Transcripts

This Week in Enterprise Tech 522 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

Curtis Franklin (00:00:00):
On This Week in Enterprise Tech, we talked age checks for dating apps on social media, and spoke with Tyler Forst, Chief Revenue Officer at Social Mobile. Quiet on the set.

Leo Laporte (00:00:20):
podcasts you love From people you trust. This, is TWiT

Curtis Franklin (00:00:33):
This Week in Enterprise Tech, episode 522 recorded December 9th, 2022, bespoke Mobility.

Leo Laporte (00:00:45):
This episode of this weekend, enterprise Tech is brought to you by Code Comments, an original podcast from Red Hat that lets you listen in on two experienced technologists as they describe their building process and what they've learned from their experiences. Search for code comments in your podcast player and by IT pro from ACI learning IT Pro TV is now IT pro from ACI learning, if you're looking to break into the world of IT or if your IT team needs to level up, get the introduction you need with IT pro. Check out an IT pro business plan by visiting IT pro.tv/enterprise today. And by Melissa, over 10,000 clients worldwide in industries like retail education, healthcare, insurance, finance and government. Rely on Melissa for full spectrum data quality and ID verification software. Make sure your customer contact data is up to date. Get started today with 1000 records, clean for free at melissa.com/twit.

Curtis Franklin (00:01:51):
Welcome to this weekend Enterprise Tech, your source for everything that matters in the technology that drives the enterprise. I'm Kurt Franklin, your host for this episode of This Week in Enterprise Tech. We look forward to the return of Lou very soon. He's on special assignment, checking out some very dangerous things. Well, fortunately for you, I'm not here by myself this week. I do have my co-host Brian Chi. Brian, welcome to the show. And, uh, what's shaken then on your end of the neighborhood?

Brian Chee (00:02:28):
Well, I've just, you know, had a great week. You'll notice I have a new plushy sitting on my microphone that's Remi from Ratta Tui. Um, bunch of my old exudes and I and their children went and did Disney this week. We had lots of fun and the cannot say enough nice things about the designers, the imagineers at Disney. They have done an amazing, um, job and, uh, we really, really enjoyed the, um, star Wars themed area. But I'm also playing around with a bunch of RGB LEDs getting ready for a show called Holiday Matsui Matsui. Anyway, it's basically an anime holiday themed conference, and I'm going to be helping to decorate a 16 foot Christmas tree with dancing lights and audio controlled computerized lights. Thought it'd be fun.

Curtis Franklin (00:03:31):
I think it should be fun. And I agree. One of the great things about living in the city beautiful, is that we're surrounded by people who are very creative and very good at making experiences for people from all over the world. And, uh, I know a bit about that holiday Matsuri, my dear wife, uh, has made a 12 foot diameter tree skirt to go around that tree. So it, uh, it promises to be a lot of fun. Well, this episode is gonna be a lot of fun. We have a super guest coming on in just a bit, looking forward to talking to him. But before we do, let's talk about some blips.

(00:04:12):
The increased focus on software supply chains doesn't just come from DevOps professionals. Threat actors are paying attention to. According to our recent article on dark reading, a type of malware known as a dead drop resolver is being planted on GitHub by a subgroup of the state backed Iranian threat actor. Cobalt Mirage, US-based companies seem to be the target, and both the technique and malware are pretty devious. According to Mire, dead Drop Resolvers are content on legitimate web services with embedded malicious domains or IP addresses. They look legitimate, but they're not. The point is to hide the code's. Evil intent and obfuscate its ownership does a pretty good job both of those, in this case, the malware known as Drop, BK uses the dead drop resolver technique to find its command and control or C2 server by connecting to GitHub, Dr. Bk is written in.net and it's a two-parter, has a dropper and the payload.

(00:05:24):
Now, fortunately, using GitHub as a dead droppers offer is a technique that cyber defenders can look for on their networks. They can see which URLs are being requested and look for unusual or unexpected connections to GitHub APIs from their systems. As with pretty much every piece of malware, robust patching and updating schemes are the best defense since Cobalt Mirage is known to use vulnerabilities in a variety of enterprise software components as ports of entry to the network. Now pay attention to this one. In a joint advisory issued on November 17, cybersecurity agencies in the US United Kingdom and Australia warned that attacks from groups linked to Iran on the rise. Those attacks are coming through email, malicious web links, and yes, malware snuck into projects on code repositories like GitHub.

Brian Chee (00:06:23):
Sorry, this story that comes from cnet sounds like it might be kind of fluffy. You know, something you might just pass by because it doesn't sound like it. You're interested in, you know, you know, dating apps on Facebook. I'm married, I've, you know, Kurt's married. Why would we need a dating app? Well, there's some interesting ramifications and what's happening is the folks at Meta are testing age verification tools on Facebook dating as it tries to make the platform more age appropriate. And this was mentioned in a Monday blog post. Anyway, Facebook dating users are required, um, to prove, you know, how old they are to use the app. And oftentimes we, we know how often this is, you know, with fake IDs, teens will change the date of birth to evade the barrier. Heck, I change my date of birth because I don't want to share my exact personally identifiable information anyway.

(00:07:26):
Meta formally known as Facebook launched the Facebook dating back in 2019 with, uh, minimal success and a lot of people didn't even hear about it. The dating feature has trailed dating app competitors like Tinder and HI and Pop Hinge and popularity. While meta will be testing two approaches to verify user's age one approaches through video selfies, which it has partnered with digital identity com company yoti to screen. It shares a still image from the video selfie with yoti, which estimates your age according to your facial features. Yoti cannot recognize your identity stresses the folks from Meta anyway, oops, sorry. Ultimately you can upload some form of ID that I includes your edge meta said in, uh, post, it'll be encrypted and stored securely and won't be visible on your Facebook profile or to other people on the app. The company began testing age verification on Instagram back in June.

(00:08:33):
Meta prevented 96% of people from under 18 from changing their age according to them in this post. And 81% of people presented with its ID verification opted to use Jots video selfie to verify their age. Providing people with more than one option to verify their age allows them to select a method that best fits their needs and preferences. According to Erica Finkle, the company's director of data governance said in one of their posts, for example, many people don't always have access to forms of ID that make verifying age clear. Well strongly suggest you read the CNET article, but it isn't just dating that needs trustworthy age verification, but things like online purchases, performance ticket sales, you know, like concerts and so forth, vehicle rentals is a big one and the list goes on and on. We simply need to take steps towards being able to trust online identities.

(00:09:37):
And this is a first step. And I will also add that colleges and universities are very, very big users of age validation. Um, there are quite a few things, you know, there's a lot of, um, things like, oh geez, alcohol consumptions, the, the low hanging fruit. Um, but a lot of universities, because you have to drive vehicles, uh, need absolute positive proof that you're old enough so it won't blow up their insurance rates. Anyway. It's gonna be interesting to see how this works and whether people come up with more ways of validating age. Yoti just happens to be one that's using video, and you gotta wonder how soon it's gonna be before other industries start deciding they need to go and validate age before they display X.

Curtis Franklin (00:10:38):
We'll settle in folks, because this next one comes from a book of stories we've been reading for a long, long time. According to our report issued this week by cloud platform provider Mark 43, 70 6% of first responders have concerns that their IT systems are vulnerable to ransomware attacks and data breaches. And according to the article published on dark reading, most state and local agencies don't have the technical expertise to protect such technology against threats. Now, the Mark 43 report goes even farther stating that the vast majority of first responders use outdated technology and disconnected systems with 68% of public safety officers required to file paperwork from the office rather than in the field. And 67% of first responders are encountering issues within inefficient technology. Now, all of this makes for an atmosphere that seems perfect for malicious actors and those actors are responding to the favorable climate.

(00:11:42):
In 2019 and 2020, ransomware groups began seriously targeting state, local, tribal, and territorial government agencies. In 20 19, 22 town agencies and local government organizations were targeted with a coordinated ransomware attack, disrupting services for citizens. While ransomware attacks on local school systems impacted education for more than three quarters of a million students during 2019, a number that climbed passed a million students in 2020. Now, last year, the F b I warned that ransomware spread by the Conti Cyber criminal group had targeted at least 16 healthcare and first responder networks. September of this year saw a ransomware attack Disrupt 9 1 1 service for Suffolk County, New York. By the way, if you're not familiar with New York, Suffolk County, that's the county on Long Island just to the east of New York City. In most states, it would be the largest county or city in the state. Now, according to Mark 43, the best solution would be for agencies to prioritize technology, data management and cybersecurity roles. Instead, cybersecurity is often tasked to either untrained IT workers inside the department or to officers getting ready to retire. It's a bad situation that could lead to horrible results. And believe me, threat actors are doing tabletop gaming to see just how these deficiencies and vulnerabilities could be used as part of a larger attack on the population and critical infrastructure across North America.

Brian Chee (00:13:33):
So big, big thank you to our technical for this story. Um, we've talked about the Department of Defense wanting to have secure cloud capability. We've been going on and on about this pro, I think for at least the last couple of years. Anyway, this r technical article talks about a decision being made, you know, we're not sure it's good or bad, time will tell, but anyway, and it was at a press conference and the Department of Defense officials discussed the benefits of partnering with Google, Oracle, Microsoft, and Amazon to build the Pentagon's new cloud computing network. Notice it was all for the big boys. The multi-cloud strategy was described as a necessary move to keep military personnel current. As technology has progressed and officials familiarity with cloud technology has matured, well, air Force Lieutenant General Robert Skinner said that this joint war fighting cloud capability, J W C C, also pronounced J WIC contract worth approximately 9 billion, would help quickly expand cloud capabilities across all defense departments.

(00:15:00):
You describe new accelerator capabilities like preconfigured templates and in infrastructure as code that will make it so that even people who don't understand cloud can leverage cloud technologies. Such capabilities could help troops on the ground easily access data gathered by unmanned aircraft or space communication Satellite, J WIC is a multi-award contract vehicle that will provide the d o d the opportunity to acquire commercial cloud capabilities and services directly from the commercial cloud service providers at the speed of mission at all classification levels from headquarters to the tactical edge. According to A D O D press release until now, officials did not have direct access to cloud providers and military personnel located around the world, didn't have cloud technology capable of providing access to files at all three classification levels, which are unclassified secret and top secret with j wic. That's changed. Now the Department of Defense expects to be able to pass on intelligence more quickly.

(00:16:11):
Well, hey, let's talk about this just a little bit. The gist is that the d o d didn't really pick well they did, but they took all four of the big players as basically leaving the design and implementation teams to decide which of the solutions is appropriate to the system. I'm sure we're gonna hear a lot more details on this contract as details become public. I will say that having the four big players as options means system designers finally has a bit more, have a bit more choice on platform features. Now, if and only if we we're hoping and crossing our fingers that each of the four big platforms actually can live up the security specs of the contract. Cuz keep in mind, even though they said unclassified secret, top secret, um, there are finer grain classifications involved. And also another thing that isn't said in the article is that classification isn't just, yes, I have that level, I can have anything in top secret world. I also have to have a need to know. So the current, uh, cloud authentication systems don't have a way of managing that, and that's going to be something that's going to be absolutely fascinating to see how they handle.

Curtis Franklin (00:17:39):
Well, that's gonna do it for the blips. We've got bites to come and then a fabulous guest. But before we do, we've got an advertisement this time we're gonna be hearing from the big tweet himself, Mr. Leo LaPorte telling us about a fabulous sponsor of This Week in Enterprise Tech.

Leo Laporte (00:18:01):
Hey, Brian. Hey everybody. Leo LaPorte here. I'm gonna interrupt quiet for a bit to talk about our sponsor. We'll be right back with more in just a little bit. But I'm doing lose duties, uh, today to talk about Red Hat. You know, red Hat and maybe you knew they'd do podcasts. They really do great podcasts kind of by developers for developers. Actually, this would be for anybody who's interested in how the software lifecycle, how it gets from an idea to market. They call it code comments. Now you guys know what a code comment is. You know, it's when a coder is writing some code and, uh, and to remind him or her of what she did in the program. She, it's a little piece of text explaining it so that when she reads that six months from now, she doesn't go, huh? And, uh, when anybody else reads it, they understand better.

(00:18:49):
I think it's a great name for a podcast that is all about code letting two experienced technologists in on the building process. It takes a lot of work, as you know, uh, to bring a project from whiteboard to development to market. It's never, uh, but rarely nothing important. Anyway, anyways, done by one person. It's a team effort. Bruce Sutter's, your host, you'll love him. He's a Red Hatter lifelong developer advocate, community organizer, really, uh, he's dialed into this community and how it works. So in every episode he's gonna pull in, uh, an experienced technology's not just from Red Hat, but across the industry to trade stories, talk about what they've learned from building, uh, successful and sometimes <laugh> unsuccessful, uh, projects. They're, uh, you know, they're just starting to put 'em out there, but there's at least three, I think right now. I love the deep learning episode of Code Comments.

(00:19:44):
You'll be very interested to understand kind of how deep learning works and how it, how it becomes productized. I think it's, it's fascinating. Episodes are available anywhere you listen to podcasts. Uh, if you like this show, I think you'll love Red Hat code comments. Just go to the website, red hat.com/code comments podcast, or look in our show notes for today's episode of this weekend, enterprise Tech. And we'll put a link there. And of course, probably the easiest thing to do, search for code comments, uh, in your podcast player and subscribe. Hit the hit the subscribe button as the kids say code comments, brand new from Red Hat. Thank you Red Hat for supporting This Week in Enterprise Tech. Now, back to the show.

Curtis Franklin (00:20:27):
Thanks, Leo. We'll hear more from Leo later on. But before we do, let's talk about a bite. And this week we've got one that's pretty darn serious. Turns out that, uh, if you haven't heard about it yet, in North Carolina earlier this week, there was some sabotage. Specifically, someone went after a power substation with a rifle. Now they ended up shutting down power to more than 35,000 customers. And according to the authorities, this was not just some random Yahoo spraying a a substation with bullets. They knew what they were shooting at and they hid it. This was targeted both in terms of the substation because it turned out to be the sole substation powering a substantial portion of the grid and where in the substation their bullets landed. Now, I I've heard a lot of commentary about this this week coming from, uh, the general media, uh, broadcast and publication.

(00:21:50):
What we don't know right now is bigger than what we do. There have not been any arrest made. No credible group has claimed responsibility. Uh, there are several bits of speculation, including that there was in fact a drag show scheduled for the town served by the P substation for that night. Um, and it was, uh, disrupted by the power outage. Uh, some people, uh, a few of them, coincidentally or not associated with the January 6th, uh, riots have said specifically that that was being targeted, but they're not seen, as I said, as credible spokespeople for any group.

(00:22:46):
So what do we know? We know that this in fact, points out that in spite all of our ringing of hands and worrying about how vulnerable the grid and other critical infrastructure is to cyber attacks, somebody with a rifle can do just as much damage to a targeted area. Um, it, it's like one of the things that communications people are used to talking about is what's called backhoe fade. And that's where your signal is degraded by someone running a backhoe bucket through a cable that's buried. Same sort of thing. I remember, in fact, when I lived in Atlanta, uh, someone ran a ditch witch through an at and t long lines bundle that carried over a hundred thousand fiber pairs. Uh, needless to say, it was several days before all of those links were restored. Um, I, I think they just moved some people into the trailer, uh, doing fusion splicing

(00:24:10):
Our grid, much of our critical infrastructure is in fact vulnerable. And I know that Brian's got a lot to talk about here because he's been involved with, uh, the grid with various things for a while. But here's the thing. You're, you're gonna hear a lot of people ringing their hands going, well, how can we make sure that our critical infrastructure is absolutely safe and we can't not and have a society that any of us want to live in? There is a certain amount of vulnerability that is built into a free and open society. So the real question is, how do we reduce the threat and increase the resilience while staying within the guidelines that we'll accept as a society? Brian, what do you think? I mean, are, are we ready to go down the route of absolute security and safety for all our critical infrastructure?

Brian Chee (00:25:20):
Yeah, and you know, I also believe in Santa Claus too. You know, <laugh>, the, the issue here, and this is one that I actually had to do a lot of work with, um, when you start designing data center, and this is how I'm gonna tie it back into being an enterprise topic. When you start designing a data center, when your data center's big enough, you start talking about a power substation just for you. Um, you know, especially if you start talking about, say like the NSA facility in, you know, an unsaid location that, you know, you start measuring it in acres. Um, the, the large case, um, when I design such things is when I have to go and, um, make sure someone doesn't mess around with a, uh, set of big transformers, which, oh, by the way, is a huge vulnerability because for the most part, really big transformers are not off the shelf.

(00:26:24):
They are custom built. So when someone destroys a very large transformer, it could be weeks or months before it, a replacement can be brought in. And a lot of these transformers are big enough that transporting them starts becoming a real issue with big giant wide load trucks. Anyway, uh, for the enterprise, there are things that you need to keep in mind so that when you start talking about physical security of say, an ISO rated data center, that's more than just putting sticky mats on inside your data center entrances. It's also things like, um, working with the architects and, um, plant designers to make sure that the say hollow tile or concrete brick wall around your power station is big enough, tall enough. Um, one of the tricks we used to do is try and, you know, depending on if there's any kind of really tall buildings, uh, we'll go and make the wall high enough that someone doesn't have an easy, clear shot in.

(00:27:37):
Um, and that's what they probably took out. I'm, I'm speculating, and I'm going to preface it that way, that there's a good chance that they went for some very key devices, which kind of leads me to think that they were, um, power technicians of some sort. Um, but there's more than just, you know, taking out a drag, a drag queen show, or in this case it also took out quite a few, uh, hospitals, which had, they'll start burning diesel like crazy in order to stay up and running. Now there's a few other things that are coming up. Um, this can, and I believe already has been labeled domestic terrorism. And when you start talking about terrorism, that removes a lot of interesting Miranda rights. In fact, the FSA courts can do some not, you would think it would be against a person's civil liberties, but when you're labeled a terrorist, your civil liberties profile changes radically.

(00:28:43):
So whoever did this, there's gonna be an awful lot of people looking for you. And I am sorry to say there's going to be a lot of law enforcement people that are going to make one heck of an example. Um, because we've, we're already spending lots and lots and lots and lots of money on trying to fix and solidify the resilience of our power grid. Um, not only electrical power, but also, um, natural gas, uh, fuel and things like that. So the enterprise needs to also add this to a very, very long list of things to do. You know, a simple padlock might no longer be good enough. You might wanna seriously think about going further. And one of the other interesting things that I groomed out of the article is the power stations that were affected were not considered super key, but they were key enough that they caused a cascade, um, for other power stations to trip out.

(00:29:54):
And they were off in the boonies. And these power stations also didn't have cameras or very few cameras. So whoever did this really and truly did know the industry and, um, it's gonna be interesting. So anyway, getting back to Usol, there's gonna be lots and lots of people speculating on what might happen out of this. It certainly affects a lot of enterprises. There's, um, quite a few high-tech firms in the, uh, Raleigh area. You know, that's Research Triangle Park and so forth. I'm not sure if R T P was on that, those, um, power stations, but they could very well be. And there's also law enforcement talking about, well, if someone dies from this, they're going to bring murder charges. So I am going to keep an eye on this. This is gonna be really interesting. And, uh, I am certainly gonna be having conversations with some of the people that I worked with on designing physical plant data centers. Uh, cuz it's going to change. It's a game changer,

Curtis Franklin (00:31:01):
You know, it really is. And one of the things that was noted about this particular substation, the, and it's something that's true of substations in lots and lots of rural and suburban areas. Um, they're surrounded by chainlink fences. The, the fence is primarily there to keep people from wandering in and being electrocuted not to provide security for the the facility. Uh, I suspect that right now you've got a lot of smaller utilities, electric, rural, electric co-ops, uh, and companies like, well this was Duke Energy who, um, those of us in our part of Orlando know when love, um, looking at what it would cost to build brick, concrete, uh, you know, concrete block walls around all their substations. I'll tell you now, the answer is some sort of variation on a giant bucket load of money. Um, but as with so much when these were installed, when they were designed, security wasn't a big concern.

(00:32:22):
Um, it, it's just, you know, for so many of these situ, um, installations, they never imagined that a terrorist would go after them. And what we're finding, as we've seen in so many cases, the biggest failure in our security, whether it's cybersecurity or physical security, whether we're talking about the the government or the enterprise, the greatest single failure is the failure of imagination. Because we don't think of doing something. We can't imagine anyone else thinking of doing it either. This is, by the way, one of the reasons why I harp on diversity on teams so much. Get a lot of people with a lot of different imaginations and a lot of different life experiences on a team. And you have far fewer of these massive failures of imagination. Well, we are coming up on everybody's favorite part of this week at Enterprise Tech. That's our guest. But before we talk to a guest, we get to hear from Mr. Leo Laport once again talking about a fabulous sponsor of This Week in Enterprise Tech. Leo,

Leo Laporte (00:33:52):
Hey, it's me again, interrupting just a bit, uh, to talk about one of my favorite sponsors. I, a company I'm intimately familiar with. I think probably a lot of you are as well. IT pro now, you know, formally IT Pro tv, now IT pro from ACI learning. This is really good news because you get all the benefits and resource of the best online IT training in the world. IT pro combined with ACI learning and all of their benefits and resources. And now you've got something, you've really got something. Let me talk for a minute, uh, to, uh, you as a, uh, leader in a company where you have an IT team, I think it's pretty clear as things shift so rapidly in IT these days that you can't just rest on your laurels. Is that what we're resting on? I think we're <laugh>, we're resting on our laurels.

(00:34:46):
You've got to learn new skills, you've got to keep up, you've got to expand your abilities. And as a business leader, you wanna do the same I think with your IT team. You know, you want to keep them up to date, they want to keep up to date, you want them to be up to date cuz it's good for business. IT Pro is the way to do it. First of all, they're gonna see it not as a chore, but as a benefit, as something they want, something they use and they love because it pros all of it's pros. Programming from day one has been designed to be engaging and fun. You don't just learn, you have a a, a great experience learning. Uh, in fact there's a stat. This is 80% of people who start in IT pro video finish it. That, that just shows you that people love these.

(00:35:29):
They're chunked up 20 to 30 minutes so your team can do it, uh, at in at their convenience. Uh, they will enjoy learning. You will get the benefits of them having better skills. IT pro offers the training, the perspectives to understand the disruptions that are happening right now in it. And this is something you watch your team to have, get all the training, all the search for your team done in one place. That's fantastic. IT pros got it all, every vendor, every skill you need for IT. Team training IT from Microsoft, Cisco training of Linux, uh, apple Security Cloud and all. I can go on and on. In fact, uh, not just technical skills, but compliance and soft skills too. More than 6,800 hours now of IT content. When I say 6,800 hours, there's nothing dusty or old in here. This is all relevant up-to-date content that's been created by IT pro.

(00:36:25):
Uh, the business plan's great too. You love the dashboard, you can track your team's results, makes it easy to sign seats, unassigned seats, even create subsets of teams and say you three do this, you do that. Uh, you can monitor their progress, you can see their logins, uh, you can see, uh, where they are right now, how many of the courses, individual episodes of the courses they've watched. Uh, and you can by the way, inside individual episodes too, you can, in fact it's v easy cuz every um, it pro course every episode has it at full transcript. So you, which you can, which is searchable. So you can say, well I want them to learn more about kros authentication. Search for that find. You don't, it doesn't even have to be a whole episode. Find the 15 minutes they need to watch. And you can assign even that.

(00:37:08):
It's very, it's a really nice dashboard. Um, you'll get, uh, reporting in all the usage with beautiful visual reports over any period of time you want. Progress over any period of time makes it easy to justify the spend. Uh, I think they've really got it down right. This is a great product from a company we know very, very well and love it pro. Now from ACI learning, give your team the IT development platform. They need to level up their skills while enjoying the journey. Go to IT pro.tv and the dress hasn't changed it pro.tv/enterprise today. And I want you to do this slash enterprise cuz that means that tells them that you saw it here and it really helps, uh, Lou and the team, uh, do a better job and get paid. Okay, I'll admit it. Uh, I <laugh> it pro.tv/enterprise. It's a benefit to you, it's a benefit to your team. And when you go there with that address, it's a benefit to us. See, it's a win-win, win all around. Thank you very much. It pro from ACI learning and now back to Twain.

Curtis Franklin (00:38:13):
Thanks Lou, we appreciate it. And we'll hear from Lou, uh, Leo One more time. Uh, before the show is over, old habits are hard to break. Leo will be back before you know it well. If you're like most of us, a non-trivial part of your computing day is spent on a mobile device. Those mobile devices are critical and getting them to market is not simple. So today we're talking with Tyler Forst Chief Revenue Officer and former president at Social Mobile and he's gonna be talking to us about just what it takes to make these fabulous mobile devices happen. Tyler, welcome to This Week in Enterprise Tech.

Tyler Forst (00:39:07):
Thank you for having me. I'm happy to be here.

Curtis Franklin (00:39:10):
Uh, Tyler, we're gonna start our conversation with you the way we tend to start all our conversations. We have listeners who are at every stage of a career, they see our guests and want to know what it takes to be sitting in, well, that chair in that marvelously well lit conference room where you are. So can you tell us a bit about what it took to get from where you started to where you are now?

Tyler Forst (00:39:40):
Yeah, sure. Um, lemme, uh, I guess I'll start with a little bit of a background to make it make sense on the company, um, company, how we got here, and then how I wound up in, in this seat. So Social Mobile is an enterprise mobility solutions provider. Um, we've been in business since 2011 designing, developing custom mobile solutions, which are intended to solve specific business challenges that our clients face. We're one of us, uh, select handful of companies in the world with a license from Google to make GMs certified devices, which not only guarantees the integrity and security of the hardware and software, but it also allows us to integrate the complete set of Android enterprise APIs into all of our solutions. To date, we've delivered about, uh, approximately 11 to 12 million devices, uh, worldwide. So everything we do is custom. And you might ask, you know, what is a custom mobile solution?

(00:40:35):
Um, it's something you might think, you know, think of a phone, a tablet, kiosk, or a dedicated devices, but those devices. But they're designed and developed with a specific intent of solving a specific challenge that a client of ours is facing. Um, you know, so a client comes to us, they explain the specific challenges and and what problems they're facing, um, and we work with them to develop a custom technology solution that removes these challenges and allows them to streamline their business processes. So the solutions that we create, we brand them for the clients, and we provide the security patches and support that keeps those devices safe and in compliance with all the security policies required throughout the entire lifecycle of the device. Um, so that's a a little bit about the company itself. How did I wind up here? So I joined social mobile approximately four years ago, um, which was at the time that the company made its pivot into the enterprise space.

(00:41:32):
From its inception in two 11 until approximately two 18, social mobile was developing custom devices geared stored consumers. And as that market got crowded, uh, crowded and mobile devices became more prevalent in the workspace, the company made strategic decision to pivot into the enterprise, which is when I joined the company. And as a rapidly growing organization, we were all wearing many hats. And before I knew it, that meant I was the president of the company, um, that had me overseeing everything from sales to marketing to procurement, uh, general operations, um, a little bit of everything. And, um, the company just continued to expand and as such, we continued to actually expand the, uh, the roster of, uh, the depth of our bench, let's call it. So we brought in some seasoned experts, um, who were brought to overseas specific aspects of the business that they specialize in. Um, and as that roster, as our roster grew and we had these experts brought in that allowed, you know, the incumbents to take off some of our hats. And for me particularly, that allowed me to naturally settle back into my preferred role of overseeing the sales and marketing, aka Chief Revenue Officer and, um, focusing on helping continue our rapid expansion. So hopefully that, uh, helps answer that question on a little bit about our background and then how I wound up in the specific role that I'm in here at Social Mobile.

Curtis Franklin (00:43:00):
You helped me with both of those and I appreciate that. Well, I want to, to, to go and, and jump right into what I think is gonna be a critical question. You, you talk about bespoke hardware. So, you know, there are, oh, I don't know, a bazillion Android handsets on the market. Um, many of them incredibly capable devices. We keep hearing and seeing ads for, you know, that, that they have cameras to rival the best Hollywood uses. They have, uh, more computing horsepower than the average, uh, NSC supercomputer. They can, you know, reach out and and plumb the depths of space with their radios, with all of this capability. With, with all of that going on, why would someone go for a custom device, which, you know, let's admit it is almost certainly going to be more expensive than what you could go down to your local Verizon and pick up. Um, why would they go with a bespoke device rather than using a standard handset that they could buy by the pallet load?

Tyler Forst (00:44:23):
Yeah, good question. Um, so I'm gonna address the, the comment about typically less expensive. Um, I'll, I'll save that for, for the end of this answer because I think it's actually the opposite of that. But the real answer on why bespoke as opposed to a device that currently exists off the shelf is, um, those devices with all of those great features that you mentioned and top of the line cameras and sensors and everything, that's not what's needed by an enterprise. That is what is wanted by a, you know, let's say a kid in high school who wants to show off and have the latest, um, galaxy device or iPhone device and have the nicest pictures on Instagram and be able to apply all the filters that they need and, um, you know, basically be the cool kid in school. But that is not what an enterprise focuses on.

(00:45:12):
An enterprise is focused on scalability, reliability, security, and that is something that a lot of these devices actually don't provide. So if you take the latest iPhone or you know, consumer Android device on those devices typically have a life cycle and a refresh cycle of 12 months. So every 12 months, um, they're gonna release the next version of that device. And, and that's great if you're a consumer or a kid who's looking to, to take the highest quality pictures. But if you're an enterprise who wants to be able to deploy, you know, tens of thousands of devices, um, and manage those devices in an efficient and scalable way, you wanna make sure that you can deploy that same device for many years to come and not have to constantly, um, focus on the refresh cycle of every 12 months. Um, so you don't, currently a lot of organizations come to us and they're, they, they come to us because they're trying to fit a peg into a round hole.

(00:46:08):
They have a specific challenge and they're trying to take a device that exists today that was built for wide range of consumers to use for a wide range of uses and make it solve their challenge. Um, oftentimes it doesn't work and it's actually, um, you know, more expensive. So if you think about it, if a, if a consumer device needs to have the latest 48 megapixel camera, that's going to increase the cost compared to an enterprise who's not really using the camera for anything other than to scan a QR code and maybe enroll a device into a management policy. So if we don't need to have the 48 megapixel camera, um, your cost comes down if we don't need to have, um, you know, the highest, uh, you know, screen resolution because again, that's not what's important for you as you're filtering your pictures, as you're just putting a tablet somewhere to, you know, let's say receive an order, um, then your cost gets to stay down.

(00:47:01):
You also get to build on a stable platform that you know is supported, secured, and you can buy more of the same devices for at least three to five years. So when you buy a device for your organization, and let's just say you're gonna deploy 10,000 devices and then next year you guys grow and you need to put out another five, 10, 20,000 devices, you don't wanna have to go find the next new version of that device and then have your IT team have to validate and support multiple different versions. You wanna be able to deploy the same exact skew for many years to come and know that it's gonna get the security updates and be able to be supported by your IT team in an efficient and scalable way. Um, so that's why, why we, we push for bespoke instead of off the shelf. We get to build you exactly what you want to solve your exact challenges at your exact price point with your exact use case in mind. And then we get to put that same device out for you for three years and guarantee the availability so that you're never stuck on trying to find pre-owned devices or certified pre-owned devices to fulfill a client's requirements. Um, you know, you can always call us for the next three years and buy more of that exact same device in whatever quantity you need.

Curtis Franklin (00:48:21):
Very good. Well, I've got more questions and I know that my co-host Brian has a number of questions he wants to ask. Before we do though, we're gonna go back and let Leo tell us about believe it or not, yet, another great sponsor of This Week in Enterprise Tech. Leo, over to you

Leo Laporte (00:48:46):
One more time. I'd like to interrupt one more time, but this is such an important topic. I really want to talk about it. I know you're listeners want to hear about data quality. This episode of this weekend. Enterprise Tech is brought to you by Melissa if you have a business. Uh, specifically let's think about your address list, your customer contact information. That's gold, isn't it? That list of people who've done business with you, people who've reached out to you, uh, that, that, those are the good leads, aren't they? Those are the, that's gold. But the thing is, there's a problem with it. It's, it's rotting away, it's rusting out as we are speaking because this, this custom information, this, this data gets worse all the time. You know, names change, addresses change, emails change, phone numbers change. And so if you're not actively keeping it up to date, that beautiful little gem that you have is getting, is getting tarnished over time.

(00:49:40):
And that's where Melissa comes in. They are a leading, I'd say the leading provider of global data quality. They have many services now actually. They've really expanded. They also do identity verification that might be very important to your business. Uh, address management. Uh, they've announced something that is gonna be helpful to you. Their 2023 Melissa Solutions catalog. I want you to go to their, uh, website and get a copy of this. melissa.com/twit. Their Melissa solutions catalog highlights, Melissa's kind of amazingly comprehensive suite of solutions and services all designed around the idea of keeping customer data clean, current and even enriching it with additional information so that it is, it is most useful to you. This, this, these are the, these are, are the magic leads. These are the, these are the names and addresses you really want to keep in touch with. Melissa has developed the solutions catalog as a, as a tool, a resource for anybody who's in database administration or a developer.

(00:50:39):
The catalog, higher highlights, tools that Clean Verify, update d dup, yeah, they do that too and enrich, uh, customer data. And I love Melissa cuz you can implement it at any point in the data chain for the, there's an api, so you could actually incorporate it into your customer service software, uh, or your point of sales software, your consumer, you know, your shopping basket, that kind of thing. And it is all designed to ensure your global people. Data addresses, names, phones, emails are validated, updated and standardized. Even at the point of entry. Even when your, you know, your sales rep is typing this in, Melissa can be there to fix it. You can do it on prem, you can do it as a SaaS solution. They have and have, I love this, a secure FTP site. Uh, we do this every year with our, uh, Christmas cards.

(00:51:28):
You upload them and then, uh, they, they do their thing, they process and that doesn't sound like that. And then they, you download it and it's all clean and good and you know, everybody's name and address is updated and up to date and accurate. They even validate email addresses. So you don't have any phonies in there. Bud Walker, who's the VP of Enterprise sales and strategy, Melissa said, and this is a great quote over our 37 year history, wow. Melissa has helped more than 14,000 organizations around the world, across multiple industries proactively manage the quality of the data. Our annual solutions catalog illustrates why we are the address experts and offers the full scope of smart sharp tools to help organizations proactively maximize the inherent business value of customer contact data. Uh, you know, just for the ID verification stuff alone is worth its weight and gold, especially if you have compliance requirements around that, right?

(00:52:25):
Make sure you're not getting defrauded. Uh, since 1985, Melissa specialized in global intelligence solutions to help organizations unlock accurate data for a more compelling customer view, Melissa has ranked number one across overall enterprise mid-market and small business segments in various categories such as price reporting, ease of use, Gartner Magic Quadrant this year. Again, I think that's the third year running. And I do wanna reassure you cause I know people are concerned about this data. These, these, these precious, precious, uh, lists are absolutely safe with Melissa. They undergo continuous independent security audits to make sure that reinforce their, their commitment to data security, to privacy and to compliance, their SOC two compliant HIPAA compliant and GDPR C compliance. So you can use this with absolute confidence that the data is totally protected. It's in the very best hands. Make sure your customer contact data is up to date. Get started today with 1000 records cleaned for free. melissa.com/twit melissa.com/twit. Get that solutions catalog. Get started with Melissa. You will be very glad you did. Now back to twit.

Brian Chee (00:53:44):
Okay, my turn, my turn. So back at the University of Hawaii, a bunch of my students were really excited about doing custom Android ROMs because they could, but I started asking some questions. It's like, okay, when we did a article on Microsoft Intune, which is a device management system, I kind of said, um, can I go and still push stuff to these custom ROMs? And the answers were, I have no idea, but you guys seem to have an idea on how this works and it really and truly sounds like a lot of it, um, revolves around Google Mobile services and staying with, uh, standard Android enterprise. So let's talk about that. What, first off, what is G M S and why is Custom ROMs such a bad idea, um, for the enterprise?

Tyler Forst (00:54:50):
Great, great question. So Google Mobile services is basically a, um, it gives you access to a whole bunch of Android enterprise APIs and, um, ensures this the security and integrity of your hardware and software. Um, so when you have GMs certification, which as most people you know, stands for Google Mobile Services and is that certification, it's basically a stamp of approval from Google that your, your software and your hardware has gone through a stringent, um, battery of tests and that they, um, conform to Google's requirements minimums, uh, requirements for security and that you will continue to maintain the security and push security updates, um, for the full life cycle of that product. Um, so when you use a mobile device management platform, um, you are able to basically control many of the different functions and functionalities of these Android devices without interfering, without doing anything to customize the ROM and therefore interfering with, um, GMs certification.

(00:55:51):
So using a GMs certified device, you can use a GMs certified, um, or an Android enterprise approved mobile device management platform and you can control all of the settings remotely. You can, um, push out certain applications, remove applications, remote wipe device, um, you know, put sp specific functionality on the device. So if it leaves a specific geolocation, the device gets wiped. You know, think about like a healthcare, um, environment where if, if it's a device that's intended to be used, um, for a healthcare practice and only within a, uh, set, um, let's just say hospital and all of a sudden that device winds up, um, outside the hospital, you, your organization would wanna know that and be able to control what anyone who has that device in their hand is able to access. So through a Android enterprise approved, um, management platform such as ours, which we have one called Mambo, um, you're able to basically, um, set set parameters that if that device leaves a certain location, it can be remotely wiped and it can be locked down so that nobody can access any of the data on it.

(00:56:59):
And um, it basically provides all of the additional security that you need, um, to make sure that the devices can only be used for the intention that you originally had when you, uh, developed this custom device. So, um, a, you know, a as I mentioned before, we social mobile, we have our own proprietary MDM platform. It's an Android enterprise approved platform called, um, we built it, um, you know, based on the feedback of a lot of our hardware, um, and enterprise clients, um, we built that platform out and um, decided to focus on the most important features that, that our enterprise clients rely on. So, um, it was designed specifically, um, with enterprise in mind and with an uncluttered and clean ui. Um, and, and one of the things we're most, um, proud about about that platform is actually our chief product officer oversees that he is, um, his name is Jason Batton.

(00:57:50):
He happens to be the only platinum Android enterprise product expert in the world right now. Um, so we're very proud of that platform and the capabilities of IT and the team we have overseeing it and, um, functionality of it and what you're able to do by utilizing that. And the Android APIs basically removes the need for any custom rom which, you know, makes your device less secure and removes the certifications that basically the stamps of approval that Google put on it to confirm its security. So using a mobile device management platform basically allows you to maintain that security and all the certifications, but still achieve the, the end result that you want, um, to, to serve the business purpose you need.

Brian Chee (00:58:32):
Well that sounds actually like it's going to fit the bill for an awful lot of medium to large corporations. Um, but what happens if I'm a little on the smaller side and I still want these capabilities? Um, you, your PR people sent me a press release on something you're calling social mobile one. Um, are we early? Can we start talking about that just a little bit? Give us a hint.

Tyler Forst (00:59:06):
You broke up for one moment there. Did you mention social mobile one?

Brian Chee (00:59:10):
Yes, I did. I'm sorry. Yeah. Okay. I got pressure this and that sounds interesting, especially for yeah, people on the smaller side of medium.

Tyler Forst (00:59:19):
So social mobile one is a new, um, it's a new program we're gonna launch in early 2023 and it would actually be perfect for the smaller to medium sized enterprise. And what that is, is, um, we're basically gonna roll our hardware, whether that's a custom solution or an off the shelf enterprise device that we have in our own in-house portfolio, we're gonna allow our clients to roll them those hardware costs in addition to software connectivity and manage service costs, all into one low monthly cost. So instead of buying a device outright for, you know, a couple hundred dollars and then paying your connectivity provider for your data plan and, and your, uh, deployment partner for the fulfillment and the returns, um, what we're gonna do is we're gonna basically roll that all into one low monthly cost so you can get your hardware a complete repair plan, a LTE connectivity, um, you know, uh, help desk service and everything all rolled into one low monthly cost.

(01:00:16):
And the reason enterprises really, um, have, have really started to hint that they want this offering is because it allows them to shift the spend from a a CapEx model to an OPEX model. Um, they're no longer having to outlay a big chunk of cash upfront. They can now just, uh, pay a monthly fee for every device that they roll out, um, as they roll them out and just know that they're paying, basically they have one vendor to manage and they can roll all of that into one, uh, cost and you know, they basically have one hand to shake. Um, and that's us. So we roll everything into one low monthly cost, move it to your CapEx budget, uh, I'm sorry, to your OPEX budget and provide you with one vendor that you know where to go. If anything mobile, mobile related is not, uh, working a hundred percent properly, you know that you call us and we're the party responsible for everything. Um, everything mobile related is, is us. And you get to get advantage of that all without the big upfront, um, capital outlet.

Brian Chee (01:01:18):
Cool. So that means even it sounds like even the sims come from you folks, or do I still have to have that Verizon or at and t or t-mobile contract?

Tyler Forst (01:01:29):
So, no, um, we are actually partners with all of the major carriers so we can, um, you know, provide you with that connectivity. So whether you have your own relationship and want to, um, you know, basically get us the SIM cards and we can put them into the devices for you and get them activated and then deploy them to your end users, or you wanna just come to us for the actual, um, connectivity and roll that into this one low monthly cost, um, we can support you either way. So we do have direct relationships with these, um, you know, the major carriers here in the country and, um, we work with our clients in, in both types of engagements.

Brian Chee (01:02:06):
Okay, cool. And what about the private 5g, um, solutions that are starting to hit the enterprise now? Um, can we still play with that?

Tyler Forst (01:02:18):
So, absolutely. So, you know, as our clients have, um, as 5G has become more prevalent and, you know, everyone's starting to learn about it, a lot of our custom solutions and, and our clients are now coming to us and requesting that we're building them 5G devices. So, um, you know, we're working with the, the, um, semiconductor companies, you know, Qualcomm Media Tech to put in the new 5G chip sets that can support all the 5g, um, frequencies. And, um, yeah, that's gonna be the new, you know, the new focus of a lot of our custom built solutions. Um, we're seeing that that's the trend of, of most of our clients, um, requests these days.

Brian Chee (01:02:52):
This sounds like an amazing solution. I r you know, back when I was still working for the federal government and I was working on some initial designs for, um, literally gate guards, you know, how we were using, for god's sakes, compact ipacs for a prototype and we ran into all those issues and it was just so that we can go and make sure you really were you when you got drove up to the gate of a military base. Um, a great, great solution. I, this is interesting and I think what we need to do is, I think our viewers want to know where can they go for more information? What kinds of homework should they be doing before they give you guys a call?

Tyler Forst (01:03:40):
So for more information, you can visit our website, social mobile.com, you can see everything that we do, all of the services we offer, and, you know, some of our custom, um, custom offerings, keep in mind that you won't see a lot of the actual devices or our clients listed on there because everything we do is under their brand name. So, um, you know, it's all confidential. We stay in the background. Um, when we release a device under our client's brand, we don't promote that we made that. Um, so you're not gonna see many of the, the actual custom solutions on there, or at least you won't see names of the clients. You might just see renderings of the, um, devices themselves. Um, what should you know before you contact us that, that's actually a great question. Um, so developing a custom solution, it's an iterative process and it requires collaboration across both organizations.

(01:04:27):
Um, oftentimes there's gonna be a minimum quantity requirement, and that might be a barrier, uh, barrier to entry for a smaller company. But when you need to deploy tens of thousands of devices across multiple geographies, it becomes a no brainer from a cost scalability and management perspective to to develop something custom. Um, the most important question you should have answered before you engage with us is what challenge does your business need to solve that will improve efficiencies? Um, if there's a technology solution that can improve efficiencies within your organization, we're the right company to engage. Um, so some other things you should, you should think about before, you know, contacting us or as you're speaking to us, is, you know, what's the timeline you need to roll this device out? Um, what are the target markets you plan on deploying them in? What are the operating systems that your applications are developed to work with? Um, and who is basically the end user? Um, those are some of the most important questions that you'll want to know as you head into an engagement with us. And then we'll kind of guide you along the, the rest of the way and, and, and help with any other questions that you might not have the answers to prior to starting an engagement with us.

Brian Chee (01:05:46):
That sounds awesome. <laugh>. I wish I had you guys 15 years ago, <laugh>. Oh, well

Tyler Forst (01:05:54):
We hear that a lot.

Brian Chee (01:05:55):
Tyler, thank you so much for being on the show and helping to educate us. Um, the bespoke mobility sounds like a very, very cool and very timely topic.

Tyler Forst (01:06:10):
Yeah. Again, thank you guys for having us. Um, this was great. Happy to to answer any questions or join any other time. You, uh,

Curtis Franklin (01:06:20):
Outstanding Tyler. Thank you so much. We appreciate it. We'd love to continue talking, but unfortunately we've run out of time. It's funny how that happens when we're, we're having a good time here on This Week in Enterprise Tech. Before we go though, Brian, where can people find you? What you gonna be doing this coming week?

Brian Chee (01:06:43):
I'm gonna be tinkering. You know, we, we have to play. So I'm gonna be bragging about some of the cool blinky lights I'm working on, um, on Twitter. I'm still on Twitter, you know, the, uh, Mastodon hasn't quite grabbed my attention as much as Twitter, so we'll see how that goes. But I'm a D V N E T L A B advance net lab on Twitter. Love to hear from you and you know, we're gonna see if we can go and share some neat stuff. Um, you're also more than welcome to make suggestions. You know, we'd love to hear your ideas for shows. Um, I try to organize shows by threads. Um, people ask for various, you know, topics and I try to go and weave those threads to go and help you go in at the very beginning, the middle and hopefully find someone that can go into some more detail so that we can cate everybody. So I'm also sheer C h e e b e RT twit.tv. You're also welcome to throw email@twittwit.tv. Um, that'll hit all the hosts. We'd love to hear from you. We'd love to hear your ideas. We'd love to hear your comments, and hopefully we'll find something that appeals to you.

Curtis Franklin (01:08:14):
Thanks so much, Brian. We appreciate that. If you want to follow me, you can do so on LinkedIn. Uh, you can, I'm Kurt Franklin. You can do it on Twitter. I am KG four g w a. There are all kinds of places to follow me and I try to make it worthwhile to do just that. Uh, as with Brian, if you've got questions, if you've got comments, if you've got suggestions for things you'd like us talk about, please don't hesitate to send them our way. Well, that's it for this week. Next week with any luck at all, Lou will be back in the, uh, co uh, chief hosts chair. Looking forward to that. Until then, thanks for being with us. You know, we wouldn't do this without you. And if you're looking for the best in enterprise technology news, remember, just keep quiet.

Ant Pruitt  (01:09:16):
Hey folks, I'm Ant Pruitt. I have a question for you. How do you think your hardworking team with a Club Twit corporate subscription plan? Of course, show your appreciation and reward your tech team with the subscription to Club Twit. Keep everyone informed and entertained with podcast covering the latest in tech with the Club Twit subscription. They get access to all of our podcasts at free, and they also get access to our members-only Discord, uh, access to exclusive outtakes and behind the scenes footage and special content like the fireside chats that I enjoy hosting. Plus, they also get shows like Hands-on Mac, hands-on Windows, and the Untitled Linux Show. So go to twit tv slash club twit and look for corporate plans for complete details.

 

All Transcripts posts