Modern mobile security: people or devices? (with Dilbert)

I really like this slide from the IDC presentation for Google’s Enterprise Partner Summit 2019 (available in public access here).

A slide from IDC: The Evolution of Android in the Enterprise (c) IDC

Note that the technical threats begin at position number 7! But the top 6 are dominated by the threats based on the user behaviour (and the lack of proper tools/policies that allow such behaviour)!

Why does that happen? What can be done? Read on to learn more and see some Dilbert!


Android Q Enterprise Features for EMM Admin

This is a brief analysis on the upcoming Android Enterprise Features in Android Q. Read the full notes here. Google has a habit of silently updating those documents, so I expect to update this post once subsequent iterations of Beta are released. The below is my sole opinion, and I welcome hearing yours. NB: it starts slow, the really great stuff is towards the 2nd half 🙂


Prevent Chrome from messing up your tabs upon reload

One (but not the only) problem that I have with Google Chrome is that it tries to reload all tabs after restart. This has two consequences:

I have lots (50+) of tabs. Trying to load them all at once wastes my CPU and RAM.

Accessing some resources require re-authentication, so I am redirected to the auth/SSO page instead. Like 50 times. If I don’t re-auth quickly, the SSO session is no longer valid, and my SSO system fails to redirect me back to the original page. There are also many other reasons, why I may not be able to get the automatic redirect to the original page URL. Worse, Chrome doesn’t always correctly save the URL history when redirects are involved, nor does it offer proper session management. Basically, at this point my page is lost (searching history doesn’t help either).

In this super-quick post I will provide solutions to both of these annoyances.


The CLOUD Act – can Americans be trusted in Europe?

This week I’ve attended an event and one of the other attendees has voiced an interesting thought, which deserves a brief footnote here, for future reference.

Since March 2018 the US Government had passed the so called Cloud Act, which basically “allows federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.


According to my vis-a-vis, this means that no EU company can now trust their data to cloud services offered by US companies – even if the datacenters themselves are located in EU, the US government basically now can demand access to any data of EU residents.


The devil, is, as usual, in details, Let’s read a little deeper:

[CLOUD Act] asserts that U.S. data and communication companies must provide stored data for U.S. citizens on any server they own and operate when requested by warrant,

but provides mechanisms for the companies or the courts to reject or challenge these if they believe the request violates the privacy rights of the foreign country the data is stored in.

It also provides an alternative and expedited route to MLATs through “executive agreements”; the executive branch is given the ability to enter into bi-lateral agreements with foreign countries to provide requested data related to its citizens in a streamlined manner, as long as the Attorney General, with concurrence of the Secretary of State, agree that the foreign country has sufficient protections in place to restrict access to data related to United States citizens.


  1. It only applies to US Citizen data.
  2. Local privacy laws and individual data privacy agreements allow for rejections and challenges of such requests.

So, EU citizens stay at exactly the same level of protection as before, the new fears are unfounded. What do you think? Do you trust your data to the cloud?




Change of wind

Those of you who follow me on LinkedIn may have noticed that I have a new workplace, which comes with a Digital Workspace.

This means less wireless, but even more on Enterprise Mobility, EMMs, mobile security Android, iOS, Windows 10 and MacOS (did you know that both MS and Apple made their desktop OSes manageable by EMM ?)

If you are not following me in LinkedIn and Twitter, you are probably missing 90% of the stuff! So, please consider (or save yourself lots of noise and unsubscribe – fair enough 😉 )

Why VMware/AirWatch, why EMM?

This is going to be a long-ish and exalted neophyte read, purely optional.

If you prefer a less-neophyte approach, here’s a post of a very influential EMM expert (I follow for quite a while) that did the same thing around the same time as I.

OK, now my version.. You’ve been warned 🙂

Given the events in the last two years, I think that UEM solutions are ripe for conquering whatever remaining market is left there, and VMware is surely spearheading the charge with AirWatch (market-dominant) and the new WorkSpace ONE (watch the cool 7-min  demo here). I am personally really sold on this story and here’s why:

  • One can’t manage iOS without EMM
  • In 2017 Google had really made Android Enterprise their focus, and I believe it is now very much ready for “serious” Enterprise use. Up to the point of stating that GMS devices are now better and more secure than non-GMS. That being said, I’ve never been a fan of AirWatch managing Android pre-AE, but with AE the playing field is levelled and most of the custom stuff that other EMM vendors did no longer matters.
  • Desktop OSes (Win10 1709+ and MacOS High Sierra+) can be managed with EMM just like the mobile devices, and both MS and Apple seem to take this direction seriously.
  • CE6 is dead and WEHH6.5 dies in less than two years. Given no other competition, everythin will be either iOS or Android, and none of those can be realistically deployed without MDM/EMM. And another weak spot for AirWatch that is going away soon.
  • Identity management and SSO have fully matured in the last few years, and are ripe to become standard, rather than “enhanced/advanced” functionality in the Enterprise infrastructure. And WorkSpace ONE (if you’ve seen the demo) has a unique value proposition here.
  • Being able to show off AutoCad on an iPad is cool! 🙂 But more importantly, being able to free the enterprise from the leash of legacy apps (must have IE6, Java5 etc etc etc) by delivering them virtualized even to mobile devices means that mobile first has to real reason not to happen.
  • Who else can combine the industry-leading EMM/UEM, identity management and virtualization into one package?

So, where else to be in the EMM world? 🙂

Or do you disagree? Let me know your thoughts here or on LinkedIn/Twitter!

P.S. Bonus point to those who recognize the cover image 🙂


Do Android Enterprise and GMS mean the end of differentiation for Android Device and EMM vendors?

After publishing my post regarding tightening the screws on non-GMS devices and gradual move towards all-GMS in the Enterprise, I have received a response, which was very representative of what I was thinking last year, when digesting all the Android Enterprise news [formatting and edit by me]:

AOSP was or still is the major [vendor]  differentiator. With all these Android changes
1) it will be almost no matter what devices will be engaged
2) the role of 3rd party EMMs will go down. Google will be everywhere.
Do you feel it as a positive news?

Before looking any further, please pause and consider, how do you feel about that? Now, read on!


A perspective on IoT and Wi-Fi coexistence (WLAN Professionals Conference EU 2015)

Yours trully unexpectedly ended up talking at WLAN Professionals Conference Europe 2015 on a subject of IoT and Wi-Fi. I heard good feedback after the session, so you might be interesting in watching 16-min video yourselves. (Disclaimer: presentation on my own behalf and may not reflect the official position of my employer). If you find some context in my video unclear, you might want to view the video of David Coleman, as my talk was largely provoked by his presentation (the current state of IoT allows for more than one perspective on things). Let me know, what’s your perspective on this matter in comments!

BTW, it was my second time there (and a second ad-hoc talk) at WLPC EU, and I absolutely enjoy it. If you reside in Europe and you are into Wi-Fi, you want to be there next time! There were many interesting sessions at the conference, you can view all the recordings here: