Native mobile apps are dead. Well, except for games.

We’ve heard that chorus quite a bit lately. There are way too many devices coming out, way too fast, to keep up with native development on so many platforms, right?

Maybe not. We don’t think everything needs to be an app. But we don’t advise our clients to go to the other extreme and assume everything should be a web app or mobile website. There is a case for each, so how do we decide?

Web Apps are not a magic bullet

I can just build a web app and be done with it, right? After all, our team already knows HTML and CSS and Javascript.  So why bother learning these esoteric things like Objective C or download all those complicated bits of the Android SDK? Well, for one thing, a mobile web app is not just a very small website. The user’s expectations for experience are different. The user’s patience level is usually very different. Remember the user has come to you on her phone because she needs something now and she wants it in a summary format that she can read on a 3-4″ screen. Whether you code natively in Java or ObjC or choose HTML/CSS/Javascript, the hard work is still making an interface that is fluid, responsive, and easy to use. You didn’t just make your life easy by choosing HTML.

The next thing you’ll discover when you build your mobile web application is that mobile web browsers are wildly different. They don’t all support the same standards yet, and that may never happen. Advocates of the “web only” camp often show the hundreds of different mobile devices on a slide and then imply that somehow a bunch of HTML with CSS3 sprinkles will rule all. Have you tried this with a 2 year old Blackberry yet?

The truth is it is non-trivial to make a mobile website that supports all these different browsers. Or all of these different screen sizes. Or this broad range of capabilities. Even HTML5 doesn’t make these issues go away with a single tap. Whether you build a web app or a native app, you can be sure you will spend time on these issues either way.

This should not be your first decision

The first question you should be asking is what problem is this “app” solving? What do your users want out of this? What do you want out of this channel to your users? From that you’ll derive a set of objectives and requirements. And then from *that* you’ll derive a user experience that makes sense.

After you have figured out how your “app” should work, and what your performance thresholds are, then you may find that the best the way to build your “app” is using HTML, CSS, and Javascript. We’ve seen plenty of cases where that is the right answer and yields the most direct path to supporting users. However, there are times when your needs in interface, performance, availability, device integration, or usability just make more sense in native code. These things apply to more than just games. This is especially true in those cases where the vast majority of your users are on Android and Apple devices. A good design and development team can make a great app for both.

So, bottom line, don’t take the easy way out.  It won’t pay off.  Casting off native mobile apps just because building an web app is easier, doesn’t mean your end product will be better, or even good for that matter.  Know your purpose, your audience, and most importantly, know your team’s capabilities.  Design the app you need, but also be willing to work with external organizations to build the app the right way, whether thats a web or native mobile app.

I’ll be talking about these and many other mobile development strategies and pitfalls at Friday’s Government Web and New Media Conference breakout session:

Top Ten Mobile Pitfalls (and how to avoid them)

If you’re at the conference, I hope to see you there

- Firoze Lafeer

So do I expect mass change?  Yes, but not really.  The plan asks agency CIOs to identify 3 “must move” services to be moved to the Cloud, all within 18 months.  As with many OMB mandates & e-Gov initiatives from the past, there will be two types of approaches.  On the one hand, there are CIOs who really want to utilize Cloud, IaaS, & SaaS platforms, and then there are those who, succumbing to internal pressure or by their own accord, will nominate “lay-up” projects.  Either way, there is an opportunity over the next two years for federal agencies to make large gains in both efficiency and technical capabilities like never before.  Sure, there will be hurdles and red tape, and the ink is still drying on policies and contract vehicles.  But the tide has started, driven by amazing industry and citizen participation, as well as the cry for Government to save money in all areas possible, but still reach citizens more effectively than ever before.

In the coming weeks, I’ll dig deeper into the 25 Point Plan, but here are a list of Cloud/SaaS/IaaS projects that must be on a CIO’s list for 2011.  You can call them lay-ups if you’d like, but I’d rather call them “strategic victories”.

1. Move your email to the cloud. Period. The end. No argument.
If I look at this problem from a civilian agency perspective, how there is not one single email system across all civilian (non-secret) environments leaves me perplexed.  Email, by far, is the most standardized, non-customized solution in IT.  Ten years ago, most private organizations were moving their email to a managed service model. Ten years ago. Yet all across the federal space, there are thousands of administrators managing, rebooting, and patching email solutions, and quite a few trying to fix broken ones.  With recent large contract awards for Cloud based email; GSA for Google and USDA for Microsoft, the time is now.

2. Search for your public facing website.
OK, the yellow Google box looks great in your infrastructure, we’ll all admit it.  But did you know that Google is not even selling those boxes for website Search anymore?  Move your public facing search to a search service from Google, Bing (Free) or USASearch.gov (Free), and you’ll notice the added benifit of not having that yellow box crawl the living daylights out of your websites.

3. Public Static Websites.
Many agencies still have a ton of web content residing as static content for one reason or another. It clogs backups, gets moved around (slowly) as the infrastructure changes, and runs typically on way more CPUs than is needed.  Yet many times, there is no redundancy for the data, and some of the data is a critical part of an agency’s message.  CIOs usually feel this burn once a website goes down due to a simple equipment failure.  Grab some space and CPUs from Amazon on the cheap, and move that content tomorrow.  When your latest initiative website gets included in President Obama’s State of the Union address, you’ll be happy you did.

4. Website Statistics
Are you chewing weblogs? They keep growing, don’t they? Your fellow system admins want to delete them faster, don’t they?  Upgrade your analytics solution to a tagging based solution such as Webtrends on Demand, Google Analytics, or Omniture, and offload your analytics burden while allowing for instant metrics for you and your customers.

5. Media Hosting
As individuals, we use Cloud based media hosting every day.  Flickr, Snapfish, Youtube, and the list goes on and on.  Yet in the federal space, organizations are still looking to setup large media infrastructures.  With rich API’s, and near zero cost of cloud based media hosting, coupled with advancements like automatic closed captioning services (Youtube), this is an obvious win.

About PrepFire

PrepFire Solutions was founded in 2008 as a Service Disabled Veteran Owned Small Business (SDVOSB) with a focus on Cloud, SaaS and COTS solutions.  PrepFire’s goal is to bring the latest technologies to government and commercial organizations – securely and at a lower cost – to better serve their users.

PrepFire’s core capabilities include full spectrum solutions in the areas of cloud computing, SaaS, project management, enterprise planning, security, compliance, network management, CMS and CRM.  But more importantly, PrepFire consultants understand a solution is more than just a set of technical tasks. Every PrepFire solution includes a review of organizational success factors, marketing and communication planning.  PrepFire will not only deliver a solution, they will make it successful. For more information on what PrepFire Solutions has to offer, visit www.PrepFire.com.

http://defensesystems.com/blogs/digital-conflict/2010/09/stuxnet-worm-stealth-attack.aspx?s=ds_290910&admgarea=TC_DEFENSE

Stuxnet worm deemed ‘best malware ever’

by Kevin Coleman

In January 2010, a highly targeted, vendor-specific cyberattack was launched by those yet to be identified. The Stuxnet worm was highly sophisticated — perhaps the most sophisticated attack that is known to the public thus far, leading some in the field to proclaim the piece of code the best malware ever. The fact that this piece of malware operated undetected for nearly six months seems to supports those claims.

Although the attacker is unknown, many individuals and entities believe Israel is behind the attack and that the United States was probably an active participant.

The worm used not one but four unpatched zero-day vulnerabilities, as well as other vulnerabilities that had patches available. Its designers intentionally limited the worm’s spread, which allowed it to go undetected for an extended period of time. Each infected machine could only pass the worm to three additional machines.

The malware made use of two stolen digitally signed certificates that allowed the worm to avoid detection by security software.

The worm was designed to attack machines using WinCC (Windows Control Center) and Siemens SCADA (Supervisory Control and Data Acquisition) visualization system and connected to industrial programmable logic controllers. PLCs are used to control multiple types of processes commonly found at industrial plants, energy/utility complexes, water treatment facilities, critical infrastructures, and numerous other functional areas.

Stuxnet also uploaded its own encrypted software to the PLCs. At this time, it is unknown what that encrypted software does. But multiple experts have speculated that it could open a backdoor for attackers to use whenever they want to steal data files, delete files or change data. However, the biggest concern is that the attackers could execute control processes (for example, close valves or shut off output systems) that would interfere with or disrupt critical operations of industrial complexes.

The worm clearly targeted Iranian facilities, with nearly 60 percent of the system compromises occurring in that country. However, industrial controllers in India and the United States were also hit by the attack.

Some experts believe the ongoing system problems at Iran’s Bushehr nuclear power plant indicate that it might have been the primary target.

As of Sept. 20, the worm had compromised approximately 100,000 systems worldwide. Its primary mission is intelligence gathering and industrial sabotage, and its secondary mission is process disruption with any number of tertiary effects. The situation was remedied in August by Microsoft.

The complexity and sophistication of the attack, as well as its target being PLCs, would seem to point to a nation state-backed group or possibly cyber terrorists. Researchers at Kaspersky Lab and Symantec said they have never seen a piece of malware use that many avenues of attack.

The industrial control system industry is a high-value target. This cyberattack prompted Joe Weiss, an industrial control and security expert, to alert several members of Congress and other U.S. government officials. He was pushing for emergency powers to be given to the Federal Energy Regulatory Commission so that it could require that utilities and others involved in providing critical infrastructure take extra precautions to secure their systems. In March 2009, Weiss testified before the Senate Commerce, Science and Transportation Committee and said networks that power industrial control systems have been breached more than 125 times. He went on to say, “The impacts have ranged from trivial to significant environmental damage to significant equipment damage to deaths.” One of the 125 breaches resulted in U.S. deaths.

Earlier this year, more than three-quarters of executives working for organizations that use SCADA or industrial control systems say their systems are connected to the Internet or some other IP network, putting them at possible risk of intrusion. Approximately 55 percent of survey respondents in the energy and power sectors and the oil and gas sectors reported that cyberattackers most often targeted SCADA or other operational control systems.

What about the private sector, which owns about 85 percent of our nation’s critical infrastructure? What is being done there? Rep. Jim Langevin (D-R.I.), who chaired a subcommittee on cybersecurity, called representatives of the nation’s electric utilities, which are heavy users of SCADA systems, to Washington to find out what they were doing to fix the power grid’s vulnerabilities. The committee was told that the problem was being addressed, but that turned out not to be the case. At a subsequent hearing seven months later, Langevin’s committee members discovered that almost nothing had been done. “Basically, they lied to Congress, and I was outraged,” Langevin told Steve Kroft of “60 Minutes.”

The United States is the most connected country in the world and the country that is the most reliant on computers, networks and related devices.These two facts make us the most susceptible to a cyberattack. What has to happen before the government, business community, law enforcement, intelligence community and military come together to address this critical deficiency in our nation’s defenses? Maybe some of President Obama’s rumored “second stimulus package” funds can be allocated to defending our nation’s critical infrastructure.

- Reseller to Deliver Viewfinity Privilege Management Compliance Solutions and Services to Customers -

Waltham, MA – September 20, 2010 – Viewfinity (www.viewfinity.com), the innovator of privilege management solutions, today announced a channel partnership with PrepFire Solutions to deliver best-in-class privilege management solutions for desktops and servers.

The partnership will allow PrepFire Solutions (www.prepfire.com) to resell and provide services for the Viewfinity Privilege Management solution suite. For organizations who lock down its desktops, or who are planning to move to a locked down desktop environment, Viewfinity provides privilege management and role-based account access control for desktops, laptops and Windows servers.

“At PrepFire Solutions, we pride ourselves in working with leaders at the forefront of innovation and thought leadership and Viewfinity personifies all of these ideals,” said Michael Kozeliski, President and CEO of PrepFire. “Their ability to address the entire scope of managing a locked down environment without creating unnecessary restrictions on the end user, regardless of worker location, allows for endless opportunity to meet our clients’ privilege management needs.  Viewfinity truly lets us bring our customers the leading solution for managing compliance issues.”

John Hamilton, Chief Operating Officer, Viewfinity, stated, “We are happy to welcome PrepFire to our growing channel program. PrepFire’s expertise in government compliance management paired with its ability to recognize and offer the best technology solutions, allows them to provide maximum value to their customers.”

About PrepFire

PrepFire Solutions was founded in 2008 as a Service Disabled Veteran Owned Small Business (SDVOSB) with a focus on Cloud, SaaS and COTS solutions.  PrepFire’s goal is to bring the latest technologies to government and commercial organizations – securely and at a lower cost – to better serve their users.

PrepFire’s core capabilities include full spectrum solutions in the areas of cloud computing, SaaS, project management, enterprise planning, security, compliance, network management, CMS and CRM.  But more importantly, PrepFire consultants understand a solution is more than just a set of technical tasks. Every PrepFire solution includes a review of organizational success factors, marketing and communication planning.  PrepFire will not only deliver a solution, they will make it successful. For more information on what PrepFire Solutions has to offer, visit www.PrepFire.com.

About Viewfinity

Viewfinity provides privilege management and role-based account access control for desktops, laptops and Windows servers. We empower enterprises to meet compliance mandates, reduce security risks, and lower IT costs. Viewfinity introduces granularity to desktop permissions and privileged access management by offering solutions to manage and control least management rights based upon segregation of responsibilities.

Viewfinity provides IT security and operations with identity access and intelligence via compliance validation reporting and privileged account activity auditing. Viewfinity solves IT’s greatest headache–management of mobile workers— through its web-hosted model by providing absolute network independence, eliminating reliance on corporate network connectivity or VPN. For more information, visit www.viewfinity.com.

Although the rhetoric surrounding cloud computing is often hijacked by different people using different terms, the bottom line is that true cloud computing is analogous to electricity. When you plug in your refrigerator, toaster, air conditioner, or computer into your wall socket, you know that you are consuming electricity and that you are going to receive a bill from the electric company for the energy you use. Everyone can understand that on a hot DC summer day, if you put the thermostat down to 60 degrees that it is going to cost you money. It’s simple math.

Now, when it comes to the power of cloud computing it can be scary for the federal government to comprehend. It is hard for IT managers to understand how easy it is to just “plug in” to computer power (infrastructure as a service), or application power (software as a service).

Let’s look at Recovery.gov to better understand.  The White House’s move of Recovery.gov to Amazon allows them to “plug in” to server resources and as they get more traffic (power), they will get a bigger bill. No one has to worry about services or scaling. They just have to realize that the more traffic they get, the more they are moving that thermostat to a lower degree on a summer day.

But some savvy federal agencies are ahead of the curve on this one.  Several agencies are starting to pay about $50 per user per year to access Google applications that include email, calendar, and documents. Why is this important?  Well simplicity is one. If you want to have more people using the Google Apps then all you need to do is plug them in and pay $50.

This type of thinking is now a way of life in Silicon Valley, but in DC, everyone wants to know where the electricity is going, the status of the power lines, how the power plants work, and whether or not they need to build their own. While the government needs to pay closer attention to these questions for some applications, it can rest assured that when it plugs into the cloud they are going to increase productivity and reduce costs. Now that’s some simple math the government should get behind.

If you have any questions or comments, I will be presenting on ways you can “plug into the cloud” at the Gov 2.0 Conference on Thursday, May 27^th at the Washington DC Convention Center. I hope to see you there!

Thanks,

Erik Arnold

The Gov 2.0 Conference?  What? Already? It seems like we were just at the FOSE event, meeting with top tier feds who were interested in finding out about cloud services and PrepFire Solutions innovative approach. We answered a lot of question on what cloud computing is and how it can benefit government agencies – and it looks like we gave some pretty good answers. Since that time we have been hard at work scheduling meetings and conducting presentations for almost every government agency. But now is the time to gear up for PrepFire’s second conference and the Gov 2.0 Conference is as vital as any.

But are we ready?

The short answer is “absolutely,”  but the long answer is more impressive.

To start, the Gov 2.0 Conference is called “The IT Event for 21st Century Government” and is meant to answer the question

“How can we harness these innovations to decrease waste and increase productivity?”

Sound familiar? It should, because the answer to that question is the foundation on which PrepFire Solutions is built. Our mission is to bring the latest technologies to government organizations—securely and at a lower cost—to increase productivity and better serve their users. PrepFire’s vision and approach to provide gov’t agencies with innovative IT solutions makes our mission as unique as our company.  As the only SDVOSB in the cloud technology arena, we take pride in our distinctiveness because it allows us to provide original and agile solutions from start to finish.  We take our mission very seriously to answer the above question for our clients on a daily basis with innovative products and top notch services from our team of industry experts.

Speaking of our industry experts, our colleague Erik Arnold will be presenting at the conference and discussing “The White House has moved to the cloud – have you?”  Make sure you tune in for his presentation that will provide valuable information on how you can move to the cloud and more importantly –  why you should be interested in doing so.

If you haven’t met us already then stop by our booth at Gov 2.0 and find out how you can find your way to the cloud.

Thanks,

Brian

PrepFire’s goal is to bring the latest technologies to government organizations—securely and at a lower cost—to better serve their users.

But what does that really mean?  A lot of people are saying it, but why are we not seeing a major push of Cloud/SaaS & disruptive technologies in Government?  We’re not seeing it because there is still a gap, a gap in understanding in how to work in the Government space.  On one side, you have the leading edge product company that is tooled to work in commerical space, but can’t begin to understand Government.  On the other hand, you have the large, beltway bandits getting their execs to start tweeting, while still pushing traditional racks, servers and solutions to Government clients.

PrepFire was formed for one reason.  Provide end to end solutions using the latest products and approaches in the Government space.  To our partners we serve as a trusted advisor to moving their products into the Government market. To our Government clinets, we’re also experts in leagacy systems and can recommend the best path forward to leverage new technologies.

But end to end does not stop there.  We’ve expanded our management team to now provide the Government with a complete product strategy.  That’s the key word here.  Products.  Government needs to and has started to have more of a product mentality.  When you are developing a tool that needs to be marketed within Government, and out to citizens, then you have yourself a product.

PrepFire has added Brian Kelley and Todd Kirby to our management team to productize every project we have.  From concept, to UI design, technical implementation, and grassroots marketing, we offer the complete solution.  Here’s the bio’s for Brian and Todd, not bad eh?

Brian Kelley:  Director of Marketing and Outreach -  Former tours as Supervisor of Grassroots Marketing at Edelman PR and Racepoint Group.

Todd Kirby:  Director of User Experience:  Former Product Manager for Blockbuster, Nutrisystem, Match.com and co founder of Chemistry.com.

So 2010, here we come.  Check out our brand new portal at www.prepfire.com, and continue to follow us for more updates.

Tx

-  Carter

On the other hand, companies that promote this technology do not see a value proposition in trying to work with Government.  When your are trying to sell your product to a small government group, lets say1000 people (not small is it?), its not worth it to a product company to adjust their product to meet Government regulations.  A product that costs 20k soon becomes a 500k project. 

So what happens? IT shops go the traditional route and build it, add contractors, and manage it, costing millions for something that a commercial company would only pay thousands for.

So where are we now?  This article is not a shot at GSA.  In fact, they have grown by leaps in bounds.  Their move to Terramark, a virtual/cloud host was one of the best moves I’ve seen in Government.  They continue to push free Cloud/SaaS products like Youtube, Facebook and others to adjust their user & legal agreements to allow Government to leverage them.  They’ve moved their USASearch product to a cheaper, more agile host, using Bing.  The point of the article is to say, they’re ready.

We don’t need to wait till 2013.  The Feds are ready to work with vendors to create a cloud computing sandbox, that will allow the little guys in government IT to show what they’re made of and create great applications, using the best in Cloud/SaaS technology, and show their organziations what can be done without having to navigate their own internal processes. 

The original idea:

Create a Cloud Computing Sandbox, and related Cloud Computing BPA.

Description of Goal:

Cloud Computing and Software as a Service (CC/SaaS) is a hot topic on the minds of government IT executives due to its potential for a high ROI, rapid development timeframes and minimal infrastructure cost. However those same executives are afraid to make the initial investment to enter into the CC/SaaS space, and are hesitant to shift from a conventional environment to a cloud based infrastructure. While there is resistance from government IT executives to invest in CC/SaaS applications, low to senior technical employees are embracing the technology, following their peers in private industry. The issue lies in the fact that these employees do not have enough influence or resources to start in the space. For those who push forward, they are left re-creating the wheel when it comes to major requirements like 508 compliance and Security Certification and Accreditation (C&A). On the other side of the equation, CC/SaaS companies are having much of the same issue. Since the commercial sector is far ahead of the government in embracing the CC/SaaS platform, the focus of CC/SaaS companies is not in the government sector. When an RFP is released for bid, CC/SaaS companies lack experience or staff to reply properly to a government RFP, if they reply at all. Or, the company cannot see the value in updating their product to align with government requirements. This creates an especially dangerous dynamic where companies are not incorporating accessibility compliance into their development roadmap, increasing the gap between the capabilities in commercial and government sectors. A frequent example is the heavy use of Ajax in commercial UI’s, and its lack of 508 compliance. While this gap cannot be solved with this “Big Idea,” this can be an effort by USA.gov to bring the two communities together, and to influence the industry through numbers. By creating a “Cloud Computing Sandbox” and a related BPA, we have an opportunity to lead, enabling government agencies to easily collaborate, develop, and purchase CC/SaaS based applications. We can’t afford to ignore this issue, or we may someday be left with “government technology” and “commercial technology.”

 Actions to Achieve Goal:

1. Use USA.gov’s leverage to seek a low or no cost partnership with cloud providers. The partnership would open up their development API’s to government “affiliates”, allowing them to create CC/SaaS applications without the advertisements that are currently included in free versions of their products. Create a usage ceiling, where if the application reached a touchpoint threshold, the affiliate’s organization would be required to purchase the tools off of the “USA.gov Cloud Computing BPA” to continue.

2. Leveraging the Webcontent.gov and USASearch Affiliate communities, build a community around the free tools, encouraging the developers and IT professionals from across the government to collaborate on research, innovation, government security and accessibility requirements.

3. Create a CC/SaaS BPA and award to 25 CC/SaaS companies with provisions for security and section 508 accessability (VPAT), streamlining the purchase of these technologies.

How Do We Measure Success:

1. Recognition as a government leader in technology best practice and education would continue to increase.
2. # of affiliates added to the community
3. # of applications created
4. # of touchpoints from the applications, (until they are funded by the organization themselves via the BPA)

Who’s in the cloud?
Google, Zoho, Amazon, Booze Allen, Yahoo, Microsoft, Salesforce