Getting Insights on IOT : Internet Of Things

Introduction

The Internet of Things can transform almost every industry to change the way one lives and works. Organizations across industries face challenges to form infrastructures that meet the changing requirements of data management, scalability, regulations, and are highly safe and practical. Software development companies are taking special initiatives to adopt IOT platform.

IOT tailors solutions for various industries such as manufacturing, healthcare, travel, utilities, and mining. It plays a very crucial role in development of Smart cities.

Internet of Things : IoT

(Microsoft, 2016) defines IoT as: The IoT, Internet of Things, starts with organization’s things, the things that matter utmost to their business. IoT is all about making the things and the ways the data comes together in new ways. Tap into data and uncover actionable intelligence. And modernize how to do the business. This is what Internet of Things is all about.

As per (WIPRO), following are the key differentiators that IoT platform offers :

• Pay As You Grow with innovative as well as flexible service models
• Experiment and Refine Your Strategy
• Reduce Your costs with the rich streamlining and optimization expertise
• Accelerated Time to Market using proven, ready to use tools
• Ability to support a wide variety of devices through multiple communication channels

Steps to start with your own IoT Solution

(HCL) summarizes the implementation if IoT for any organization in following few steps :

Connect and scale with efficiency

Connect any asset that’s important to your organization— with confidence – from robotics to various low-power devices, across any platform or operating system.

Easily scale from a few devices to a few million.

Analyze and act on untouched data

Capture alarms and alerts from all of your connected assets spread around the world. Identify issues before they become operational problems.

Take advantage of advanced analytics and machine learning to increase reliability and availability of your processes. Decrease costly outages and expensive repairs with prescriptive maintenance. And, take pre-emptive actions instead of understanding just the “what” and “why” behind a prediction.

Visualize what’s important

Create rich reports and dashboards to show anything from high level performance KPIs to the details of an individual asset. Customizing visualization so the right people have access to the metrics that matter to them, updated in real-time.

Accessing data and reports from any device, anywhere; and publish reports to your organization.

Integrate with your business processes

Automate formerly manual processes by integrating IoT data with your existing business systems such as CRM, ERP, and supply SCM.

For example, if a product goes down at a customer site, a service ticket will auto-generate in CRM, from which numerous courses of actions can be assigned, such as notifying technician to fix problems, diverting the product, or shipping a replacement for your customer.

Conclusion

While the subject of IoT is broad and incorporates many trends and new technology developments, Software development companies in India are keeping pace with the global market by adopting IoT platform. It becomes essential for organizations to cope with and also handle Big Data in a cost-effective way. IoT platform helps operator and enterprise customers to capture value from business. It also demands to create massive amount of devices, sensors and connections and on other hand it will create enormous business value.

Bibliography

HCL. (n.d.). Internet of Things (IoT) Platform. Retrieved 04 27, 2016, from IoT Works: http://www.hcltech.com/Internet-of-Things-IoT/

Microsoft. (2016). What is the Internet of Things. Retrieved 04 27, 2016, from Internet of Things: http://www.microsoft.com/en-in/server-cloud/internet-of-things/overview.aspx

WIPRO. (n.d.). WIPRO - Capabilities - Internet of Things. Retrieved 04 27, 2016, from Internet of Things: http://www.wipro.com/services/product-engineering/capabilities/internet-of-things/

ITIL Continual Service Improvement

ITIL Continual Service Improvement

The ITIL Continual Service Improvement process focuses on quality management. The continual improvement process intends to continually improving the efficiency of IT processes and IT services, carried out in custom software development companies, in an effective way , as per the standard adopted of continual improvement adopted in ISO 20000

The objective of the ITIL Continual Service Improvement includes :

• To review and analyze improvement opportunities in each phase of the continuous lifecycle
• To review and analyze results of the Service Level achievement
• To improve cost of delivering IT services effectively without sacrificing the satisfaction of  customer
• To identify and implement individual activities to improve the quality of IT services
• To ensures that the appropriate quality management processes and methods are used to support the activities carried out for the continual improvement in a software development organization.

The activities of ITIL Continual Service Improvement includes :

• Reviewing that the ITSM processes achieve the desired and qualitative results
• Periodically demonstrate areas of improvement
• Conducting internal audits verifying employees and process compliance
• Reviewing existing deliverables for relevance
• Conducting external and internal service to identify CSI opportunities
• Review management information and trend to ensure services are meeting the SLAs.
• Periodically proposing recommendations for improvement opportunities
• Periodically conducting customer satisfaction surveys
• Conducting service reviews i.e both internal as well as external ,to identify CSI opportunities

There are 7 steps followed in the ITIL Continual Service Improvement process.

They are as follows :

• To define what data you should measure
• To define what data you can measure
• To gather the relevant data need for the continuous improvement
• To process and filter the appropriate data
• Analyze the data by choosing the relevant methods
• To present/assess the data
• To implement corrective actions for getting the quality information and improved data

The processes of ITIL Continual Service Improvement  includes :

• Service Review
• Process Evaluation
• Definition of CSI Initiatives
• Monitoring of CSI Initiatives

Service Review

The objective of service review includes :

• To review business and IT services and infrastructure services on a regular basis.
• To improve the quality of the IT services where necessary
• To identify more efficient and economical ways of providing IT service where possible.

Process Evaluation

The objective of Process Evaluation includes :

• To evaluate processes on a regular basis.
• To identify those areas where the targeted process metrics are not reached,
• Holding regular benchmarking, audits, maturity assessments and reviews.

Definition of CSI Initiatives

The objective of Definition of CSI Initiatives includes :

• To define specific initiatives which focuses on improving services and processes, based on the results of service reviews and process evaluations.

Monitoring of CSI Initiatives

The objective of Monitoring of CSI Initiatives includes :

• To verify and monitor improvement initiatives whether they are proceeding according to plan or not
• To introduce and take corrective measures where necessary during the lifecycle.

TARGET AUDIENCE

ITIL Continual Service Improvement is relevant to organizations involved in the development, delivery or support of services, including:

• Various Service providers – Internal providers and External providers
• Software development Organizations that target to improve services through the effective application of service management to improve their service quality
• Software development Organizations that require a consistent managed approach across all service providers in a supply chain or value network
• Software development Organizations that are going out to tender for their services.

Conclusion :

Thus, the IT software development companies should use and implement the Continuous Service Improvement to improve and monitor IT service as a part of ITIL processes for increasing quality of the services and thereby increasing the value plus customer satisfaction.

References:

• http://wiki.en.it-processmaps.com/index.php/ITIL_CSI_-_Continual_Service_Improvement

Determining factors affecting Cloud Computing as Outsourcing

Cloud computing (CC) is an emerging usage of IT outsourcing (ITO) that needs software companies in India to fine-tune their sourcing procedures. Although software companies in India have recognized an extensive knowledge based on the basis that drive sourcing choices from numerous theoretical standpoints. The mainstream of cloud-sourcing decisions concentrates on technological aspects. The most determinant factors of sourcing decisions in the ITO context persist valid for the CC context. Stillthe findings for some factors (i.e. asset specificity, client firm IT abilities, institutional influences, client firm size and uncertainty) are indecisive for the ITO and CC contexts. 

Cloud computing (CC) influences how organizations cope and manages their IT landscape, challenges outdated IT governance approaches, and requires organizations to fine-tune their sourcing processes. With cloud computing, organizations can achieve on-demand network access to a common pool of managed and scalable IT resources, such as storage, applications and servers. Since IT sourcing decisions require substantial economic and strategic risks, Software outsourcing companies in India should have broad judgment and insight regarding organizational structures, organization processes, inter dependencies and routines to thoroughly comprehend decision substitutes and the set of required structural selections.

width="570"

Following are the factors that software companies in India, can consider for organizations willing to adopt cloud computing.

Asset characteristics

Asset specificity is used in reference to three key categories of assets: physical asset specificity(similarly referred to as technical specificity), site specificity and human asset specificity.

The increased network reliance of cloud computing increases the risks that disturb site specificity, such as the risk of service breakdowns because of probable network outages, which may result in a momentary loss of data accessibility. Therefore, site specificity requires precise consideration for assets that are required on a day-to-day basis (e.g. a customer relationship management system – CRM System). 

Technical specificity may however generate transaction charges when applications are run remotely but these increased transaction costs do not surpass cost savings rising from economies of scale. Thus, these cost savings may humbly outweigh issues related to technical specificity. Furthermore, the impact of technical specificity is expected to vary with organization size and other parameters. However, SaaS (Software as a Service) solutions are restricted in terms of their customizability, which limits the exclusivity of assets that are outsourced via cloud computing. So assets with low technical specificity might be more appropriate for SaaS-based sourcing and applications. High technically specific assets that surpass the configuration and customization limits of SaaS solutions may nevertheless be contenders for outsourcing the underlying infrastructure or PaaS solutions.

Human asset specificity yields inconsistent results.

Client firm characteristics

The impact of a client firm’s internal IT capabilities on sourcing decisions vary between the cloud computing (inconsistent influence) and ITO (consistent negative influence) contexts. Partial support for internal information technology capabilities is observed because there is ‘a plentiful supply of IT personnel with suitable technical expertise’; so, gaps in internal IT capabilities can be effortlessly filled. Organizations started considering to outsource their IT activities because of a deficiency of trained and skilled IT personnel to software outsourcing companies in India, whereas companies believe for internal IT capabilities as a criterion for integrating cloud services into an organization’s IT landscape.A deficiency of internal IT capabilities can be addressed either by acquisitioning competencies (e.g., hiring experts, training existing personnel) or by giving IT tasks to external providers (i.e., outsourcing). Thus, the aspiration to hire IT personnel may be an indication of a lack of IT capabilities.

Environmental characteristics

Uncertainty denotes the degree of complexity, unpredictability and imperfect information that is natural to a transaction. Two types of uncertainty persist: behavioural uncertainty and environmental uncertainty. 

Environmental uncertainty requires further consideration as a determinant of cloud-sourcing decisions, and we specifically differentiate between demand uncertainty as a driving factor and product uncertainty as an inhibiting factor.

The contractual mode of cloud services with short-term contracts permits clients to switch between providers for standardized, commodity-type services at a little cost, thus increasing the client’s inclination to switch vendors if the client is not pleased with the outsourcing arrangement. Still, low-cost switching relates only to standardized services (e.g., low technical specificity) with numerous available provider options. Highly specialized services, which are challenging to replace and lack open interfaces, might be tougher to source via CC. So, the nature of asset and the interference of other factors may play a part in the impact of behavioural uncertainty on sourcing decisions.

Determinant factors of cloud-sourcing decisions assist as a basis for practitioner-oriented guidelines and best practices about how to select and offer cloud services. Also, software companies in India may use the set of determinant factors to lead their procurement procedures and to identify challenges that may stand up during the adoption, acquisition, or integration of cloud services.

Choosing between SaaS and On-Premise for a Software Outsourcing Company in India

Software as a Service (SaaS) is a software delivery model for software outsourcing companies, in which vendors host the applications centrally and charge on a levered basis. These applications are available to the users via Internet. This software delivery model is in line with terms like ‘On-demand’, ‘Off-premises’ and ‘Application Service Provider (ASP)’. E.g. Microsoft Office 365

On-Premise is a software delivery model in which a client, installs and works on the software in-house. Organization’s own resources are used and it needs to obtain a software license for using the software for each server. On-premise software is commonly referred as ‘ShrinkWrap’ and ‘Software as a Product’.

The need for web servers is one of the main reasons for the companies for migrating from On-premise to SaaS.

The decision of going with SaaS or staying with On-premise, involves multiple steps:

• Determine whether there are any SaaS providers for the software you need and are they trustworthy.
• Some of the important concerns while making this decision are Cost (this being the primary one), Security, Customization, Control, Compliance and Infrastructure.
• Get an understanding of business needs of outsourcing companies and baseline them.
• Obtain a free trial from both vendors (On-Premise vendors and SaaS vendors) and then analyze and evaluate.
• Suitability check of applications should be performed for SaaS or On-Premise.
• Obtain the knowledge of vendor relationship difference between SaaS and On-Premise.
• With SaaS vendors, the benefits of multitenancy are realized. Multitenancy is allowing multiple users to share a single application instance at the same time retaining their own separate information.

The comparison of On-premise and SaaS is done to make the decision easy:

Parameters	SaaS	On-Premise
Implementation	Faster to implement because convenient and already built platform is available.	Takes longer duration to get implemented as personnel and equipment are needed to set up an environment.
Infrastructure	No purchase of software or hardware needed.	Extra hardware and software need to be purchased.
Customization	Customization is difficult as multitenancy is given the focus.	Highly flexible for customization.
Support & Maintenance	Very low dependency for maintaining the application. Control is in the hands of vendor.	Your responsibility to maintain the application. Control is in your hands and ownership is yours.
Mobile Access	Accessible through browser on mobile devices.	Minimal access through mobile devices.
Upgrade Cycles	Upgrades are iterative with very less involvement of IT.	Upgrade is your responsibility which is costly and takes a lot of productive time.
Cost	Pay per use & entry costs are low. High annual maintenance. Internal resources required are less.	No flexible pricing option and entry high costs are high. Low annual maintenance comparatively. Lot of internal resources such as tangible hardware assets are needed.
Security	Security risks are higher as applications are accessed via Internet. Server and Network security experts are needed.	Lower security risks as applications are accessed in-house. No specific security experts needed.
Validation for regulatory compliance	Vendor does the baseline review.	Validation is your responsibility. Enforcing these requirements is comparatively easy as control is in your hand.
Integration	Complex as it’s difficult to integrate with existing as well as new processes.	Simpler to integrate with existing and new processes.
Scalability	Scale up and scale down of solutions is easier.	Difficult to scale solutions easily, as it requires a lot of effort and commitment.
Redundancy	Redundancy is a bigger concern as to what happens if the solution provider fails.	As the data lies in-house it’s easier to store backup of the data and so redundancy is a lesser concern.
Availability	Resolution of cloud outage makes you dependent on vendor.	Outages resolution is your responsibility.

After comparing the two options based on these parameters, cost benefit analysis is performed for each of the vendors offering the solutions. The results of the analysis are compared and evaluated to make the right decision for a software outsourcing company.

To choose the deployment model that will suit the outsourcing company’s business, depends on factors including:

• Resource’s availability during each phase of the project.
• Data’s criticality.
• Size & culture of the organization.
• Organization’s requirements for integration.
• Control over customized environments.
• Annual Budget and Investment constraints.
• Regulatory commitments.

Conclusion: Thus a software outsourcing company in India should choose the option that suits the best, after analyzing and comparing the insights derived from this comparison.

Business – IT Strategic alignment

Introduction

(Wikipedia t. f.) defines Business-IT alignment as a dynamic state in which a business organization is able to utilize information technology (IT) effectively to achieve business objectives - typically improved financial performance or marketplace competitiveness. Software development companies are implementing IT strategies at a rapid pace that aligns with their business model which brings in elevation in overall performance of the companies.

(Rouse, What is business-IT alignment?, 2006) enlightens the role of executives in Business – IT alignment. Business-IT alignment involves optimizing communication between executives who take the business decisions and IT managers who oversee the technical operations. The employment of flexible business plans and IT architectures, as well as effective cost allocation, are critical components of any business-IT alignment implementation. Technical department managers can formulate and submit proposals that can be designed to ensure the optimum return on investment (ROI). Business executives can attend IT department meetings and seminars to elevate their understanding of the technical capabilities and limitations of the enterprise.

Purpose of Business – IT Alignment

It is important for all the software development companies in India to understand the purpose of Business – IT alignment. The purpose of Business – IT Alignment is to optimize the value that IT contributes to the enterprise. As such, in order to successfully design a strategic IT roadmap, it is important to start here. It is said that an organization has successfully aligned IT strategy to business strategy when there is:

• A shared understanding of how IT applications, services and technologies will contribute to business objectives – today and in the future.
• A shared focus on where to consume scarce resources, time and money; the trade-offs the enterprise is prepared to make.
• A credible working relation between the IT organization and the rest of the business evidenced by reliable daily operations, reactive problem management and predictable, innovative solution delivery.

Steps to achieve  Business – IT Alignment

(Group) gives four major steps to achieve Business – IT Alignment is achieved :

• Set Conditions to Achieve Alignment
• Scan for Hypothetical Enabling Technologies
• Determine IT Value Imperatives
• Develop IT Vision and Mission

Advantages of implementing Business – IT Alignment 

When the Business – IT Alignment program is completed successfully, following are the advantages that the organizations will get:

• Support from key executives to participate in developing the IT Strategy.
• A better understanding of how emerging technologies, applications and trends can or will impact your enterprise and your IT organization.
• A clear expectation of how IT will contribute to reaching the company’s business goals and objectives.
• A well-defined articulation of IT’s role in, and value to, the enterprise for the strategic horizon.

Issues in absence of Business – IT alignment 

Following are concerns that organizations often face when they lack Business – IT alignment :

• IT driven projects do not meet deadlines and budget constraints
• IT investment do not pay-off
• Ambiguity whether IT strategy and principles are appropriate
• Unclear outsourcing strategy
• Insufficient implementation of security controls
• Financial reports not available in time and accurate manner
• Optimization of IT budget utilization not possible

Conclusion

While the area of IT strategy is broad and incorporates many trends and new technology developments, Software development companies in India are keeping pace with the global market by adopting IT Strategy aligning to individual business model. Business-IT alignment is the correspondence between the business objectives and the Information Technology requirements of an enterprise. These two factors often seem to contradict, but many technical and economic experts agree that alignment between them, maintained over time, is crucial to the success of an enterprise.

Bibliography

• Group, I.-R. (n.d.). OptimizeIT | Info-Tech Research Group . Retrieved 05 04, 2016, from Business - IT Strategic Alignment: https://www.infotech.com/optimizeit/business-it-strategic-alignment
• Rouse, M. (2006, 05). What is business-IT alignment? Retrieved 05 04, 2016, from business-IT alignment: http://whatis.techtarget.com/definition/business-IT-alignment
• Wikipedia, t. f. (n.d.). Business-IT alignment. Retrieved 05 04, 2016, from Business-IT alignment: https://en.wikipedia.org/wiki/Business-IT_alignmentxof IT Strategy: http://panorama-consulting.com/the-importance-of-it-strategy/

ITIL Continual Service Improvement

ITIL Continual Service Improvement

The ITIL Continual Service Improvement process focuses on quality management. The continual improvement process intends to continually improving the efficiency of IT processes and IT services, carried out in custom software development companies, in an effective way , as per the standard adopted of continual improvement adopted in ISO 20000

The objective of the ITIL Continual Service Improvement includes :

• To review and analyze improvement opportunities in each phase of the continuous lifecycle
• To review and analyze results of the Service Level achievement
• To improve cost of delivering IT services effectively without sacrificing the satisfaction of customer
• To identify and implement individual activities to improve the quality of IT services
• To ensures that the appropriate quality management processes and methods are used to support the activities carried out for the continual improvement in a software development organization.

The activities of ITIL Continual Service Improvement includes :

• Reviewing that the ITSM processes achieve the desired and qualitative results
• Periodically demonstrate areas of improvement 
• Conducting internal audits verifying employees and process compliance
• Reviewing existing deliverables for relevance
• Conducting external and internal service to identify CSI opportunities
• Review management information and trend to ensure services are meeting the SLAs.
• Periodically proposing recommendations for improvement opportunities
• Periodically conducting customer satisfaction surveys
• Conducting service reviews i.e both internal as well as external ,to identify CSI opportunities

There are 7 steps followed in the ITIL Continual Service Improvement process.

They are as follows :

• To define what data you should measure
• To define what data you can measure
• To gather the relevant data need for the continuous improvement
• To process and filter the appropriate data
• Analyze the data by choosing the relevant methods
• To present/assess the data
• To implement corrective actions for getting the quality information and improved data

The processes of ITIL Continual Service Improvement  includes :

• Service Review
• Process Evaluation
• Definition of CSI Initiatives
• Monitoring of CSI Initiatives

Service Review

The objective of service review includes :

• To review business and IT services and infrastructure services on a regular basis.
• To improve the quality of the IT services where necessary
• To identify more efficient and economical ways of providing IT service where possible.

Process Evaluation

The objective of Process Evaluation includes :

• To evaluate processes on a regular basis. 
• To identify those areas where the targeted process metrics are not reached, 
• Holding regular benchmarking, audits, maturity assessments and reviews.

Definition of CSI Initiatives

The objective of Definition of CSI Initiatives includes :

• To define specific initiatives which focuses on improving services and processes, based on the results of service reviews and process evaluations.

Monitoring of CSI Initiatives

The objective of Monitoring of CSI Initiatives includes :

• To verify and monitor improvement initiatives whether they are proceeding according to plan or not
• To introduce and take corrective measures where necessary during the lifecycle.

TARGET AUDIENCE

ITIL Continual Service Improvement is relevant to organizations involved in the development, delivery or support of services, including:

• Various Service providers – Internal providers and External providers
• Software development Organizations that target to improve services through the effective application of service management to improve their service quality
• Software development Organizations that require a consistent managed approach across all service providers in a supply chain or value network
• Software development Organizations that are going out to tender for their services.

Conclusion :

Thus, the IT software development companies should use and implement the Continuous Service Improvement to improve and monitor IT service as a part of ITIL processes for increasing quality of the services and thereby increasing the value plus customer satisfaction.

References:

• http://wiki.en.it-processmaps.com/index.php/ITIL_CSI_-_Continual_Service_Improvement

Firewall Design: Strengths & Weakness

Introduction

Firewalls may be software based or, more commonly, purpose-built appliances. Sometimes the firewalling functions are actually provided by a collection of several different devices. The specific features of the firewall platform and the design of the network where the firewall lives are key components of securing a network. It is important for software application development companies to have a proper placement of firewall. To be effective, firewalls must be placed in the right locations on the network, and configured effectively. Best practices include:

• All communications must pass through the firewall. The effectiveness of the firewall is greatly reduced if an alternative network routing path is available; unauthorized traffic can be sent through a different network path, bypassing the control of the firewall. Think of the firewall in terms of a lock on your front door. It can be the best lock in the world, but if the back door is unlocked, intruders don’t have to break the lock on the front door—they can go around it. The door lock is relied upon to prevent unauthorized access through the door, and a firewall is similarly relied upon to prevent access to your network. 
• The firewall permits only traffic that is authorized. If the firewall cannot be relied upon to differentiate between authorized and unauthorized traffic, or if it is configured to permit dangerous or unneeded communications, its usefulness is also diminished. 
• In a failure or overload situation, a firewall must always fail into a “Deny” or closed state, under the principle that it is better to interrupt communications than to leave systems unprotected. 
• The firewall must be designed and configured to withstand attacks upon itself. Because the firewall is relied upon to stop attacks, and nothing else is deployed to protect the firewall itself against such attacks, it must be hardened and capable of withstanding attacks directly upon itself.

Firewall Strengths and Weaknesses

A firewall is just one component of an overall security architecture. Its strengths and weaknesses should be taken into consideration when designing network security at various software application development companies in India. 

Firewall Strengths 

Consider the following firewall strengths when designing network security:

• Firewalls are excellent at enforcing security policies. They should be configured to restrict communications to what management has determined and agreed with the business to be acceptable. 
• Firewalls are used to restrict access to specific services. 
• Firewalls are transparent on the network—no software is needed on end-user workstations. 
• Firewalls can provide auditing. Given plenty of disk space or remote logging capabilities, they can log interesting traffic that passes through them. 
• Firewalls can alert appropriate people of specified events.

Firewall Weaknesses 

You must also consider the following firewall weaknesses when designing network security:

• Firewalls are only as effective as the rules they are configured to enforce. An overly permissive rule set will diminish the effectiveness of the firewall. 
• Firewalls cannot stop social engineering attacks or an authorized user intentionally using their access for malicious purposes. 
• Firewalls cannot enforce security policies that are absent or undefined. 
• Firewalls cannot stop attacks if the traffic does not pass through them.

Firewall Placement 

A firewall is usually located at the network perimeter, directly between the network and any external connections. However, additional firewall systems can be located inside the network perimeter to provide more specific protection to particular hosts with higher security requirements. 

Firewall Configuration 

When building a rule set on a firewall, consider the following practices:

• Build rules from most to least specific. Most firewalls process their rule sets from top to bottom and stop processing once a match is made. Putting more specific rules on top prevents a general rule from hiding a specific rule further down the rule set. 
• Place the most active rules near the top of the rule set. Screening packets is a processor-intensive operation, and as mentioned earlier, a firewall will stop processing the packet after matching it to a rule. Placing your popular rules first or second, instead of 30th or 31st, will save the processor from going through over 30 rules for every packet. In situations where millions of packets are being processed and rule sets can be thousands of entries in length, CPU savings could be considerable. 
• Configure all firewalls to drop “Impossible” or “Unroutable” packets from the Internet such as those from an outside interface with source addresses matching the internal network, RFC 1918 “private” IP addresses, and broadcast packets. None of these would be expected from the Internet, so if they are seen, they represent unwanted traffic such as that produced by attackers. The software development companies must keep a check on such unwanted traffic produced by attackers.

Author Signature:  Sanika Taori

Issues in Mobile Application Development

1. Introduction

While application development for mobile devices goes back at least 10 years, there has been exponential growth in mobile application development since the iPhone AppStore opened in July, 2008. Since then, device makers have created outlets for other mobile devices, including Android, BlackBerry, Nokia Ovi, Windows Phone, and more. Industry analysts estimate that there are more than 250,000 applications available through the various stores and marketplaces, some of which are available for multiple types of devices. We have recently conducted a small survey of mobile developers, using available mobile developer forums to solicit respondents. A key goal of the survey was to gain a better understanding of development practices for mobile applications for custom application development companies. Our conclusions included the following points: 

1) most of the applications were relatively small, averaging several thousand lines of source code, with one or two developers responsible for conceiving, designing, and implementing the application;  

2) there was a sharp divide between “native” applications, those that run entirely on the mobile device, and web applications, which have a small device-based client with execution occurring on a remote server.

There are numerous comprehensive programming environments available for the major mobile platforms. Apple’s iOS Dev Center offers the Xcode package, which includes an Interface Builder, an iPhone emulator, and a complete development environment that can be used across all Apple products. For Android, developers can use the Android Development Tools plug-in for the Eclipse programming environment. For Windows Phone, developers can use a specialized version of Microsoft’s Visual Studio environment. Similarly, there are application development tools for BlackBerry, Symbian, and other platforms. In addition, there are now some cross-platform development tools, such as RhoMobile’s Rhodes, MoSync, and PhoneGap, which can be used to create native applications on various brands of Smartphones. Along the same lines, Netbiscuits, Appcelerator, Kyte, and other companies provides tools and frameworks to support the creation of mobile web and hybrid sites using their SDK or one of the previously mentioned environments. These powerful development tools and frameworks greatly simplify the task of implementing a mobile application. However, they are predominantly focused on the individual developer who is trying to create an application as quickly as possible. 

Considering custom application development companies, for small and medium-sized mobile applications that can be built (and easily updated) by a single developer, they represent a vast improvement on the previous generations of tools, and encourage developers to adhere to the important principles of abstraction and modularity that are built into the platform architectures. However, as mobile applications become more complex, moving beyond inexpensive recreational applications to more business- critical uses, it will be essential to apply software engineering processes to assure the development of secure, high-quality mobile applications. While many “classic” software engineering techniques will transfer easily to the mobile application domain, there are other areas for new research and development. The remainder of this paper identifies some of these areas.

2.1 What Makes Mobile Different? 

In many respects, developing mobile applications is similar to software engineering for other embedded applications. Common issues include integration with device hardware, as well as traditional issues of security, performance, reliability, and storage limitations. However, mobile applications present some additional requirements that are less commonly found with traditional software applications, including: 

1) Potential interaction with other applications – most embedded devices only have factory-installed software, but mobile devices may have numerous applications from varied sources, with the possibility of interactions among them; 

2) Sensor handling – most modern mobile devices, e.g.,  “smartphones”, include an accelerometer that responds to device movement, a touch screen that responds to numerous gestures, along with real and/or virtual keyboards, a global positioning system, a microphone usable by applications other than voice calls, one or more cameras, and multiple networking protocols;   

3) Native and hybrid (mobile web) applications – most embedded devices use only software installed directly on the device, but mobile devices often include  applications that invoke services over the telephone network or the Internet via a web browser and affect data and displays on the device; 

4) Families of hardware and software platforms – most embedded devices execute code that is custom-built for the properties of that device, but mobile devices may have to support applications that were written for all of the varied devices supporting the operating system, and also for different versions of the operating system. An Android developer, for example, must decide whether to build a single application or multiple versions to run on the broad range of Android devices and operating system releases 

5) Security – most embedded devices are “closed”, in the sense that there is no straightforward way to attack the embedded software and affect its operation, but mobile platforms are open, allowing the installation of new “malware” applications that can affect the overall operation of the device, including the surreptitious transmission of local data by such an application.  

6) User interfaces – with a custom -built embedded application, the developer can control all aspects of the user experience, but a mobile application must share common elements of the user interface with other applications and must adhere to externally developed user interface guidelines, many of which are implemented in the software development kits (SDKs) that are part of the platform. 

7) Complexity of testing – while native applications can be tested in a traditional manner or via a PC-based emulator, mobile web applications are particularly challenging to test. Not only do web application development companies have many of the same issues found in testing web applications, but they have the added issues associated with transmission through gateways and the telephone network 

8) Power consumption – many aspects of an application affect its use of the device’s power and thus the battery life of the device. Dedicated devices can be optimized for maximum battery life, but mobile applications may inadvertently make extensive use of battery-draining resources.

Author Signature: Shreyans Agrawal (ifour.shreyans.agrawal@gmail.com)

Trends in Mobile Application Development - Part 2

4. Implications for Developers

Hereafter we analyze the implication for developers of the three market trends presented in the previous section. In fact, the centralization of portal changes the way developers can distribute their application and reach a mass-market of consumers. The technological openness implies that developers at software development companies would use different standards to develop their application and somehow work in a more collaborative mode. Then, highly-integrated platforms offer more possibilities to develop more sophisticated applications and services. These trends can be seen as opportunities but also threats for developers. Therefore, it is crucial that developers have a good understanding of the possible implications of each trend. They need to be able to choose the platform for which they want to develop knowing all the implications.

4.1 Implications of portal centralization

Portal centralization is a major shift for developers. It allows them to reach all potential customers through one shop, which takes care of the administrative tasks, such as billing and advertising. On top of these deployment facilities comes the fact that platforms providing centralized portals count on application sales to increase their revenue and therefore heavily promote application downloads and thus widely increasing the pool of potential consumers. This promotion is mostly done through advertising, but more importantly through greatly enhanced user interfaces. Before the emergence of centralized portals it took a expert user to download and install third-party applications, usually involving an internet search and a credit card payment, on a personal computer and then a file transfer via Bluetooth. Now it has become a “one-click” operation directly executable on the mobile device. Moreover, platforms can leverage on user communities which also promote applications using the reviewing features of the shops. A negative side of strong centralization for developers is that they might have to conform to certain rules defined by the portal provider. This problem can be observed with Apple’s AppStore, which rules over which applications will be sold and which will be banned based on non-transparent criteria. To overcome these restrictions, the developer community has built alternative portals (Installer, Cydia) where developers can publish their applications. Unfortunately, only tech-savvy customers shop on such black markets, since phones must undergo a “jailbreak” procedure before they can access them.

4.2 Implications of technological openness

It is important for software development companies to know the implications of a move towards open source software offers two kinds of opportunities for application developers. First, as mentioned previously, moving towards open technology allows platform providers to reduce development costs and possibly increase the number of consumers. A greater number of platform consumers imply a greater number of potential application consumers for developers. Second, an open source project can provide career opportunities for developers willing to contribute to the platform development.

4.3 Implications of platform integration

The emergence of fully integrated end-to-end ecosystems, where the same people sell applications, manufacture devices and create their operating system, creates a coherent end-to-end approach, which makes it easier for applications to be developed, published, purchased, and used. There is less compatibility issues, which is a major problem in heterogeneous systems, where applications have to be fine-tune for specific devices with different display size for example. A drawback of high integration is the lack of alternatives if the solutions proposed by the platform do not suit the developer.

5. Conclusion 

In this paper, we described the implications that different market and technology trends have on the mobile and custom application development companies. The current evolutions show that the game for the developers has changed dramatically. There are many new opportunities for them to develop, distribute, and generate significant revenues with the emerging mobile application portals. Since the mobile application development landscape has substantially changed over the past several years, mobile development platforms have become more integrated and generally play the role of application portal, device manufacturer or both. As discussed in the paper, application portals tend to become more centralized, facilitating the link between developers and consumers. Moreover, several new platforms entered the open source community to lower their costs and possibly extend their consumer market by lowering prices and as a consequence increase their developer pool. In this changing environment, choosing for which platform to develop reveals to be challenging and we proposed three simple criteria: market size and accessibility, career opportunities, and creative freedom.

Author Signature: Shreyans Agrawal (ifour.shreyans.agrawal@gmail.com)

Trends in Mobile Application Development - Part 1

Over the past few years, we have observed that the relatively stable market has evolved in three distinct directions. First, there seems to be a strong trend towards portal centralization. Second, there is increased number of actors providing open source technology. Third, platforms are moving towards a higher level of integration. It is important for custom application development companies to be aware of the trends in mobile application development. Following explains the same :

1. Towards portal centralization

Prior to the introduction of Apple’s AppStore and more recently Google’s Android Market, platforms did not have a central portal. With the introduction of its AppStore, Apple has proven that a mobile application market should not be underestimated and can represent an important revenue stream. According to CEO Steve Jobs, the AppStore has generated revenue of a million dollars a day in its first month of existence. There are currently 15000 applications on the portal, which have been downloaded a total of 500 million times. Note that these figures grew by 50% in the last month. Following Apple’s lead; traditional platforms like Nokia, RIM and Microsoft seem to be moving in this direction. Nokia is pushing its OVI portal and RIM has developed its own Application Center. Microsoft is also planning to launch its own version of the AppStore called Sky Market with the next version of Windows Mobile (WM7)

2. Towards technological openness

Among the major mobile platforms, LiMo used to be the only player in the open source field. Nokia has moved in this direction after acquiring Symbian OS. Google has also followed this trend. The transition phase from a closed to an open architecture will be critical for the future success of the platform. The shift, depicted in Figure 4, of this major player towards openness means that from a situation with mostly closed systems, we have moved to a situation with a small majority of devices running an open source system. Nevertheless, this shift does not indicate that other platforms will follow. Among the closed platforms, RIM is probably the only one that might go open source, since Microsoft and Apple are strong advocates of proprietary software. So far, it is still hard to evaluate what impact open-source software might have on the current mobile application developments. The successful model that Apple established does not suffer from the proprietary software clauses. The other platforms hope that the open-source option could help them to better compete in the platform war.

3. Towards full integration

Another trend is the emergence of more integrated platforms. Before the introduction of Apple’s platform, there was no fully integrated mobile platform. Moreover, there was no platform with portal integration before the introduction of Google’s platform. Symbian OS is an example of the trend towards integration since it started as a platform with no integration, before it was integrated by Nokia to become a device integrated platform and finally by launching OVI, it became fully integrated. RIM is also expected to soon become fully integrated with the introduction of its Application Center. Furthermore, with Microsoft moving towards portal integration there will be no major platform left without integration. Some leading software application development companies have also hinted that an intermediary could play an integrating role in the mobile development industry. The more surprising observation is the fact that mainly phone manufacturer companies and software development companies have played this integration role and not so much MNOs as was the intuition of most of these scholars.

Author Signature: Shreyans Agrawal (ifour.shreyans.agrawal@gmail.com)

Empowering People in Safety - Part 2

Principle 4.  Focus on Positive Consequences to Motivate Behavior. 

Control by negative consequences reduces perceptions of personal freedom and responsibility. Think about it.  Do you feel freer or empowered when you are working to avoid an unpleasant consequence or working to achieve a pleasant consequence? Unfortunately, the common metric used to rank companies on their safety performance is “total recordable injury rate” (or an analogous count of losses) which puts people in a reactive mindset of “avoiding failure” rather than “achieving success.” PBS provides proactive measures employees can achieve in order to prevent occupational injury. These days, Software development companies are focusing on People-Based Safety (PBS) as well.

We can often intervene to increase people’s perceptions that they are working to achieve success rather than working to avoid failure.  Even our verbal behavior directed toward another person, perhaps as a statement of genuine approval or appreciation for a task well done, can influence motivation in ways that increase perceptions of personal freedom and empowerment.  Of course, we can’t be sure our intervention will have the effect we intended unless we measure the impact of our intervention procedures.  Hence, the next basic premise of PBS. 

Principle 5.  Apply the Scientific Method to Improve Intervention. 

People’s actions can be objectively observed and measured before and after an intervention process is implemented.  This application of the scientific method provides critical feedback upon which to build improvement.   The acronym “DO IT” says it all:  D = Define the target action to increase or decrease; O = Observe the target action during a pre-intervention baseline period to identify natural environmental and interpersonal factors influencing it (see Principle 1), and to set improvement goals; I = Intervene to change the target action in desired directions; and T = Test the impact of the intervention procedure by continuing to observe and record the target action during and after the intervention program. 

The systematic evaluation of a number of DO IT processes can lead to a body of knowledge worthy of integration into a theory.  This is reflected in the next principle. 

Principle 6.  Use Theory to Integrate Information. 

After applying the DO IT process a number of times, you will see distinct consistencies. Certain intervention techniques will work better in some situations than others, by some individuals than others, or with some work practices than others.  You should summarize relationships between intervention impact and specific interpersonal or contextual characteristics.  The outcome will be a research-based theory of what is most cost-effective under given circumstances.  By doing this you are using theory to integrate information gained from systematic behavioral observation.   

Principle 7.  Consider the Internal Feelings and Attitudes of Others. 

Feelings and attitudes are influenced by the type of intervention procedure implemented, and such relationships require careful consideration by those who develop and deliver the intervention.  This is the essence of empathic leadership taught by PBS.   

The rationale for using more positive than negative consequences to motivate behavior (Principle 4) is based on the different feeling states resulting from using positive versus negative consequences to motivate behavior. Likewise, the way an intervention process is introduced and delivered can increase or decrease perceptions of empowerment, build or destroy interpersonal trust, and facilitate or inhibit an interdependent teamwork. 

Conclusion:

The PBS principles reviewed here provide a perspective that improves how people view injury prevention and talk about this challenge to themselves and to others.  Besides providing a paradigm that improves the quality and increases the quantity of safety conversations, PBS provides specific tools and methods, which software development companies are using extensively, for increasing safe behaviors, decreasing at-risk behaviors, and motivating participation in safety-related activities.   

Author Signature: Shreyans Agrawal (ifour.shreyans.agrawal@gmail.com)

Empowering People in Safety - Part 1

Introduction

Behavior modification… safety management…. attitude adjustment… behavior based safety… culture change… cognitive alignment… person-based safety… human engineering… social influence.  All these terms used to address the human dynamics of injury prevention.  Each of these can be linked to a set of principles, procedures, or a consultant’s service which defines a particular approach to managing the human side of occupational safety. Software development companies in India are implementing these set of principles in order to manage the human side of occupational safety.  

 All of these terms, and most of the accompanying materials, are insufficient.  They are either too narrow and restricting, or too broad and nondirective.  Some focus entirely on behavior change, while others attempt to target vague and unobservable aspects of other people, like attitudes and thoughts.  Still others have the grand notion of directly targeting culture change. 

  

 All of these approaches are well-intentioned and none are entirely wrong.  The human dynamics of an organization include behaviors, attitudes, cognitions, and the context (or culture) in which these aspects of people occur.  However, some of these approaches are too equivocal or ambiguous to be practical, while others may be practical but are not sufficiently comprehensive. 

Systematic evaluations of our implementations have enabled successive refinements of procedures, as well as the discovery of guidelines for increasing effectiveness and the long-term impact of our interventions.  We also developed research based and practical support materials for the behavior-change and culture-enrichment process. 

Today we call this approach “People-Based Safety” (PBS).  It strategically integrates the best of behavior-based and person-based safety in order to enrich the culture in which people work, thereby improving job satisfaction, work quality and production, interpersonal relationships, and occupational safety and health.   

 This article is the first of a five-part series in which I explain the essential principles and procedures of PBS.  Here are the seven underlying principles of PBS.   

Seven Basics of People-Based Safety 

Principle 1: Start with Observable Behavior. 

Like behavior-based safety, PBS focuses on what people do, analyzes why they do it, and then applies a research-supported intervention strategy to improve what people do.  The improvement of others results from acting people into thinking differently rather than targeting internal awareness or attitudes so as to think people into acting differently.   However, unlike behavior-based safety, PBS considers that people can observe their own thoughts and attitudes.  Thus, people can think themselves into safer actions.  In other words, self-management requires self-dialogue or thinking as well as self-directed behavior.  

Principle 2.  Look for External and Internal Factors to Improve Behavior. 

We do what we do because of factors in both our external and internal worlds.  While behavior-based safety deals with only external factors, PBS teaches people how to address their internal thoughts, perceptions, and attitudes related to injury prevention.  A behavioral analysis of work practices can pinpoint many external factors that encourage at-risk behavior and hinder safe behavior.  But, it’s also possible for individuals to conduct a self-evaluation of their own self-talk and selective perception regarding safety related behavior, and choose to make appropriate adjustments. Safety is of utmost importance for all the software development companies and hence they attempt to identify external and internal factors to improve behavior.

Principle 3.  Direct with Activators and Motivate with Consequences. 

Activators (or signals preceding behavior) are only as powerful as the consequences supporting the behavior.  In other words, activators tell us what to do in order to receive a pleasant consequence or avoid an unpleasant consequence.  This reflects the ABC model, with “A” for activator, “B” for behavior, and “C” for consequence.  This principle is used to design interventions for improving behavior at individual, group, and organizational levels. 

Author Signature: Shreyans Agrawal (ifour.shreyans.agrawal@gmail.com)

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013 - Part 2

Clause 4: Context of the organization 

This is a new clause that in part addresses the depreciated concept of preventive action and in part establishes the context for the ISMS. It meets these objectives by drawing together relevant external and internal issues (i.e. those that affect the organization’s ability to achieve the intended outcome(s) of its ISMS) with the requirements of interested parties to determine the scope of the ISMS. 

It should be noted that the term ‘issue’ covers not only problems, which would have been the subject of preventive action in the previous standard, but also important topics for the ISMS to address, such as any market assurance and governance goals that the organization might set for the ISMS. Further guidance is given in Clause 5.3 of  ISO 31000:2009.

Note that the term ‘requirement’ is a ‘need or expectation that is stated, generally implied or obligatory’. Combined with Clause 4.2, this in itself can be thought of as a governance requirement, as strictly speaking an ISMS that did not conform to generally-accepted public expectations could now be ruled nonconforming with the standard.

The final requirement (Clause 4.4) is to establish, implement, maintain and continually improve the ISMS in accordance with the requirements the standard.

Clause 5: Leadership 

This clause places requirements on ‘top management’ which is the person or group of people who directs and controls the organization at the highest level. Note that if the organization that is the subject of the ISMS is part of a larger organization, then the term ‘top management’ refers to the smaller organization. The purpose of these requirements is to demonstrate leadership and commitment by leading from the top. 

A particular responsibility of top management is to establish the information security policy, and the standard defines the characteristics and properties that the policy is to include. This is important for software development companies.

Finally, the clause places requirements on top management to assign information security relevant responsibilities and authorities, highlighting two particular roles concerning ISMS conformance to ISO/IEC 27001 and reporting on ISMS performance.

Clause 6: Planning 

Clause 6.1.1, General: This clause works with Clauses 4.1 and 4.2 to complete the new way of dealing with preventive actions. The first part of this clause (i.e. down to and including 6.1.1 c)) concerns risk assessment whilst Clause 6.1.1 d) concerns risk treatment. As the assessment and treatment of information security risk is dealt with in Clauses 6.1.2 and 6.1.3, then organizations could use this clause to consider ISMS risks and opportunities.

Clause 6.1.2, Information security risk assessment: This clause specifically concerns the assessment of information security risk. In aligning with the principles and guidance given in ISO 31000, this clause removes the identification of assets, threats and vulnerabilities as a prerequisite to risk identification. This widens the choice of risk assessment methods that an organization may use and still conforms to the standard. The clause also refers to ‘risk assessment acceptance criteria’, which allows criteria other than just a single level of risk. Risk acceptance criteria can now be expressed in terms other than levels, for example, the types of control used to treat risk.

The clause refers to ‘risk owners’ rather than ‘asset owners’ and later (in Clause 6.1.3 f)) requires their approval of the risk treatment plan and residual risks.

In other ways the clause closely resembles its counterpart in ISO/IEC 27001:2005 by requiring organizations to assess consequence, likelihood and levels of risk. Assessment of consequences, likelihood and levels of risk is essential for software development companies.

Clause 6.1.3, Information security risk treatment: This clause concerns the treatment of information security risk. It is similar to its counterpart in ISO/IEC 27001:2005, however, it refers to the ‘determination’ of necessary controls rather than selecting controls from Annex A. Nevertheless, the standard retains the use of Annex A as a cross-check to make sure that no necessary control has been overlooked, and organizations are still required to produce a Statement of Applicability (SOA). The formulation and approval of the risk treatment plan is now part of this clause.

Clause 6.2, Information security objectives and planning to achieve them: This clause concerns information security objectives. It uses the phrase “relevant functions and levels”, where here, the term ‘function’ refers to the functions of the organization, and the term ‘level’, its levels of management, of which ‘top management’ is the highest. The clause defines the properties that an organization’s information security objectives must possess. This lets software application development companies to move from ISO 27001:2005 to ISO 27001:2013.

Author Signature: Shreyans Agrawal (ifour.shreyans.agrawal@gmail.com)