What Users Should Require in Software-as-a-Service (SaaS)

We, the users, should stop thinking about software as a thing to own. The direction is toward a service model for better and worse.

What should a keen-eyed shopper value?

  • No data lock-in – the user should own their data and be able to export it at any time through the native user interface without having to jump through hoops (except for encrypted data – see below). The export should be in a common format like plain text, XML, CSV, etc. and not a proprietary format.
  • Direct support – a web interface, email address, and chat at a minimum is required. Any service only offering support through an app store is a major red flag.
  • Multi-platform – unless you only live in Apple’s or Google’s ecosystem any SaaS must at least support your top two platforms. If you are GNU/Linux or Windows on your desktop, this is a must-have for your mobile devices.
  • Multi-cloud – unless you only live in Apple’s ecosystem any SaaS must support Dropbox as a second option at a minimum. iCloud is limited to macOS, iOS, and Windows but the Windows support is abysmal IMHO.
  • Mobile support – must handle landscape and portrait layouts and support tablet sizes. I am surprised at the software that still does not do this basic task.
  • Encryption – must support industry standard best encryption options. If a SaaS offers its own custom encryption RUN AWAY! Exporting encrypted data should offer unencrypted and GPG-passphrase-encrypted options though few do today.
  • Active development – this is easiest to verify if they have a public GitHub or similar repository. App stores will also show when the last update hit. Careful reviews of app store ratings can help figure out the historical time line. Check in Reddit and StackExchange and other public forums.
  • Native (non app store) desktop releases – on the desktop the ability to get the software outside of the Apple or Microsoft or Google app stores is a plus. Even if you prefer the app store version – and most users should for the added security – the developer’s willingness to offer a direct-to-the-customer version of their software with a license is a good sign. Also, any revenue the developer gets from these direct sales is 100%. Apple app store versions costs the developer 30% or so.
  • In App Purchases – not bad in and of themselves, a developer should not “nickel and dime” customers with small features. There should be an option for some kind of a premium bundle which offers all add-ons for a reasonable 1 time fee.
  • Data sync – this is a tough one. Most SaaS developers will come up with their own sync solution after changes to DropBox made it more difficult for developers. iCloud on iOS & macOS works in the Apple ecosystem. OneDrive might eventually for Microsoft and some Android stuff, and Google Drive for the Google stuff. I think so long as the sync adheres to the above you are good.
  • Local storage – some apps like 1Password and TextExpander offered local repository options but deprecated them for IMHO less than compelling reasons related to sync and cloud. Users should have the option to store sensitive data locally and forgo sync & cloud for that data.
  • Feature & scope creep – watch out for Saas that suddenly introduce changes for enterprises and large groups while removing or reducing functionality for individual users in order to accommodate the expansion.

What else should users look for in a SaaS product?

[2017] Emergency Preparedness

I am a big fan of planning for “the Big Dark”, where the power is out for more than 3 days. Analog systems, like printed and hand-written records, will be more useful. 

Remember: Emergency preparedness isn’t only for you. it is also so others can contact you when something bad happens to them.

There are drawbacks, mostly around family dynamics this article assumes are moot when emergencies happen.

Note: These are my recommendations. Your mileage may vary. I look forward to constructive input on how best to prepare in the digital age.

Keep an off-line list of emergency info & numbers with you

There was a time where people either knew important numbers and information or carried a address book – a printed out, dead tree address book – and a much of change to use a pay phone (remember those?) to call people. We need to embrace at least a subset of that.

Your health insurance information should be in here. Insurance providers, policy information, doctors information, and maybe prescriptions information should be included.

In certain countries you may need your ID number as well (though US residents should NOT carry their Social Security card or number).

How about this: keep the numbers of your family and close friends in case your phone dies. I could not call anyone except my children if my phone failed, and they don’t often answer their phones – especially from an unknown caller.

As I’m living in a foreign country I carry a card or two that I can use to get me home. In case you’re traveling, disoriented, or inebriated having a card or two to help you get home can be a life saver.

Carry a bit of cash with you, too, in your wallet.

Keep an off-line list of emergency info & numbers at home

This should be a superset of what you carry with you. Your actual cards and birth certificates and stuff (if they are not in a safe deposit box already) should be in a ready-to-carry locked fireproof box in case of emergency. Bank account information, other financial records, and whatever else needed to rebuild after a disaster should be in here.

Throw some currency in the box, too. While it is in there it isn’t working for you, gaining interest or buying food. But if the power goes out no credit or debit card will help. Having cash will help.

[iOS] Enable Emergency Bypass in iOS 10:

I’ve used the Do Not Disturb feature in iOS since it was introduced. This feature allows you to set “quiet times” when your device won’t alert you with notifications, including phone calls and text messages. It can be activated manually or set to activate at recurring times. I have my set to activate from 10:00 p.m. – 6:00 a.m. each day, mainly to avoid “wrong number” calls at all hours of the night.

You have always been able to set a specific group of people you want to exclude from the Do Not Disturb settings. This can be a group you designate in your Contacts or your iPhone’s Favorites list. For years I’ve created a contacts group called “VIP” that I had excluded from Do Not Disturb that included family and a few close friends and other important numbers. While this is handy, it may not cover everyone you want to be able to reach you in the event of an urgent matter. With iOS 10, you have more granular control and can now set contacts on an individual basis to bypass the Do Not Disturb Settings.

To activate the feature select the contact card you want to exclude, edit the contact and select ringtone. At the top of the ringtone menu you’ll now see a toggle for “Emergency Bypass”.

… This is a segment of an article that first appeared in the November Issue of ScreencastsOnline Monthly Magazine. ScreenCastsOnline monthly magazine is packed with hints, tips, articles and links to streamable versions of ScreenCastsOnline tutorials and delivered monthly on the iPad. You can find out more at https://www.screencastsonline.com/membership_benefits/

(Via KatieFloyd.me)

I am not sure if Android offers a similar feature.

[Android] Use Google’s Trusted Contacts App

Trusted Contacts runs on top of a pretty simple concept, with the tap of a button an approved list of people can request your location from wherever they may be. Users will need to manually approve who can request their location, and once a request is sent, the user will have 5 minutes to approve or decline the request before the app automatically approves and sends it.

This app takes things up a notch as well by adding offline support, in a sense. If a user heads outside of active cell service and internet access, the app will report the last known location for that user 5 minutes after a request is sent. Contacts can also “walk each other home,” virtually. This essentially enables one user to keep track of another user’s location as a live feed.

… Before you can share your location, though, you first have to go through the process of adding contacts to the application…

How to add contacts:

  1. Open the Trusted Contacts application
  2. If this is the first time setting up the application, Trusted Contacts will walk you through adding contacts
  3. To set up new contacts, either tap on the Add contacts button found at the bottom of the home screen or open the menu by selecting the Menu button in the upper left-hand side of the screen and tap on the Add contacts option
  4. Here you can search through the contacts on your device and select Add next to the individual to send them an invitation to be a trusted contact

(Via 9to5google.com)

i am not sure if iOS offers a similar feature.

Set up lock screen emergency information

This is a old tip but still useful.

Basically take a picture of contact information and make it your device’s lock screen. Tailor the content to provide what is needed without going overboard. Imagine you are passed out on the sidewalk and the only thing people can get to is your phone’s lock screen. What is the critical information you can provide on there that doesn’t open you up to identity theft?

I find this more useful than the login banner message most devices support. One doesn’t have to wait for the message to scroll, where almost all users put the contact email or phone number.

What else?

What other things, simple and inexpensive and effective, that folks should do?

Kit & Caboodle: The Series & The List

Want to know what I’m carrying in my consulting bag?

Continue reading “Kit & Caboodle: The Series & The List”

Motorola Provides an Argument for Apple as a Corporate Mobile Standard

I’m unlikely to recommend Android devices until Google and the hardware providers get the upgrade situation under control. I might make an exception for the Nexus and Samsung devices, but as I write this I have no faith in the rest of the Android ecosystem.

As I often do, let me tell you a story to illustrate this opinion:

When I started with IBM I chose the Motorola Droid Maxx over other Android phones and Apple iPhones.

My choice wasn’t arbitrary. I did my research.

The decision of iOS versus Android wasn’t a fair fight. KitKat made it easier to be effective. Sharing data between apps was not just easier, it was POSSIBLE on Android. iOS could copy and paste, but not much else.

The Maxx offered excellent battery life (I easily get through a full day on a single charge), a decent screen, an adequate amount of storage, and a rugged build according to my research. Two other major reasons I went with it was that Motorola was a part of Google (at the time) and they listed it as on the upgrade path to Android Lollipop.

14 months later and the only thing still true is the battery life. The screen cracked easily and repeatedly with regular use, the 16GB storage barely keeps up with my minimal workload, and it quickly becomes sluggish unless I close apps and/or reboot.

As for the upgrade to Lollipop, Motorola changed tack yesterday:

We apologize that we will not be upgrading DROID Ultra/Mini/Maxx to Android Lollipop, as we had hoped. We know how important software upgrades are to our customers, and we’re very sorry that we are unable to provide the upgrade.

The Maxx is still on 4.4.2 while Marshmallow (version 6) is the release du jour on Nexus. Verizon released few updates (and they’re complicit in the upgrade mess) but not at the cadence required. I’m sure my Maxx is vulnerable to many issues long since fixed on other platforms. Corporate mandates and enforces robust mobile security, yet I only use my corporate issued phone for email, calendar, tasks, and internal instant messaging. I don’t trust the phone to do much more. I’ve removed almost all non-stock applications.

My personal phone, the older OnePlus One with the Cyanogen Android flavor at 5.1.1, sees vastly more attention than the Motorola. On the 1+1 I do my social media and podcasts and RSS feeds and whatnot, much of which is work related or adjacent.

The funny thing: I used to carry a second phone to protect me from my benevolent corporate overlords. Now my personal phone protects my clients.

iPhones receive regular updates – some better than others, but Apple updates viable phones for a long time (the iPhone 4S, anyone?). Apps have to keep up, for better or worse. Newer iOS versions addressed the data sharing issue, making Apple  devices more useful to me as productivity tools.

The moral of my story is that I’m going through the process to replace the Maxx with an iPhone, but it’s a bureaucratic mess that takes time. Now that Motorola came clean, the upgrade path theoretically eases.

What about you? What are your experiences in this space? Have you standardized on iOS or Android or Windows? Or do you struggle with the mercurial nature of the vendors and your users? What about when vendors pull the rug out from under you? Are you considering alternate platforms like Microsoft Windows Mobile and Ubuntu?

Full Disclosure: I work for IBM. IBM and Apple are partners (who would have thought that in the 80’s?). My opinions are mine alone.

Content: Creation Versus Consumption

I find myself spending time consuming content – the Web via RSS feeds (yes, they’re still in use), streaming video, and on-line radio (real radio stations and not streaming audio).

I don’t find myself creating content – on my various web sites or presentations or in social media – as much as I’d like. Sure, I podcast & tweet & G+ update & so on.

“What’s the ratio?”

I asked myself this today out of nowhere. It’s a simple question: “What’s my ratio of content consumed to content created?”

What’s reasonable? 50/50 is absurd. Maybe 10% my content to 90% consumption is a workable fraction?

Even a 1/9 ratio is absurd based on my RSS feeds. I receive over 1000 posts a day. There’s no way I can generate 10 posts per day.

Of those 1K posts, there are maybe 200 in which I show an interest. Of those, how many are tweet-able because I find them interesting but not interesting enough to write a post? Let’s say 180.

That being the case, is my issue more process than content?

I don’t have an answer. Not yet, anyway.

Thoughts?

Advertising & Tracking Experiment Over

I’m turning off Google AdSense and Analytics. It wasn’t worth my time or effort. The trade off was lousy.

What To Do After You’ve Been Hacked | Gadget Lab | Wired.com

Hack

Imagine what it would be like if you woke up one morning to find you’d been hacked.

Whether you were hacked, phished, had malware installed or just don’t know what the heck happened but there’s somebody all up in your e-mail, here are a few good first steps to take following an incident. This is by no means comprehensive, but it’s a good start.

via What To Do After You’ve Been Hacked | Gadget Lab | Wired.com.

Mat Honan knows better than most. You may recall he was infamously hacked last summer. His tips are solid. I’d add a few more.

Use a password management service

In the aftermath of Mat’s experience I reflected on my personal accounts and those I needed for work. If I had to remember everywhere I had an account – and forget about remembering what my login was – I’d have no way. I moved to LastPass a few years ago to help me wrangle them all. 1Password is also well-regarded. Make sure you have a strong password and Google Authenticator set up. I recommend paying the $12/year for the pro service.

Rebuild your PC

New hard drives are inexpensive for your computer. Buy a new one and an external hard drive enclosure. Install the new hard drive in your computer and the old one into the enclosure. If you have one of the Ultrabook style laptops you might need to hire someone to swap the hard drives for you.

Then reinstall the Operating System (OS) from your media backups. If you don’t have them contact the PC manufacturer’s technical support for help. Install your apps and the password management service.

Commit yourself to backups

Everyone should have a backup strategy that works for your needs, technical ability, and economic situation. I recommend starting off using an external hard drive with Windows 7 File Recovery (formerly known as Backup), Windows 8 File History, or Apple OS X Time Machine. I strongly suggest also using a cloud based service like CrashPlan as an extra level of protection. Read Lifehacker’s guide to setting up a solid backup plan for more details.

Also check out Lifehacker’s post to things to do post-hack here.

Ubuntu 12, Thunderbird Email, and Google Integration

I like desktop email clients. Mozilla Thunderbird is a great open source cross-platform option.

Here’s how I integrated Thunderbird on Ubuntu with my Google Calendar.

Go here for setting up Thunderbird. Then go here. This could work on other platforms.

On-Line Banking Inadvertant Insecurity

I was in Canada for work. I needed to make an on-line payment for one of my credit cards. I found it odd that the bank’s web page, Citi Bank, showed a different landing page than I was used to. I went to another bank’s page, HSBC, and it was different, too.

I assumed the hotel I was in was compromised or I was. It wasn’t until I returned home and fired up a known good PC that I found the bank web pages were legitimate.

This is a problem the banks need to resolve. Often I find banks change their landing page or authentication methods without notice. It makes it really hard for customers to know when they have a compromised connection versus a cosmetic restyling of their site.

I think banks and financial institutions should make and keep their pages as simple as possible. They can implement methods to verify the page’s authenticity by displaying a custom user image, for example. Banks can reasonably verify users by implementing two-factor authentication

I like Google’s Authentication method for its balance of the transitory to the more permanent. Would I recommend banks implement Google’s solution? Maybe not. But I like the two-factor option for “normal” access and super complex random strings for financial tools like mint.com. If you add in custom reset questions and GeoIP restrictions, it could be effective in most cases.

What are your thoughts? How can banks in the US and other countries improve their security while making their sites more flexible?