Blog

Top 3 Tips when taking software to mobile devices

 

Introduction

Can we have a version of that for Tablet and Smartphone please? We have long since passed the point where tablets and smart phones are being used for business, the challenge is when a proprietary system has functionality that is inaccessible on these devices. This article attempts to address the key criteria to assess before taking that step forward.

Which part?

“We want to use the system on our iPad” is all well and fine, but does the entire system need to be accessible via a tablet? For example, in a CRM system, the list of clients and client contacts is viewed almost every time the user logs on, it’s a primary purpose of the system, but do they really to be able to change their user settings or schedule reports to run via a tablet version? It might make sense to take a phased approach and leave the less frequently used parts of the system for a future phase, if at all. The main objective is usually to make the frequently used parts of the system available on different devices, not to make a complete mobile version of the system, making that distinction can save an awful lot of time and money.

Which way?

The existing systems architecture will influence many of the decisions to be made and also affect what sort of effort will be required. Having the same functionality implemented on different platforms will greatly increase the effort and costs when implementing new or changing existing functionality. For example in a windows-based system, it might make sense to move all common functionality to a WCF service that can be called by both the windows application and the mobile version, this would ensure only 1 set of code and greatly increase maintainability. Thought has to go into which platforms to develop for, is both Android and iOS required? If so, can that perhaps be implemented by making a dynamic web-based version of the application (using responsive or adaptive html) that is then accessible and works across platforms. Often a change to the main application can make moving forward much easier.

Watch it!

Maintain the system’s integrity is often overlooked in these types of projects, with all the excitement of moving to a mobile platform issues such as system and data security can be overlooked and with this different type of accessibility come different types of security challenges. The usability of the system is also something that can be underestimated, to do this properly the commonly used pieces of the system need to be redesigned so that they are usable on the different devices. To get the most out of the system it will look different on a tablet from a Smartphone.

 

George Toursoulopoulos is a technology specialist and Director at Synetec, one of the UK’s leading providers of software services and solutions.

Quick Guide to Software Security

 

Security has been a priority for companies for many years now and with so many high profile companies being hacked, it’s no wonder. With brute force, dictionary and rainbow table attacks the amount of time it takes to crack a password is frighteningly quick. This guide discusses some of the methods to crack and what can be done to protect your systems against security threats.

How is the hacking done?

With massive parallel general purpose graphics processing password cracking and rainbow tables, it’s possible for hackers to produce more than 500,00,000 passwords per second, even with low end hardware. Depending on the software, rainbow tables can be used to crack 14 character alphanumeric passwords in about 160 seconds. Faster than how long my daughter takes to unlock my iPhone pass code!

Rainbow tables achieve this by comparing a password database to a table of all possible encryption keys. This requires a large amount of memory, and memory is cheap. With hardware improving a password doesn’t stand a chance. Over and above these techniques social engineering still remains a big threat, all the encryption and strong passwords in the world don’t mean a thing when the user gives out their password. Phishing tactics are getting better and are very effective, with false emails and forged websites they trick an alarming amount of people into giving up their passwords.

What are the options?

Basically it boils down to single factor or multi-factor/two-factor authentication (2FA). Single factor authentication secures a system through only one category of credentials, for example a login and a password. 2FA is where a user’s credentials are made up of two independent factors.

 

Single Factor

There are challenges with attempting to secure your system with a password. The most common one being that users either don’t understand how to make a strong and memorable password or underestimate the need for security.

The extra rules that are necessary to make passwords strong often result in users forgetting them or having problems which results in needing password resets, which often rely on help desks (see costs). Single factor does have its advantages though, it’s cost-effective, easier to manage and less things can go wrong.

There are some things that can be done in order to make it more effective though, namely:

  • Passwords need to be long enough (minimum of 8 characters), include a mixture of letters, numbers and be case-sensitive. A password meter is recommended and has been proven to help.
  • Passwords could be partially inputted, for example character 3, 5 & 7 of the password
  • Passwords should be stored in the database in an encrypted format and then the software can verify them via a decryption key
  • Where possible the login and password can be locked down by 1 or more IP addresses (although that effectively becomes 2FA)
  • Users need to be educated on how to protect themselves and their passwords

 

2FA

As mentioned before, 2FA is where a users credentials are made up of two independent factors, such as:

  • Something that the user knows (PIN, password, questions, etc…)
  • Something that the user possesses (key fob token, mobile phone, smartcard, etc…)
  • Biometric data (fingerprint, iris, voiceprint, etc…)

Obviously some of the above options are going to be more suitable than others and there is a cost implication with each of these. I would like to briefly discuss the more popular options in order to give a better understanding and also because it is unlikely that a company will protect their CRM system with an iris scan. Horses for courses.

Hardware tokens are the most prevalent, most commonly implemented with a user being given a key fob that is combined with a password. The key fob displays a pseudo-random number that changes periodically and the user inputs this number to prove that they have the token. The server that is authenticating the user must also have a copy of the each key fob’s ‘seed record’, the algorithm used and the correct time and then in turn can authenticate the user. The key fob itself contains this algorithm and the ‘seed record’ and generates the number that is verified by the server. There are different options to the key fob such as USB stick based solutions, for example YubiKey, which is being used Google, Facebook and the US Department of Defense. With such high profile customers and a cost starting from $18 per user it is understandable why it is so popular.

Software tokens are on the rise, the key fob functionality has been replicated for the Smartphone and been in use since the year 2000. The technology is exactly the same as that in use with the hardware version, however instead of needing an additional fob an app on the Smartphone is used. Different software apps are available for smartphone’s as well, products like Toopher can verify where the user (or their Smartphone) is physically located and the first time a user tries to login from a new location, they must be given permission to do so via the app. The pricing starts at $1 per month per user.

Another effective way to authenticate a user with the aid of their mobile phone is by sending them a code via text message, this code would change with every request and would expire. This is a relatively simple and cost-effective solution, with companies providing text message capabilities from a couple of pence for each message.

 

Parting Thoughts

There are many solutions to deal with an ever-increasing challenge that we all have to address in one manner or another. You don’t need a machine gun to kill a mosquito though, don’t know if that is a saying, it should be, but taking into account the various factors that influence your security requirements is key, so to speak.

The factors would be how sensitive the information is, what would be the repercussions if the system was hacked (customer confidence, regulations, etc…), the user particulars (number of, location, etc…) and costs.

 

George Toursoulopoulos is a technology specialist and CEO of Synetec, one of the UK’s leading providers of bespoke software solutions.

3 Reasons to NOT move away from Excel Development

 

Following the feedback I received from the earlier article titled 3 Reasons to move away from Excel, it seemed necessary to talk about why it would make sense not to move away from an Excel-based solution. There are obvious reasons why you would create a solution within Excel, but this article discusses why you would stick with it in the medium to long term and furthermore what you need to plan for initially in order for it to be robust enough to deliver value in the long term.

Dynamic Environments

When requirements are ever-changing, when inputs can vary regularly and outputs needs to be highly configurable then Excel is still an excellent choice. Its weakness is, in this scenario, its strength. While using an application built in compiled code that sits on a relational database for the same scenario can add robustness and scalability, it is also slower than Excel in terms of change. There is a trade off and if the environment is very dynamic, Excel might be the most sensible choice.

Everybody is a coder

In certain environments where requirements require a very specific skill set and where the ability to learn basic programming skills is a complimentary mindset, it can make sense to have the users develop their own applications. A few of our clients are actuaries who are ideal candidates for that scenario. They can pickup VBA coding quickly, they obviously understand the requirements and in that scenario Excel can be the perfect platform. When a more permanent data store is not required and solutions are used for repeatable calculations, a non-trained programmer with all the business knowledge can be very beneficial.

Cheap today, could also be cheap tomorrow

Software licenses, database licenses, support contracts, servers, cloud platforms and development tools are all a necessity in a more structured development environment. There are costs on both side of the fence, it’s simply a case of weighing up the costs on both sides along with the requirements as a whole. In the above scenarios actuaries are most definitely well equipped to build their own Excel-based solutions, but the costs of that salary needs to be taken into account.

Excel and Longevity

So, you have decided it makes sense to build or keep an existing solution in Excel, how do you ensure a return on your investment? We get called in fairly regularly to perform Excel System Audits and the primary reason for that is the solution is not performing as it once was (deteriorating performance or causing errors). Often that is combined with a team member having moved on and the solution is extremely difficult to take on for other team members. Managing code of any kind, even within an Excel application, is made infinitely easier if certain basic programming principles are adhered to and those principles can be relatively easily learnt with some initial training. An initial audit can reveal instances of non-optimal coding practises and potential problem areas along with how to correct them. Documentation is another big area that we find can make a difference. As tedious as it might be to create it makes a significant difference and should be absolutely essential. The true rewards of documentation are reaped when that team member moves on.

 

George Toursoulopoulos is a technology specialist and CEO at Synetec, one of the UK’s leading providers of bespoke software solutions.

Page 8 of 9« First...56789

RECENT POSTS

RECENT JOBS

ADDRESS

413 The Print Rooms
164-180 Union Street
London, SE1 0LH
Phone: 0208 1444 206
Website: synetec.co.uk
Email: info@synetec.co.uk

DISCLAIMER

Important: The information contained in this website is for general information purposes only. Any reliance you place on such information is therefore strictly at your own risk. Synetec Ltd endeavour to keep it up to date and correct.
All images are copyrighted to their respective owners.
Bitnami