Pleasanton, California.

     

    A boutique research firm known for its bank technology coverage, Javelin published a paid report today on tablets and their impact on mobile consumer banking. I was able to read the report and interview the primary author, Javelin research director Mary Monahan.

     

    Javelin's findings and predictions are based on two surveys of more than 5,000 consumers each last October and December.

     

    It found that among the 16 million U.S. tablet owners, 42% owned an Android tablet. While iPads still led (55%), the lead was far smaller than every other estimate I've seen. Forrester Research, for instance, found last September that the top 3 Android tablet makers at the time - Samsung, Motorola and Acer - combined held only 12% of the U.S. market.

     

     

    "Piece by piece, Android tablets have a pretty big share of the market," Monahan said.

     

    Because respondents could indicate if they owned more than one tablet, Javelin's total added up to 119%. Dividing 42 by 119, Android really had closer to 35% of the U.S. tablet market.

     

    (Here's my post with charts compiling other analyst forecasts for the global tablet market. And here's a list of large enterprise Android tablet deployments.)

     

    Of course, Amazon's Kindle Fire was not available when Forrester did its survey last September. According to Javelin, 10% of American adults had a Kindle Fire in December.

     

    Bolstered by the Kindle, Javelin predicts that Android will eventually overtake the iPad, though it doesn't say when.

     

    "For the future, Google Android is expected to continue to gain consumer market share at Apple's expense, until it takes the lead. While Android's gains have come at the expense of profits, price-cutting is an established platform strategy that has paid big dividends in the past. Although Apple is clearly the innovator, the sheer number of Google Android tablets, price ranges, and carriers will soon prove overwhelming," according to the report.

     

    Meanwhile, Windows tablets also held a surprisingly high 10% of the market as of December.

     

    For future purchases, iPads still lead (36%). Android, including the Kindle, ranked 2nd (27%), followed by perhaps surprising interest in Windows tablets (21%).

    Blackberry PlayBooks had 9%, but future interest among consumers was only 4%.

     

    Other interesting tablet statistics:

     

    -17% of U.S. mobile phone users, or 34 million Americans, will own a tablet by the end of the year.

    - Tablet adoption is forecast to grow at a CAGR of 40.3% to 40% of all U.S. smartphone users by 2016, or 87 million adults. That compares to Forrester's forecast of 112.5 million adults by 2016.

     

    Banks investing in new features

     

    Javelin, naturally, honed in how consumers are using tablets to bank.

     

    Due to its large screen, tablets are indeed becoming a popular way to bank, with 44% of tablet owners having banked via tablet or smartphone in the last 90 days.

     

    Mobile Web sites are more popular than banking apps today, says Monahan, though that could be a function of supply rather than demand. While about 90% of banks have apps for iOS or Android, only 4% have one optimized for Android tablets (as opposed to smaller smartphones), while only 20% had an iPad-specific app.

     

    As a result, consumers are still mostly using tablets to look up information on their accounts, rather than do transactions or pay bills, Monahan said.

    Monahan cited USAA, Bank of America and Citi as having created good mobile banking apps. This year, she expects larger banks to invest in new features such as remote deposit capture (depositing checks via tablet or smartphone) and inter-bank payments to other individuals, while smaller banks roll out their apps for the first time.

    Did you ever lay awake at night pondering why the expression is "knowledge is power," not "data is power"? Yeah, me neither. But then I started thinking about the press conference that SAP is holding tomorrow.

    As you might have read in the New York Times, Reuters, or Bloomberg, SAP (my employer) plans to announce some product news on Tuesday around mobile and data management software.

     

    It's a follow-up to our December announcement when we said we planned to become the no. 2 database vendor by 2015.

     

    Oracle CEO Larry Ellison thinks that we have to be "on drugs" to think we can play on its home turf.

     

    Note to Larry: SAP is already no. 4 in databases, on the strength of a trio of Sybase products: ASE, used in just about every Wall Street firm; the market-leading columnar database, Sybase IQ; and the quietly popular(and versatile) SQL Anywhere.

     

    And if you look at where data management is headed, SAP has already made other gains, and is poised to make even more.

     

    Some historical perspective. I started writing about technology in the mid-90s, during the tail end of the decade-long first Database War. Oracle was emerging as the top dog in a pack of vendors that included IBM, Ingres, Informix, Sybase and Microsoft (which was still licensing SQL Server from Sybase at that time).

     

    Powerful and huge, Oracle's relational database was the perfect technology for that era. Big muscles were in. High school jocks chewed steroids like candy. An ex-bodybuilder (Arnold Schwarzenegger) was the most famous man in the world.

     

     

    Challengers thought the way to beat Oracle was by getting bigger and stronger than it. So they all tried to prove they could store more rows of data or crunch transactions faster. As with bodybuilding and steroids, this fixation on performance led to artificially-enhanced benchmarks all around, which led to a distrust of benchmarks that lingers to this day.

     

    Also, this strategy didn't work. Take the last serious challenge to Oracle, the object-oriented database.Object-oriented, and, later, object-relational, databases were indeed more powerful at storing fast-emerging Web content such as videos, images etc.

     

    So object-oriented vendors nerdishly talked up their speeds and feeds advantages. Besides running headlong into the emerging cynicism about benchmarks, there were two other problems with that strategy. For all its hype, the Web was - and is - just a niche of the broader enterprise market. And object-oriented vendors failed to cater to "bread-and-butter traditional business-data processing applications where high performance, reliability, and scalability are crucial," former Informix CTO Michael Stonebraker said at the time. "Companies are justifiably loathe to scrap [relational] systems for a different technology, unless it offers a compelling business advantage, which has rarely been demonstrated by object-oriented databases."

     

    The Game has Changed

     

    This leads me back to my original question, why nobody says "Data is power."

     

    That's because raw numbers mean nothing. Numbers need to be sifted through, analyzed for patterns, applied to the right problems and displayed to the right level of detail for the viewer.

     

    Only then can we humans can glean knowledge useful for making intelligent decisions.

     

    This has always been true. But it's become critical in the last decade, now that we can gather billions or trillions of data points in a short amount of time.

     

    Here, SAP is already the leader. According to Gartner, SAP leads the $12.2 billion global Business Intelligence, analytic applications and enterprise performance management (EPM) market with 24% share, vs. Oracle's 15.6% share.

     

    The needs within data management are shifting, too, away from monolithic, over-built products towards efficient, focused solutions tailored for the problem to be solved.

     

    This parallels what's happened in popular culture. Gargantuan, oiled-up muscles seem stupid. What people care about is practical strength, such as a strong core, and lean, Bikram-toned torsos.

     

     

    Take T-Mobile, which wanted to create personalized deals for its 30 million American customers by mining data from store cash registers, text messages and call centers. Using the HANA in-memory database, T-Mobile was able to slash the time to create tailored customer offers to 3 hours from one week.

     

    That's a reduction of 98%. And it's a performance boost that a conventional relational database topped by an in-memory layer would be hard-pressed to achieve.

     

    Don't believe the FUD. HANA may be in-memory, but it "is a full, ACID-compliant database, and not just a cache or accelerator," says SAP Executive Board Member in charge of Technology, Vishal Sikka. "All the operations happen in memory, but every transaction is committed, stored, and persisted."

     

    Analysts like Richard Sherlund of Nomura Securities call HANA "not just a new database" but "a new secret sauce to be leveraged in important new ways."

     

    How? Because SAP's goal isn't just to deliver HANA to market, but to ensure HANA (as well as ASE and IQ) support all of SAP's key applications like Business Warehouse, BusinessObjects and its flagship ERP.

     

    That turns HANA into a "disruptive technology that can accelerate growth for SAP, differentiate the SAP ERP, BI and BW, and make the company's products stickier," says Bernstein Research's Mark Moerdler. He predicts HANA could be a $4.4 billion business by 2015 (it reaped 160 million euros ($212 million) in its first six months, well above its 100 million euro target).

     

    That may sound like a mighty target. At the same time, there are 110,000 companies that today run an Oracle database with an SAP application. HANA, or ASE, or IQ together provide multiple, potentially cheaper alternatives for each of those enterprises. In this way, we are avoiding the mistake our predecessors made.

     

    And SAP is going one further. We and our partners are building hundreds of mobile apps that deliver the right information to the right users at the right time in the right fashion (graphical dashboards that let users drill down with a swipe of a finger). Charite Berlin hospital is already equipping its doctors with a patient dashboard that pulls up real-time data using HANA.

     

    The world has changed. We are drowning in data. Is your current database the best choice for keeping you afloat? There might be a better choice. Without giving anything away about Tuesday, that's what SAP is delivering.

    Smartphones are vaunted for their ease of use. But that's precisely why they can be so vulnerable to hacking software, as Micro Systemation's XRY showed last us last Wednesday.

    The iPhone's default security passcode is a mere 4 digits. Four digits is incredibly weak - there are just 10,000 different combinations to try, which is nothing for a piece of software.

    Back in the 1980s, teenage phone phreakers of um, my acquaintance, hacked MCI and Sprint access codes in order to make free long-distance calls. All you had to do was set your Apple II+ on auto-dial overnight and voila! you'd have several codes by the next morning.

    This was despite the process being totally crude and slow. Rather than trying hundreds of codes per second, you could only try a single code per minute. And the codes were harder to hack. MCI codes were 5 digits long, while Sprint's were 8 digits, meaning there were 100,000 and 100 million combinations, respectively. Also, those codes were chosen for you. So you couldn't choose something obvious like  '0000', '1234', '1111' or any of the other codes your IT manager specifically warned you not to pick.

    So to summarize my nostalgia trip: 80s hacking software = weak. 80s passcodes = stronger. Ease of hacking = still easy.

    In light of that, of course today's smartphones are vulnerable.

    So it's surprising how many companies who should know better don't require their users to use any passcode at all.

    Jim Price is president of ICOMM Consulting Inc., which advises companies on mobile security (but does not resell any particular product). According to Price, about a third of ICOMM's corporate clients don't require PINs.

    "My guess is that the XRY news will make our clients say, 'Oh boy, we don't just need to use PINs, but we need to use more sophisticated ones,'" said Price.

    Bad User Experience = Good Security

    There are three main approaches that experts like Price suggest could help prevent or slow down an XRY-style attack.

    The tradeoff is the same. "The kludgier it is for the end user, the safer it usually is," Price said.

    The most secure approach is to deny XRY a chance to steal the data. This would require keeping all corporate data, or at least the confidential data, on the server. Employees would only be able to remotely access the content via software such as Citrix Receiver.

    Some law firms and other companies with "extreme" security needs are choosing this approach, said Price. But the downsides can be huge, depending on your point-of-view. You need to be connected, for one. And it can take a lot of time for those e-mails or files to be downloaded.

    "Citrix Receiver doesn't provide native experiences," Philippe Winthrop, founder of the Enterprise Mobility Forum, tweeted today during an #SAPChat. For mobile phones, "the more secure it is, the harder it is to use."

    Playing In the Sandbox

    Another approach is to use an application-level container or "sandbox" to store confidential data. Examples would be Good Technology's secure e-mail app, or Mocana, said Scott Snyder, President and Chief Strategy Officer for Mobiquity Inc., a mobile professional services provider. (Full disclosure: these applications along with Citrix Receiver compete with the Afaria MDM software from my employer, SAP).

    That app and its data is encrypted and can only be accessed by entering a strong PIN. While this does protect from the XRY hack, this, like the Citrix strategy, is inconvenient for users, who potentially have to re-type their PIN every few minutes when a new e-mail arrives.

    The last approach is using Mobile Device Management (MDM)  software.

    MDM software can harden against XRY-style attacks while creating the least extra hassle for users.

    First, "most of the MDM vendors (like Afaria, MobileIron, Airwatch) have  jailbreak detection software for iOS" said Snyder. Once a jailbreak attempt is detected, the MDM software can force the phone to delete all of its data before it is compromised.

    Second, MDM software can enforce longer, stronger passcodes than the 4-digit defaults. And it can also enforce a policy of automatically wiping or killing the device after too many attempts.

    Third, even if data is physically extracted from the iPhone, it may still be encrypted by the MDM software, rendering it essentially unreadable.

    "If something has 256-bit encryption, my belief is that  there are only a handful of people in the world who can hack into that," Price said. "Even 128-bit encryption is still pretty darn secure."

    For MDM software to be effective, however, IT administrators need to set aggressive 'data fading' policies that quickly kill the device upon tampering or after a period of non-communication. That's because a determined hacker will immediately put the phone into Airplane Mode, turning off all wireless communications.  This prevents the iPhone from being physically tracked via its GPS chip,  and the MDM software from communicating with the server.

    As a result, Mobiquity's Snyder, argues that a "belt and suspenders" approach is best, one that combines MDM with app level containers like Mocana will "ensure that sensitive data is protected from spillover or attacks.”

    But plenty of firms can get by with just MDM. Price's own firm, ICOMM, does.

    "We ourselves rejected the sandbox approach," he said. "Because of what we do, we don't need to go that far. So we use 4-digit codes. We can wipe a phone if it's lost. We're not as aggressive as some of our clients."

    **********

    Despite the Twitterverse being distracted by a rather dubious holiday, some of you logged into #SAPChat on Friday at noon ET to read EMF's Philippe Winthrop and I jibber-jabber about tablets, XRY, MDM, BYOD and other enterprise mobile issues. Below are excerpts from our discussion. Next time, try to join the discussion live!

    Q2: Mobile Device Management - Security

    SocialKev I've heard that you can hack into an iPhone in 120 seconds or less. What does this mean for enterprise mobility?#SAPChat -12:01 PM Mar 30th, 2012

    biz_mobility @ericylai would be interesting to see this be done with an iOS device that has been "protected" with a EMM solution #SAPChat -12:02 PM Mar 30th, 2012

    biz_mobility @SocialKev It's all the more reason to manage and secure devices #SAPChat -12:02 PM Mar 30th, 2012

    biz_mobility @SocialKev If anything, I think this is a great way to showcase the need for enterprise mobility management#SAPChat #FUD -12:03 PM Mar 30th, 2012

    ericylai I actually intvued two #MDM consultants yesterday, their advice on blocking #XRY was interesting #sapchat -12:04 PM Mar 30th, 2012

    biz_mobility I wonder if any of the "MDM" providers would be willing to try the test #SAPChat -12:05 PM Mar 30th, 2012

    ericylai One route: Don't keep any data locally, i.e. use Citrix Receiver for everything #sapchat -12:04 PM Mar 30th, 2012

    biz_mobility @ericylai but the Citrix receiver doesn't provide native experiences #SAPChat Apple doesn't like that -12:05 PM Mar 30th, 2012

    ericylai But, he admitted, that was the "kludgiest" method; the second was to use a second-level app sandbox/container, like Good Technology #sapchat -12:05 PM Mar 30th, 2012

    biz_mobility yes, however sandboxing does also have its pwos/cons #SAPChat -12:06 PM Mar 30th, 2012

    ericylai @biz_mobility - Exactly, it's the constant balance between usability and kludginess. The more secure it is, the more hassle #sapchat -12:07 PM Mar 30th, 2012
    biz_mobility the problem with sandboxing in general is that it becomes a religious debate #SAPChat -12:07 PM Mar 30th, 2012

    biz_mobility @ericylai often times, the more secure it is, the harder it is to use #SAPChat -12:07 PM Mar 30th, 2012

    bmkatz Guys it's not about necessarily sandboxing the app but more about protecting the data #sapchat -12:09 PM Mar 30th, 2012

    bmkatz If you protect the data through encryption etc, breaking the phone doesn't get you into the data - just the phone#sapchat -12:09 PM Mar 30th, 2012

    biz_mobility @bmkatz yes - this is why we need mobile information management solutions #SAPChat -12:10 PM Mar 30th, 2012

    ericylai @biz_mobility Exactly, which is why #MDM might hit the sweet spot, by blocking jailbreak attempts, enforcing 7-digit PINs, etc #sapchat -12:10 PM Mar 30th, 2012

    biz_mobility @ericylai yes - this is a classic example of why you need MDM #SAPChat -12:10 PM Mar 30th, 2012

    ericylai @bmkatz Agree - 256-bit encryption would take months to break, typically. #MDM can provide that #sapchat -12:11 PM Mar 30th, 2012

    biz_mobility but don't forget that MDM is just one component of what you need to manage mobility in the workplace#SAPChat -12:11 PM Mar 30th, 2012

    bmkatz Hang on folks - #MDM doesn't jailbreak attempts - it can detect when you've JB but not prevent it from happening#sapchat -12:11 PM Mar 30th, 2012

    biz_mobility @bmkatz actually MDM can't really detect 100% accurately a jailbroken device #SAPChat -12:12 PM Mar 30th, 2012

    biz_mobility @ericylai but are you talking MDM or mobile security here? #SAPChat -12:11 PM Mar 30th, 2012

    bmkatz @ericylai #MDM doesn't provide encryption & it's a misnomer to say it does except for a few cases, it enables enforcing encryption #SAPChat -12:12 PM Mar 30th, 2012

    biz_mobility So is remote wipe/lock part of MDM? #SAPChat I think not -12:12 PM Mar 30th, 2012

    bmkatz @biz_mobility #MDM in itself doesn't detect it - requires an agent on the device - which most do - and that's not foolproof #SAPChat -12:13 PM Mar 30th, 2012

    biz_mobility @bmkatz agreed - and don't forget Apple took out the API for detecting jailbroken devices #SAPChat -12:14 PM Mar 30th, 2012

    SocialKev @biz_mobility - which are the harder ones to use because of their high security? #SAPChat -12:08 PM Mar 30th, 2012

    biz_mobility @SocialKev Not even a question of which one is better #SAPChat -12:09 PM Mar 30th, 2012

    biz_mobility It's just typically, the more you secure things, the more annoying it becomes for the users #SAPChat -12:09 PM Mar 30th, 2012

    Q3: Google Tablets v. Ipad
    SocialKev So let's hear it.. will the Google #Nexus tablet be an iPad killer? Does it stand a chance? #SAPChat -12:14 PM Mar 30th, 2012

    bmkatz Better question is will Google really do a #nexus tablet or just brand one as the reference device like it did with the Xoom #sapchat -12:15 PM Mar 30th, 2012

    biz_mobility Does it stand a chance? Sure it does #SAPChat-12:15 PM Mar 30th, 2012

    biz_mobility What do you think would make it a killer?#SAPChat -12:15 PM Mar 30th, 2012

    ericylai @socialkev I'm not optimistic about the Nexus. $199 only matches the Kindle Fire, which is still a minority taste.#sapchat -12:15 PM Mar 30th, 2012

    biz_mobility iPad has a great app ecosystem right now#SAPChat -12:16 PM Mar 30th, 2012

    bmkatz Until Google actually treats #Android as a platform for anything other than search and advertizing - doubtful #sapchat-12:16 PM Mar 30th, 2012

    biz_mobility @bmkatz What does Google do that is not an extension of search? #SAPChat -12:16 PM Mar 30th, 2012

    ericylai @bmkatz You're saying the Nexus will be a rebranded Xoom? #sapchat -12:16 PM Mar 30th, 2012

    biz_mobility @ericylai It will certainly be interesting to see what happens with Motorola in the not too distant future#SAPChat -12:17 PM Mar 30th, 2012

    Q4: What makes an “Ipad Killer”
    biz_mobility @bmkatz What do you think is necessary to make an "iPad Killer" #SAPChat -12:18 PM Mar 30th, 2012

    bmkatz @ericylai I think it would be a mistake to do so but that's what they did last time, it may be an Asus tab but same idea #sapchat -12:20 PM Mar 30th, 2012

    ericylai @biz_mobility An iPad Killer? This sounds like something invented in the future by SkyNet... #sapchat -12:20 PM Mar 30th, 2012

    bmkatz @biz_mobility Google has to get serious about their ecosystem & they have to build the security APIs to make it work for the ent. #sapchat -12:21 PM Mar 30th, 2012

    bmkatz @biz_mobility The fact that 3LM and Samsung have competing stadards and APIs that aren't the same across the devices isn't good #sapchat -12:21 PM Mar 30th, 2012

    Q7: HCM & Mobility
    SAP_Jarret What benefits do #SAP HCM customers get paying for Sybase/Gateway that are not available in HR competitors free mobile offerings #SAPChat -12:20 PM Mar 30th, 2012

    biz_mobility @SAP_Jarret there's more than one way to skin a mobile enterprise application strategy cat #SAPChat -12:21 PM Mar 30th, 2012
    ericylai @SAP_Jarret I know you've got an opinion on this What do you think? #sapchat -12:22 PM Mar 30th, 201

    SAP_Jarret @ericylai I think #SAP needs to revisit their licensing model in order to stay competitive in the HR Technology space. #sapchat -12:25 PM Mar 30th, 2012

    ericylai @SAP_Jarret I think you and the other Mentors are being heard. If it were up to me...but it's not. #sapchat -12:28 PM Mar 30th, 2012

    biz_mobility @ericylai It's not your fault ;-) #SAPChat -12:28 PM Mar 30th, 2012

    bmkatz No #MDM is definitely a subset of #EMM 100% agree@biz_mobility #SAPChat -12:31 PM Mar 30th, 2012

    CitizenJulien @SAP_Jarret secure data transfer? #SAPChat -12:31 PM Mar 30th, 2012

    biz_mobility @AmberMobile I look at MDM as monitoring the "proper" function of the device- no more....no less. #SAPChat-12:31 PM Mar 30th, 2012

    bmkatz .@biz_mobility Since when is security not part of Device management - #sapchat -12:31 PM Mar 30th, 2012

    biz_mobility @bmkatz security is about security #SAPChat#captainobvious -12:31 PM Mar 30th, 2012

    bmkatz @biz_mobility @AmberMobile Me thinks you have confused management with monitoring there #chiefobvious#SAPChat -12:32 PM Mar 30th, 2012

    Q8: Wipe & Lock Security

    Why not? Pretty necessary component. "@biz_mobility: So is remote wipe/lock part of MDM? #SAPChat I think not"

    biz_mobility @AmberMobile It's a question of taxonomy#SAPChat -12:21 PM Mar 30th, 2012

    biz_mobility @AmberMobile No question that remote wipe/lock is critical - but it's NOT part of MDM #SAPChat -12:22 PM Mar 30th, 2012

    bmkatz @biz_mobility @AmberMobile He's getting at that its part of #EMM not #MDM although he's wrong - both are device mgmt pieces #SAPChat -12:23 PM Mar 30th, 2012

    biz_mobility @bmkatz Since when am I wrong? Wipe and Lock is security #SAPChat -12:23 PM Mar 30th, 2012

    biz_mobility @bmkatz and how is EMM part of MDM? #SAPChat-12:24 PM Mar 30th, 2012

    ericylai @biz_mobility 63.5 mln iPads sold this year is the consensus. High/low? #sapchat -12:25 PM Mar 30th, 2012

    biz_mobility @ericylai I hate estimates in the mobile world because things can change on a dime #SAPChat -12:25 PM Mar 30th, 2012

    biz_mobility @ericylai it's like when all those smart analysts estimated that Symbian would have 20% market share in 2015#SAPChat -12:26 PM Mar 30th, 2012

    ericylai @biz_mobility Were you one of those smart analysts, when you were at Strategy Analytics? #sapchat -12:27 PM Mar 30th, 2012

    biz_mobility RT @ericylai: @biz_mobility Were you one of those smart analysts, when you were at Strategy Analytics? :)#sapchat <-- most definitely not -12:27 PM Mar 30th, 2012

    Q9: Corporate Owned Personally Enabled
    ericylai @biz_mobility Hey, Acronym Man what do you mean by COPEing with BYOD? #sapchat -12:32 PM Mar 30th, 2012

    biz_mobility @ericylai It's my new favorite thing - Corporate Owned Personally Enabled #SAPChat -12:32 PM Mar 30th, 20

    biz_mobility COPE cures many of the issues around BYOD IMO#SAPChat -12:33 PM Mar 30th, 2012

    biz_mobility and in fact, it is all about the consumerization of IT #SAPChat -12:33 PM Mar 30th, 2012

    ericylai Corporate-Owned, Personally-Enabled? But I thought the whole point was to JediMindTrick workers into buying themselves? #sapchat -12:33 PM Mar 30th, 2012

    biz_mobility @ericylai too bad the companies keep on giving the employees money to buy the devices #SAPChat -12:34 PM Mar 30th, 2012

    ericylai @biz_mobility So bold, so bold. As worker, I personally love the idea of COPE, but I'm not sure my company accountant does #sapchat -12:37 PM Mar 30th, 2012

    biz_mobility RT @KmkMiller: @biz_mobility COPE is TEM problematic. <--- how so??? #SAPChat -12:37 PM Mar 30th, 2012

    Q10: Tablets in General
    bmkatz So - I thought this was chat about Tablets... #sapchat-12:33 PM Mar 30th, 2012

    bmkatz Are we going to spend any time talking about tablets?#sapchat -12:41 PM Mar 30th, 2012

    ericylai @bmkatz Let's talk Phablets! I hear that Galaxy Note is doing well. I'm actually tempted. I think it's Return of the SuperPhone! #sapchat -12:42 PM Mar 30th, 2012

    bmkatz So other than the i Pad what is everyone's second favorite tablet? #sapchat -12:43 PM Mar 30th, 2012

    bmkatz @ericylai But i can't deal with it unless you have a headset - reminds me of the moto bricks, plus I have small hands #sapchat -12:43 PM Mar 30th, 2012

    ericylai @bmkatz All I'm saying is that my pockets are big enough for Galaxy Note. And I'm fearless enough to clip on to my belt. I said it. #sapchat -12:44 PM Mar 30th, 2012

    biz_mobility @bmkatz which tablets can do "true" voice?#SAPChat -12:44 PM Mar 30th, 2012

    bmkatz @biz_mobility True voice versus VOIP? #sapchat -12:45 PM Mar 30th, 2012

    bmkatz .@biz_mobility Other than the Note I can't think of any except for maybe the dead touchpad... #sapchat -12:46 PM Mar 30th, 2012

    biz_mobility @bmkatz could the touchpad do voice? #SAPChat-12:46 PM Mar 30th, 2012

    ericylai @bmkatz What is true voice? Is this as opposed to robot Cylon voice? #sapchat -12:46 PM Mar 30th, 2012

    bmkatz @ericylai Ahh - so you are one of those who has the utility belt...device from each loop...LOL #sapchat -12:46 PM Mar 30th, 2012

    ericylai @bmkatz You know, fanny packs are back in. So are nerds. #sapchat -12:47 PM Mar 30th, 2012

    bmkatz @ericylai Nerds never went out.... #sapchat -12:48 PM Mar 30th, 2012

    biz_mobility @bmkatz @ericylai is the batman of mobility#SAPChat -12:47 PM Mar 30th, 2012

    ericylai @biz_mobility That makes you Robin. Leapin' Lizards!#sapchat -12:49 PM Mar 30th, 2012

    William_Newman @bmkatz I am a #Motoogle person for second device m'self #SAPChat > good app marketplace -12:45 PM Mar 30th, 2012

    bmkatz @William_Newman Which one do you have the original Xoom or the Xyboard (marketing person didn't think that name up) #SAPChat -12:47 PM Mar 30th, 2012

    bmkatz @biz_mobility I think it pulled a blackberry thing and routed through the Pre but have to check - I do have one#sapchat -12:47 PM Mar 30th, 2012

    biz_mobility @bmkatz i do think however that unified communications on a tablet is pretty cool #SAPChat -12:48 PM Mar 30th, 2012

    ericylai @William_Newman What's on your mind, tablet-wise?#sapchat -12:35 PM Mar 30th, 2012

    Q12: Bring Your Own Device - Is it a fad?

    biz_mobility @ericylai the more I think about it, the more I think BYOD is a fad #SAPChat -12:34 PM Mar 30th, 2012

    ericylai @biz_mobility "BYOD is a fad". I'm going to broadcast this everywhere that bigtime analyst Philippe W thinks BYOD is OVER #sapchat -12:35 PM Mar 30th, 2012

    SocialKev @biz_mobility what makes BYOD a fad? #SAPChat-12:36 PM Mar 30th, 2012

    William_Newman Most #BYOD programs offer a stipend - based on level - to fund devices, much like old PC entry program of yore #SAPChat -12:36 PM Mar 30th, 2012

    biz_mobility @William_Newman Not sure why you should provide a stipend on BYOD #SAPChat -12:37 PM Mar 30th, 2012

    biz_mobility kinda defeats the purpose IMO#SAPChat -12:37 PM Mar 30th, 2012

    bmkatz "#BYOD isn't a fad" it's just being used incorrectly when what most people mean is #Coit #SAPChat -12:37 PM Mar 30th, 2012

    William_Newman @biz_mobility usually it's to give employees an oppty to get to the app market, it's a perk fer sure and usually at the M-/D-levels #SAPchat -12:38 PM Mar 30th, 2012

    biz_mobility @William_Newman mobility should be for all employees! #SAPChat #FTW -12:39 PM Mar 30th, 2012

    bmkatz If company is paying for part or all of device it isn't#BYOD - it is #cope #sapchat -12:40 PM Mar 30th, 2012

    biz_mobility If you want to learn more about COPE, you can find out more here http://t.co/MdM9gEno and herehttp://t.co/3K3zInRP #SAPChat -12:40 PM Mar 30th, 2012

    William_Newman @biz_mobility agreed, but you have the zots w/ dots and the zots w/ nots. Can't change that. #DrSeuss#SAPChat -12:41 PM Mar 30th, 2012

    Q15: Tablet v. Tablet
    ericylai @biz_mobility Hey, I heard you wrote something cool on http://t.co/PhVdbyzg about Good Will Hunting today. Please share! #sapchat -12:49 PM Mar 30th, 2012

    The_EMF_dot_org Confused About BYOD? It’s Not Your Faulthttp://t.co/0ejjvGnw #SAPChat -12:50 PM Mar 30th, 2012

    bmkatz .@William_Newman For tablets you think #google has a good app marketplace - really? haven't found it useful on mine... #sapchat -12:50 PM Mar 30th, 2012

    William_Newman @bmkatz didn't say they all worked but usually what you can find on #iTunes you can also find on#MoToogle #SAPChat -12:52 PM Mar 30th, 2012

    bmkatz @William_Newman Did you see the recent article comparing tablet apps on iOS vs Android - food for thought#sapchat -12:53 PM Mar 30th, 2012

    William_Newman @bmkatz so like running barefoot? #SAPChat-12:53 PM Mar 30th, 2012

    biz_mobility @bmkatz can you share the link? #SAPChat -12:53 PM Mar 30th, 2012

    bmkatz Article from @saschasegan - The iPad Wins Because Android Tablet Apps Suck: An Illustrated Guidehttp://t.co/HKwcVUlB #SAPChat -12:54 PM Mar 30th, 2012

    ericylai @bmkatz What if I like my apps sorta raw, unrefined?#sapchat -12:56 PM Mar 30th, 2012

    Q16: EMM v. BYOD
    Colin_Best @biz_mobility Does EMM not make BYOD irrelevant?#SAPChat -12:54 PM Mar 30th, 2012

    biz_mobility @Colin_Best BYOD, COPE, StayPuff Marshmallow Man....you always need enterprise mobility management#SAPChat -12:55 PM Mar 30th, 2012

    bmkatz My thoughts on BYOD and why it doesn't really matterhttp://t.co/UndNxhiF #sapchat -12:55 PM Mar 30th, 2012

    bmkatz #EMM doesn't solve issues with #BYOD and privacy etc… > RT @Colin_Best: @biz_mobility Does EMM not make BYOD irrelevant? #SAPChat -12:57 PM Mar 30th, 2012

    VirtualTal “@bmkatz: My thoughts on BYOD and why it doesn't really matter http://t.co/eWKk4pC8 #sapchat < exactly. it's not a "policy", it's a fact. -12:57 PM Mar 30th, 2012

    biz_mobility @bmkatz let's agree to disagree my friend#SAPChat -12:58 PM Mar 30th, 2012