Cyber Tech 2015 – It’s a Wrap

It has been a crazy two days at Israel’s Cyber Tech 2015…in a good way! The exhibition hall was split into three sections: the booths of the established companies, the startups pavilion and the Cyber Spark arena. It was like examining an x-ray of the emerging cyber industry in Israel, where on one hand you have the grown-ups whom are the established players, the startups/sprouts seeking opportunities for growth, and an engine which generates such sprouts—the Cyber Spark. I am lucky enough to be part of the Cyber Spark growth engine which is made up of the most innovative contributors to the cyber industry in Israel—giants like EMC and Deutsche Telekom, alongside Ben-Gurion university and JVP Cyber Labs. The Cyber Spark is a place where you see how ideas are formed in the minds of bright scientists and entrepreneurs which flourish into new companies.

It all started two days ago, twelve hours before the event hall opened its doors, with great coverage by Kim Zetter from Wired on the BitWhisper heat based air-gap breach, a splendid opening which gauged tremendous interest across the worldwide media on the rolling story of air-gap security investigated at Ben-Gurion university Cyber Research center. This story made the time in our booth quite hectic with many visitors interested in the details, or just dropping by to compliment us on our hard work.

 

Startups

I had enough time to go and visit the startups presenting at the exhibition which were the real deal—as someone living in the future—and I wanted to share some thoughts and insights on what I saw. Although each startup is unique and has its own story and unique team, there are genres of solutions and technologies:

Security Analytics

Going under the name of analytics, big data or BI there were a handful of startups trying to solve the problem of security information overload. And it is a real problem; today security and IT systems throw hundreds of reports every second and it is impossible to prioritize what to handle first and how to distinguish between what is important and what is less important. The problem is divided to two parts: the ongoing monitoring and maintenance of the network and managing the special occasions of post-breach—the decisions and actions taken post-breach are critical since the time is pressing and the consequences of wrong actions can damage the investigation. Each startup takes its own angle at this task with unique advantages and disadvantages and it is fairly safe to say that the security big data topic is finally getting a proper treatment from the innovation world. Under the category of analytics, I also group all the startups which help visualise and understand the enterprise IT assets addressing the same problem of security information overload, in their own way.

Mobile Security

Security of mobile devices—laptops, tablets and phones—is a vast topic including on-device security measures, secure operating systems, integration of mobile workers into the enterprise IT and risk management of mobile workers. This is a topic that has been addressed by Israeli startups for several years now, and finally this year it seems that enterprises are ready to absorb such solutions. These solutions help mitigate the awful risk inherent in the new model of enterprise computing which is no longer behind the closed doors of the office—the enterprise is now distributed globally and always moving where part of it can be on the train or at home.

Authentication

We all know passwords are bad. They are hard to remember and most of all insecure and the world is definitely working toward reinventing the ways we can authenticate digitally without passwords. From an innovative point of view, startups of authentication are the most fascinating as each one comes from a completely different discipline and aims to solve the same problem. Some base their technology on the human body, i.e., Biometry, and some come from the cryptographic world with all kinds of neat tricks such as zero knowledge proofs. From an investor point of view, these startups are the riskiest ones since they all depend on consumer adoption eventually and usually only one or two get to win and win big time while the rest are left deserted.

Security Consulting

Although it is weird to see consulting companies in the startups pavilion, in the world of security it makes a lot of sense. There is a huge shortage in security professionals globally and this demand serves as the basis for new consulting powerhouses that provide services such as penetration testing, risk assessment and solution evaluation – the Israelis are well-known for their hands-on expertise which is appreciated across the world by many organizations.

Security in the Cloud

The cloud movement is happening now, with a large part of it and enabler to it being security—and startups of course do not miss out on that opportunity as well. Cloud security is basically the full range of technologies and products aimed to defend the cloud operations and data. In a way, it is a replica of the legacy data center security inventory simply taking a different shape to adapt better to the new dynamic environment of cloud computing. This is a very promising sector as the demand curve for it is steep.

Security Hardware

This was a refreshing thing to see with Israeli startups which tend to focus, in recent years, mostly on software. A range of cool devices starting from sniffers to backup units and wifi blockers. I wonder how it will play out for them as the playbook for hardware is definitely something different from software.

SCADA Security

SCADA always ignites the imagination thinking to critical infrastructure and sensitive nuclear plants—a fact which has definitely grabbed the attention of many entrepreneurs looking to start a venture in the interest of solving these important issue. Problems such as inability to update those critical systems, lack of visibility with regard to attacks on disconnected devices, and ability to control the assets in real-time in the case of attacks. The real problem with SCADA systems is the risk associated with an attack that anyone would try to avoid at all costs, while the challenge for startups is the integration into this diverse world.

IOT Security

IOT security is a popular buzzword now and hides behind it a very complicated world of many devices and infrastructures in which there is no one solution fits all resolution. Although there are startups which claim to be solving IOT security, I project that with time, each one of them will find its own niche—which is sufficient as it’s a vast world with endless opportunism. A branch of IOT that was prominent in the exhibition was car security with some very interesting innovations.

Data Leakage Protection

As part of the post breach challenge, there are quite a few startups focusing on how to prevent data exfiltration. From a scientific point of view, it is a great challenge consisting of conflicting factors—the tighter the control is on data, the less convenient it is to use the data on normal days.

Web Services Security

The growing trend of attacks on websites which has taken place in recent years and the tremendous impact this makes on consumer confidence, i.e., when your website gets defaced or is serving malware, grabbed the Israeli startups attention. Here we can find a versatile portfolio of active protection tools which prevent and deflect attacks, scanning services which scan websites and tools for DDOS prevention. DDOS has been in the limelight recently and with all the botnets out there, it is a real threat.

Insider Threats

Insider threats are one of the biggest concerns today for CISOs where there are two main attack vectors: the clueless employee and the malicious employee. This threat is addressed from many directions, starting with profiling the behaviour of employees, profiling the usage of data assets and protecting central assets like Active Directory. This is definitely going to be a source for innovation for the upcoming years as the problem is diverse and difficult to solve, in that it involves the human factor.

Eliminating Vulnerabilities

Software vulnerabilities was, is and will be an unsolved problem and the industry tackles it in many different ways, ranging from code analysis and code development best practices, vulnerability scanning tools and services and active protections against exploitations. Vulnerabilities are the mirror reflection of APTs and here again there are many unique approaches to detect and stop these attacks, such as: endpoint protection tools, network detection tools, host based protection system, botnets detection and honeypots aiming to lure the attacks and contain them.

What I did Not See

Among the things I did not see there: tools which attack the attackers. developments in cryptography. containers security. security & AI and  social engineering related tools.

 

I regret that I did not have much time to listen to the speakers…I heard that some of the presentations were very good. Maybe next year at Cyber Tech 2016.

What does cross platform mean?

Cross platform is tricky. It seems like a small “technical” buzzword but actually, it is one of the biggest challenges for many technology companies and has different aspects for different people in the organization and outside of it.

Developer Point of View

It all starts with the fact that applications can potentially be targeted towards different computing devices. To get more people to use your applications you would like it to run on more and more device categories whether it is different smartphone operating systems or a desktop computer vs. a tablet.

I’ve met the term cross-platform in my first job (20 years ago) as a developer after I left the army and that was when we coded an antivirus scanning engine. We’ve built it purely in C to make it “compilable” and “runnable” on different desktop and server operating systems without being aware that we were building a cross-platform product. Today when you search for the term cross-platform on google you can find app developers challenged at running their apps both on iOS and Android. The aspiration to have a cross platform code base lies in the economic rationale of write once and run everywhere instead of developing again and again for each proprietary coding language and standards of each platform. Cheaper to develop and easier to maintain.

Sounds easy and good, no? Well, no. Even today after so many years of evolving development tools. The main reason it is not straightforward is the simple fact that each platform, when you go into details, is different than others, either by hardware specifications or by operating system capabilities, and at some point, you will need to have a piece of code that is platform specific.

For example, let’s take iOS and Android: on Android you have the ‘back’ button and on iOS you don’t. To make sure your code behaves “naturally” on Android you need to add some Android specific code to handle the ‘back’ action while it will be useless on iOS.

Cross-platform tools have evolved quite a bit, tools such as html5 based mobile app development environments.  Still, I’ve never seen a real application which was built in full using only cross-platform code. There is always the need to tweak something for a specific device or specific platform, there is no escape from it.

I always wondered why platform providers (Google, Microsoft, Apple…) have never bothered too much to support such cross-platform tools and even more, they seem always to make life much more difficult for such tools. I can understand the rationale of “not helping my competition” though I think that at some point in life the basic fact that not a single platform will win all the users sinks in. It may be more productive to apply cooperative strategies vs. only competitive ones. Indeed they may loose some developers to other platforms while at the same time they will win some switching to theirs and most important is that it will make developers’ life easier and with apps which will end with a good result for everyone.

QA Guy/Girl Point of View

For the QA team, cross-platform means usually a pain in the neck. First, you need to test it across different environments and life could have been so much easier if it was on one platform. Even supporting one platform is not easy nowadays due to versioning – iOS as a mild example for complexity and Android which is catastrophic due to its fragmentation.

The other aspect which is more problematic is the fact that developers which work with cross-platform tools are somehow shifting the “responsibility” of making sure their results are working properly and putting it on the tool itself to blame. As if they were doing the best they could and complying with whatever was requested of them and the fact that it does not work is not their responsibility. This state of mind automatically moves the blame to the person who found the bug, hence the QA person. Eventually developers are fixing whatever is needed but still, it is not the same situation as in the case of a platform specific developer and QA person. Maybe it is because the developer can not practically run all the tests on all the devices prior to handing the software which always leaves some quality gap “open”.

In general, QA have become highly challenged with the multitude of different devices out there which are very different one from the other. Previously ( a long time ago) you had Microsoft Windows for personal computers and Unix based servers. Now you have lots of operating systems, numerous hardware configurations and ever accelerating pace of releasing new OS versions so it does not make life easy, to say the least for the people who need to ship the software. Now add to that a cross-platform product:)

Product Manager Point of View

The product manager sees cross-platform from a whole different angle and that is more close to users’ perception. Cross platform is more about what people do with their devices, when and how they use them and how the product can adapt itself to the unique device-user context. For example on a smartphone, you might expect a “time wasting” behavior or a very efficient task-oriented behavior for getting something done vs. on tablets which can be used in more relaxed times driving different behavior. The challenge here is to really understand how your target audience can and may consume your products via each specific device and platform and how to adapt each platform specific version to serve that behavior. Of course, it contradicts the basic aspiration of the R&D division to write less platform specific code.

Marketing Team Point of View

The marketing team sees cross-platform as an opportunity. In a way, they are the only ones who don’t see the “burden” and try to enjoy the potential distribution hidden in the rich set of devices out there. More devices, regardless of their type, represent more users/consumers and that means more market. Sometimes each device reflects a specific market segment which carries on an overhead of reaching out to them such as in the case of specific gaming consoles and sometimes your target market just happens to be diverse in terms of consumption device and the users use a different kind of devices and platforms such as in the case of smartphone users.

The User Point of View

Users are kings of course and they want everything to run everywhere. Today it seems even “not ok” for an application to be only available on one platform as it can be even a sign of “laziness” of the provider or lack of attention the developer gives to the market. What really spoiled users is the web which is cross platform by nature and for users, it is too much to understand why Gmail is available everywhere and not my favorite iOS calendar app.

And that’s ok, they should not be bothered by that as they are kings.

The dark side of Android fragmentation

One of the main problems with Android for app developers contemplating on Android vs. iOs is the fact it is highly fragmented. On  iOS you, unconsciously, know that you need only to build one version (Let’s keep the example simple) and it will work on all devices, you know that Apple is doing everything to make sure everyone has the latest version and that there is a decent level of backward compatibility.  For Android developers things have turned up differently, due to the way Android is “openly” distributed, you can not be rest assured that your app will run the same way or will even run at all on your users’ devices. Different incompatible Android versions, devices with different capabilities, OEM customizations and plain third party OS customization turn each Android device to be different then the other and that is usually a bad sign for developers. This infographics says it all.

Android fragmentation is a topic that has been discussed and acknowledged quite thoroughly in the industry and that is not what I want to uncover here. On aspect of the fragmentation, which has been neglected and left out of discussion but has no lesser impact on the apps industry is the variety in terms of screen dimensions, resolutions and input capabilities. This variety in devices input and output capabilities does not really impact you if you are developing apps with minimal user interaction. Thinking of it then it is quite hard to come up with such an example in today’s tablet/smartphones world. Most of the apps today are “intensively” focused on user experience needless to say judged totally by the experience itself. To design and develop a “good” user experience towards a single target device, with known screen and input capabilities is something feasible, taking into account even just one more device category then you are in a serious problem.

From a philosophical perspective, I think a “nature” law can be suggested on how good a user experience of an app would be based on how many target platform it addresses, the more platforms targeted, the worse the experience becomes.

Few thoughts in regards to this dark side of fragmentation are:

  • web technologies ease the pain a bit since they allow “clean” separation of logic and presentation where the cost of customizations for additional platforms is just marginal. Of course for some app categories it is not an option since the experience has to be so “immersive” which make the browser as a container too restrictive.
  • gaming and content driven apps suffer the most here
  • google tries to minimize this by creating guidelines and removing the most problematic customize able “edges” from their user interface libraries but I think the problem is more rooted then that
  • if someone feels a dejavu with Java ME then I got it too:)

One practical suggestion for Google to help developers in their decision of whether to target Android is two fold: first, admit the problem. Second provide a live decision making tool that will allow to filter the their existing user base by their devices (or whatever info they got from activations).

 

Will the number of apps ever stop growing?

I am a big fan of apps! Both as an apps developer and as a smartphone user started way before the days it was even called a smartphone. I own several phones with all possible operating systems and never miss a chance to install any new app I encounter. I may be a major factor in the total 2011 downloads number in appstores:)

Following this self-proclaiming manifest and after I achieved credibility as someone who knows something about apps, I want to go back to the question in the headline. Sarah Perez story on the end of 2011  A Web of Apps  started with the following lines:“It is remarkable to think that we’re in the early days of the app era, when there are already close to 600,000 iOS applications and nearly 400,000 on Android (source: Distimo).”. For me, these lines assume a-priory that the number of apps will keep growing a lot, at least much more than 1,000,000 apps!, a common notion nowadays.

I think that every person that is somewhat related to the apps industry assumes whether publicly or silently in their “heart” that this number will grow; otherwise, there is no much of an industry in it, isn’t it so? Of course one can argue that each app can “fatten” up and make more money on its own which means to grow vertical and not horizontal. In my eyes growing vertical after a hyper horizontal growth period is usually a sign for the beginning of a market saturation phase.

To put it in the right perspective, I personally do feel it will grow much more (I got to, I am highly invested in this assumption:) so let’s not start pessimistically:) even considering the mere fact there are so many others not using smartphones and many audiences not being addressed etc.. etc.. then we are ok, aren’t we?

To answer the question above I want to see if we can somehow establish our beliefs on some rationale that is at least discussable. Or in other words, at least something to help the ones who are highly invested in it to be able to get a good night sleep calmly.

I think mobile apps and their acceptance present a major breakthrough in the computing world and this happened only thanks to the fact that people actually “met” these apps and discovered their existence (thanks Apple for creating the first effective apps distribution channel). The point of convergence of “capable” computing mobile devices, with good enough to go network connectivity and dynamically loadable small functional units called apps actually created something amazing – the ability to “upgrade” yourself instantly. It always reminds me of the scene from the Matrix where Neo loaded up the Kung Fu learning software and in a minute he was a Kung Fu master. I know we are not there yet but the metaphor has been established. The ability to load new functionality on demand on a computing device, which is actually your avatar since it goes everywhere with you, and then to be able to operate it is quite a leap from the usage perspective.

So if we follow this line of thought then we can predict two trends in the apps world for the near future:

1. Apps will become narrower in functionality within time. We are actually witnessing this trend already where you can see every day a new app achieving a very narrow purpose. This won’t mean there won’t be a place for big “Photoshop” or “Office” like packages which are more like a wholesaler in a box, we will see those but they will not be the majority, not even close. This trend will occur simply because people have shorter and shorter spans of attention and more and more specific needs which can be answered efficiently only by something narrow enough and simple enough to learn and operate it immediately. In general, I put the “blame” for this trend on the low bandwidth we have available today for communicating with our phones and unless someone will invent a direct injection of new functionality into our brains we are of stuck with the growing trend of simpler apps. Just to put it in context, narrow apps does not mean “dummy” apps. Actually, the narrowing of the apps happens in terms of explicit functionality while there is an expansion in the implicit dimension of making the app adaptive to the specific context of the user which enables easier operation of the suggested functionality. This adaptation may require more technological investment in the app then other explicit features.  For example, Siri has a very simple and narrow explicit functionality (she just listens and talks back with one button) while behind the scenes it holds a huge technological effort.

 

2. Thanks to the growing number of sensors and interfaces on mobile devices (and I know of few more developments in this area which are exciting) as well as the better connectivity options we will witness more and more human needs that will be addressable by apps. For example, the accelerometer which now assists people who run with their calculations and effort tracking, something that was not possible before this sensor was available.

 

These two trends point towards a growth horizon that is very clear that lies on the axis of the diverse set of unique and shared human needs. If we add to this equation locality, languages, gender, ages, cultures, religions and other social grouping criteria then we run into a very big number. A number that is big enough to take us to the point where we will stop counting how many apps are out there in the very near future.

One question that I still haven’t got an answer for is in the title of the original story that got me started “A web of apps”.  The question is whether we can do a comparison to the growth of the world wide web. I know it is not necessarily what Sarah Perez intended to discuss in her story, which was more about potential apps discovery by connecting apps. Still, there are many talks about whether apps will grow in the same growth pace as websites did. Websites grew and keep growing mainly on the axis of topical interest or knowledge areas and from a gut feeling it feels like it represents a much bigger growth axis. Maybe more on this in a later post.

What do you think? Will it grow forever?