No, the iPad is not a larger iPhone. Multitouch tablets need to be embraced for what they are: an entirely new kind of mobile computing platform that requires an entirely new user experience. Designing a user interface that looks and feels like a browser is not going to attract users.

 Failure to understand this point may help keep Apple in the lead with its iOS-based iPad. Samsung recently introduced the Galaxy Tab, a Google Android-based tablet to compete against the iPad. While there are many good things to say about the Galaxy Tab, one particular issue stands out. According to David Pogue of The New York Times, “When you [use the Galaxy Tab] to visit sites like nytimes.com, CNBC.com and Amazon.com, the Galaxy’s browser shows the stripped-down, mobile versions of those sites. According to Samsung, there’s no way to turn that feature off and no way to visit the full-size sites.”

 In other words, the Galaxy Tab is still considered an Android smartphone, just larger. Google has not yet evangelized the idea that Android tablets are different. In fact, most of the 100,000+ Android apps are designed for a phone-size screen, not a tablet — which is the same problem Apple had when it introduced the iPad. Like the iPad with iPhone apps, the Tab displays these small-screen Android apps in the center of the display, or scales them up to show large, ugly pixels.

 This points out a major difference in Apple’s approach as compared to Google. Apple encourages developers to realize that the iPad is not an iPhone, while Google hasn’t done this yet with Android developers. Apple even modified its software development kit to make it easier to develop iPad-specific versions as well as “universal” apps that can run on both the iPad and iPhone but with different display interfaces.

 The iPad is not just a large iPhone — its larger display and unique multitouch functions make it a fundamentally different user experience. Developers can’t expect to be successful with a quick port of an existing iPhone app to the iPad. While you still use the same iPhone-like gestures and many of the same features, the larger display poses a problem for iPhone app developers. Taking an iPhone or Android app design and porting it to an iPad or Android tablet is somewhat like taking luxury furniture designed for a small Japanese apartment and installing it in a spacious New York 2-floor townhouse. What do you do with all the extra space? And how do you account for different ways to navigate the space?

 The iPad’s browser is a full-page experience, and this also poses a problem for developers — how do you make a paid app that is compelling enough and really adds more value than just using the iPad’s browser for free? And how do you design an iPad or Android tablet app so that it doesn’t end up looking like just another Web page?

 When we started developing apps for the iPhone three years ago, we designed them for the size and resolution of the iPhone’s display. When Apple introduced the iPhone 4, with its Retina display that offers a stunning 960-x-640-pixel resolution at 326 pixels per inch (so many pixels that the human eye can’t distinguish individual ones), we changed the way we designed our apps — we could no longer design for one particular display size and resolution. Now, the iPad’s larger display changes everything; the metaphor for presenting content can be much different and far more compelling than an iPhone app. (I will go into this topic further in a future post.)

 For great ideas, take a look at well-designed iPad consumer apps such as Flipboard, the Mexican newspaper Reforma, PS Express from Adobe, and of course Apple’s Numbers and Calendar apps. But even among Apple’s apps you can find ones that could use some enhancements, such as Mail and Photos, which poorly utilize the display space. What you don’t want to do is use these fantastic app resources to create just another Web browser experience with some cool transitions — like the Victoria’s Secrets app, which has appeal to those who want to see those beautiful models and clothes, but is really no better than using the browser.

By Lionel C Carrasco, Founder and CEO leapfactor

Identity and Device Portability: Security and Mobile Apps Pt.3/3

 Many businesses dictate a standard computing platform on which to maintain security and compliance, but that kind of standardization doesn’t work as well for smartphones and tablets. IT may not even know what devices employees are using, or for what purpose — to say nothing about how secure they are. IT would be able to control devices as long as the enterprise pays the bills. But can IT control devices that employees, partners and customers own?

 If a mobile app is to be really secure, the “identity” of a user’s mobile device is part of the entire identification for authentication. But as I mentioned in Part 2[1], what happens when the users switches to another mobile device, such as a RIM BlackBerry to a Droid or iPhone? Does IT reach out and disable the first device? And what happens if the employee adds another device, such as an iPad for an iPhone user? Secure Sockets Layer (SSL) is irrelevant for these issues.

 Imagine several use cases in the heavily regulated healthcare field:

 •   A doctor discards his or her BlackBerry for a Droid, but uses similar (or even the same) apps. How does the hospital’s IT department manage the switch — detaching the doctor’s identity from the BlackBerry and attaching it to the Droid? How do they know he or she is the same doctor?

•   In a hospital, nurses retrieve iPads from a stack of 15 on a first come, first serve basis. They pick them up and identify themselves in order to use them. A nurse may put one down while it is still authenticated for that nurse’s identity; the next nurse to pick it up must replace this identity with another one.

 The processes related to handling identity is challenging enough with just a transition from one device to another; it’s a lot more challenging to support these transitions and support additional devices for each identity. Being able to effectively support and manage multiple platforms is crucial for any organization that wants an effective mobile strategy. To maintain security, compliance with government regulations, and high productivity, enterprises need apps that provide a higher level of authentication, user profile management, and tracking of granular transactions. Users will want to take their identities (which include their profiles, transaction histories, and data files) from one device to another, and expand the number of devices they use.

 To enforce security and compliance, enterprises will have to consider managing user profiles that work across multiple apps and platforms and handle the complexity of switching users back and forth from one device to another. This is one reason why enterprises should look at a mobile app solution that mediates between backend systems and consumer-like apps deployed on any of a number of devices — a service-processing component responsible for authentication and profile management that establishes trusted relationships between mobile users and the enterprise.

 Being secure doesn’t mean compromising the mobile user’s experience, responsiveness, and off-line support. To summarize, enterprises can mitigate the risks of providing sensitive information to mobile employees as follows:

 •   Enterprises can actually improve regulatory compliance, rather than risk more privacy breaches involving mobile devices, by creating simpler mobile apps matched to user roles that can also track information access. If organizations take the time to segment data and workflows by user role, rather than treating all data the same, they can make effective use of mobile apps and cloud computing, as well as properly audited services.

•   Enterprises need to go beyond SSL and channel security and look at encrypting messages, so that the information is secure even with a breach of channel security.

•   Enterprises need a solution that helps them manage user profiles across multiple apps and platforms and handles the complexity of switching users back and forth from one device to another.

 On that last point, managing user profiles can be coupled with single sign-on (SSO) to minimize the confusion of logging in multiple times to apps on the same or separate devices. A single login eliminates the headache of expecting users to memorize multiple passwords. I will discuss this in a future post. 

By Lionel C Carrasco, Founder and CEO leapfactor 

If a mobile app platform vendor or app publisher boasts about SSL (Secure Sockets Layer) encryption, I say, so what? While securing the communications channel is important — and that feature gives RIM’s BlackBerry an edge over the competition (see “Best Smartphone for IT” and “iPhone vs. BlackBerry”) — it is only part of the whole security picture.

 Enterprises can’t rely on just securing the channel to mobile devices. To scale up, enterprises need to deploy more servers that have to be synchronized with the sessions. The BlackBerry gives enterprise IT the ability to remotely provision, configure, and restore devices, and even wipe their contents; however, this flexibility adds to its complexity. Administrators can make detailed solutions, but they can take a long time to implement. Besides, all employees need to use BlackBerry devices. This approach doesn’t take into consideration the consumerization of the enterprise trend that shows that employees want to continue to use their own mobile devices — which they already use to shop, check movie listings, and do banking — to help them also manage their work or business.

 Many employees already use an iPhone or Android device with mobile apps. Some want to switch to an iPhone for device consolidation — they don’t want to lug around two devices (a BlackBerry and an iPod for music during the commute hours). The security of an iPhone is good but not as IT-oriented as the BlackBerry. The configuration tools are intuitive, but Apple lacks a granular way of controlling applications, and — more importantly — the ability to remotely provision, configure, audit and enforce devices. Still, the iPhone does now support for VPN and authentication, and it’s just a matter of time before the iPhone (and Android) will provide security capabilities that are comparable or better than the BlackBerry at the operating system level.

 A bigger problem, assuming the security infrastructure is in place (with encrypted channels and authentication), is how to implement apps that are more secure, and more importantly, secure across mobile platforms. This is why enterprises need to go beyond channel security and look at encrypting the messages that are sent back and forth (which is an important component of the security provided in LeapAgents). With every message encrypted, the information is more secure even with a breach of channel security.

 App developers already have to deal with multiple security platforms. Will developers need to take control with single sign-on for authentication? There are things developers can do to authenticate the user and control the life of the data on the device. Bu what if a user wants to use a Droid, and then switch to a BlackBerry or an iPhone? Developers need to build apps that provide a higher level of authentication and user profile management. Users will want to take their “identity” from one device to another. To enforce security, enterprises will have to consider managing the profile of the user — a single profile across multiple apps and platforms — and handle the complexity of switching users back and forth from one device to another. And that is the topic of my next blog post (part 3).

 Regulations for protecting customer and patient information differ from country to country, but breaches are not only embarrassing to an enterprise but are also costly in regulatory fines ($1 million per violation per day is not unheard of). In the U.S. alone, regulations such as Gramm-Leach-Bliley Act (GLBA), Healthcare Information Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), the Payment Card Industry (PCI) Data Security Standard (DSS), and others from the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC), can be costly to breach. Lost revenue from reduced customer confidence and the price of rebuilding a damaged brand are often incalculable and can be insurmountable.

 Secure communications, encryption, employee education — all these things can help mitigate the risks of providing sensitive information to employees who need it to be productive. Although some encryption products address the issue of protecting data on particular devices or for particular users, it fails to incorporate the full security landscape. In your typical heterogeneous environment, plugging one gap just leaves all the others wide open, such as email and document attachments. What stops an employee from using a smart phone to forward sensitive email to a personal account? And once the content is in the device, what stops someone from saving it in a separate folder or copying it to another computer?

 Realistically, employees often need to access sensitive data from their mobile devices. And, even with policies and secure systems in place, some careless or rushed employees may circumvent the policies and store data on their mobile devices that should not reside there. We must acknowledge the reality that mobile devices are not as easy to control as desktops and laptops (which were never easy to control, either).

 However, it is possible with the right approach to create safe mobile apps that can be compliant with regulatory mandates. The infrastructure that connects a mobile app to the enterprise backend system can record all events that happen with app and trace all actions with the information. It is possible to always know who has access to the information, and who did what with the information. The infrastructure can leverage the role-based processes and directory services of backend systems to manage access to the information.

 When information workers need actionable data in a mobile device, it doesn’t mean they need access to an entire system that exposes sensitive data. They need finite information in context, suited to their role, in order to make informed decisions on the go, to move on relevant information, and to collaborate in real time. If organizations take the time to segment data and workflows by user role, rather than treating all data the same, they can make effective use of mobile apps and cloud computing with properly audited services.

 If you are into mobile enterprise you may want to take security and compliance very seriously. Mobile app infrastructure must keep a record of every single transaction, and everything should be 100 percent traceable. Administrators should even be able to pull a “Mission Impossible” and destroy complete device content remotely. Enforcing compliance with regulations doesn’t have to mean locking up all the data and compromising the employee’s productivity. We shall be able to so secure apps and still be able to use apps stores to download apps.

 By Lionel C Carrasco, Founder and CEO leapfactor 

In my last post, I asked whether HTML 5 would trap the enterprise workforce in a mobile browser, and require enterprises to install and maintain heavy middleware server solutions to support offline productivity and workflows.

Last week I watched the discussion on Native vs. Web apps at Mobilize 2010 and learn that I’m not alone on my thoughts, basically the only guy who insisted on the idea of HTML making native apps an anachronism was Michael Mullany, vice president of products and marketing for Sencha. I felt much more in sync with the rest of the panel, specially Adam Blum, CEO of Rhomobile.

Businesses looking for cross-platform mobile business solutions often turn first to browser-based solutions such as HTML 5, because a mobile browser represents the lowest common denominator among different mobile devices with different operating systems. But this can be exactly the wrong approach. Productivity in a browser really depends on constant connectivity, and in the real world data connections can be fleeting. Even when the connection is good, mobile browsers provide only limited controls and workflow functionality compared to dedicated apps. If offline support is limited to 5MB, HTML 5 applications that provide it will be more complex to develop than native apps. Servers can be installed and maintained to help remedy the usability problems inherent in mobile browsers, but even the best and most expensive server software can’t turn a mobile browser into a business tool as powerful as a custom mobile app. If the user has to scroll through lots of menus or figure out how the application works, its value drops off exponentially with the amount of time it takes to get to where the user needs to be.

What will it mean for IT teams to instead build dozens of apps for customers, employees and business partners? The challenge for enterprises that decide to go with native apps is to manage the complexity of too many uses cases, and too many devices to manage. Enterprises need simpler, task-oriented apps, and if they need to support multiple platforms they can use tools like Appcelerator. While native apps require a set of tools and programming skills for each platform, the cost of Objective-C and Java programming is going down, and talent for creating apps for the iPhone, iPad, Android, and RIM devices is fast becoming a commodity. Cloud computing and online distribution through “app stores” can eliminate the need for a costly mobile app infrastructure.

Will software companies like Intuit embrace HTML apps and throw away native ones? And will individual developers leverage HTML 5 portability?

Software companies will most likely continue to devote resources to native apps. The ones betting on HTML 5 will do so because they need to leverage their HTML and Flash design skills and content. Enterprises and design agencies that deal in content and use Flash will want to go with HTML 5 because content designers know it and can work with it. But developers with programming skills will want to go native because it offers more power to use the device’s camera, accelerometer, or notifications, or provide an experience that is really cool and unlike any other. Consulting firms will want to go native because they can generate more consulting hours around development projects. The smartest enterprises, developers, and consultants will remain agnostic, and use whatever is appropriate for the use case -- and even develop hybrid solutions to make the best of both worlds.

Users won’t care one way or another -- they simply want to easily and seamlessly connect to the information they need, or to the task they want to do.  Wireless carriers like AT&T make impossible for HTML5 to really provide a killer user experience, but that would change over the next two years with LTE adoption

 By Lionel C Carrasco, Founder and CEO leapfactor

I was wrong about the iPad’s adoption in the enterprise. I knew it was an excellent consumer device, but I thought it would have little if any impact on enterprise software. Executives are also consumers — very affluent consumers — and I had no doubt that they would run to an Apple Store to get their iPads. But I still thought in terms of volume: there would be a few iPads in the enterprise, but a lot more iPhones. I was committed to developing for the iPhone, which has had a remarkable impact on enterprises.

But the enterprise adoption rate of the iPad in its first few weeks, as compared to the adoption of the iPhone, is far higher. Executives are buying iPads in droves. They are acting like consumers and corporate users at the same time — a trend known as the consumerization of the enterprise.  And executives are decision-makers that can accelerate mobile device adoption across the enterprise.

Companies have often imposed policies against consumer-oriented technologies to keep data secure and prevent any serious impact on internal computing systems. But executives have the power and position to simply say, “buy one,” and perhaps even “buy 100 for the staff.” At first it seemed crazy that something so new as the iPad would become such an object of desire for executives that they would use their own credit cards to get them. 

In “Businesses Add iPads to Their Briefcases” (The Wall St. Journal), Ben Worthen reports that businesses are behaving differently with the iPad, in large part because the new device is starting out as more of a known quantity from a technical standpoint. With list prices ranging from $499 to $829, iPads are less expensive than laptops. Morgan Stanley’s Katy Huberty just issued a report graphing the damage done to the notebook PC market over the past eight or nine months by what she calls “tablet cannibalization” by the iPad.

However, the iPad is not just beating laptops on price. One major lesson I learned is that the iPad also has a distinct advantage over laptops for certain tasks, such as giving presentations, or working directly with customers. According to the Wall St. Journal report cited above, Mercedes-Benz Financial uses iPads to begin the credit-application process while customers are standing near a vehicle. Doctors and nurses at hospitals are beginning to use iPads to view X-rays and CT scans and read medical records while standing next to the patient.

Some of our customers have told us that their executives have already provided iPads to their managers, and this led me to another lesson. Unlike the iPhone, where the availability of apps drove the purchase decision, the adoption of the iPad is accelerating before apps are considered. The executives are attracted to the iPad itself; after buying it, they need apps to justify its purchase. While in conversation with the vice-president of enterprise sales at a major bank in Brazil, he said he was thinking of giving an iPad to everyone in the sales force. The attraction is to the device itself, because using an iPad with a customer to interact with information is a lot more engaging and cool, and helps sales people close faster.

The most important lesson we learned is not to underestimate the power of a new user interface that people consider to be fun as well as useful. A device such as the iPad, which is powerful enough to change a consumer’s personal style in reading, shopping, browsing the Internet, and communicating with others, can also be powerful enough to change the work habits of executives in the boardroom. 

Lionel C Carrasco, Founder and CEO at Leapfactor

No so long ago I had dinner with Zia Yusuf, formerly Executive Vice President at SAP AG (where he led the Global Ecosystem and Partner Group) and now President & CEO at Streetline, Inc. Zia writes an engaging blog titled The Right Question. Over the years, Zia has learned that it is far more important in your personal and professional life to be able to ask the right question (preferably at the right time) than to be always ready with what you think is the right answer.

I wanted to ask the right question about what drives the return-on-investment in enterprise mobility. I already believe that widespread adoption of enterprise mobility is essential for success, but widespread adoption won’t happen with a costly and complex MEAP approach. The consumerization of the enterprise trend shows that enterprise employees never stop behaving as consumers, even when they need to work. And people are adopting consumer apps in ever larger numbers — a recent Juniper Research study (as reported in TechCrunch) expects app downloads to rise to more than 25 billion in 2015. Even on the iPad, the most popular paid app is Friendly-Facebook Browser — people prefer to pay for the app rather than use the iPad’s free Safari browser to go to Facebook’s site. And couch potatoes are paying $29.99 for the SlingPlayer Mobile app just to control their TVs and DVRs from their iPhones.

So the right question turned out to be, “What is driving mobile app adoption?” Since this turned out to be the right question, Zia came up with what I think is the right answer: “Choosing to download apps is a lifestyle decision. People like to adopt a new lifestyle that changes the way they live and work.”

I agree. For younger generations, the decision to use iPhone, Android, or other mobile apps for work and play is not so much a matter of convenience, or fondness for the technical design of these devices. It is the positive effect apps have on their lives — the immediacy of sharing and communicating with others, the exhilaration of being fashionable with the coolest apps, and the real-time control they feel when they use these apps.

Many of us from older generations saw the wonder of the Internet and still think in terms of using a browser, and when we order products from e-commerce sites, we still pull out our credit cards and type in the numbers. Newer generations born with the Internet assume they are already connected; they use apps more than the browser, and they find credit cards inconvenient — they are used to simply clicking to pay for things. Apps make them far more powerful in their daily lives, and they are hungry for apps that can positively affect their lives and their work. Apps that are not cool, or don’t really have much of an effect on their lives, are mostly ignored.

The implication for business is that widespread adoption of mobile apps depends mostly on how fun they are to use, and how powerful they make people feel, as well as how efficient they are in getting work done. I believe Zia would agree, as he points out in “Your ‘Experiencing Self’ vs. Your ‘Remembering Self’ and the Implications for Software Design” on his blog: “I think that we in the technology industry — especially the enterprise software industry — have forgotten how important it is for users to be happy when using our software products.”

Lionel C Carrasco Founder and CEO at Leapfactor