Mobile apps governance basics

May 22nd 2017

Presented by:
Kevin Bertholio – Kevin Castel - Gregory Brunet - Emmanuel Chabani -
Christine de Changy - Ashwath Desai – Peter Mo -Thierry Rutgé – Priya Shekar

Confidential Property of Schneider Electric

 Agenda:

1. Mobile app Gov Principles

2. Branding & Naming Stream
3. UI Stream
4. Architecture Stream
5. CyberSec Stream
6. Publishing Stream
7. Analytics
8. Q&A

Confidential Property of Schneider Electric Page 2

Mobile apps governance Principles

Emmanuel Chabani – Christine de Changy

Confidential Property of Schneider Electric Page 3

What is the Mobile apps governance about ? In two words

• Mobile apps governance for customer facing apps, co-led by IPO/CE & GM/DCE with strong support from DCES,
IPO/EA, PSO, GM

• Schneider Electric has

• too many mobile apps for our customers

• with low consistency in terms of UI, branding, architecture, poor cybersec, and too many publisher stores

• The Mobile apps governance aims at

• reducing the number of apps

• bringing global consistency between them.

Confidential Property of Schneider Electric | Page 4

App Governance – key guidelines as of April 2016
Today’s situation at Schneider Electric
• 375 Apps, out of which only 43 were updated over last 12 months
• Product support, e-catalogue and selectors represent #80% of downloads (> 1.0m downloads)
• We have 1 governance portal, yet most countries + businesses do not apply the common guidelines

What we want to achieve in 2017

• 100% Apps respect global guidelines (architecture + design + naming/branding + registration)
• Restructure existing App catalogue by strong clean-up and convergence plan to promote multi-
business master apps by key domains (eg. CCApp, MyElec App,…consistent with customer journeys)

How are we going to make it happen ?

• A very strong governance with Businesses (Global and in countries) reinforcing the existing assets
• One single publisher and One Global App catalogue managed by DCE
Source: Minutes from ExCom meeting during strategy week
5
Situation in May 2016
Status

• 375 SE Apps & more coming

• Not connected between them &
scope overlap
• Inconsistent Brand guidelines
• Inconsistent UX-UI interface
(design)
• Inconsistent user registration
• High maintenance, promotion and
user acquisition costs

Confidential Property of Schneider Electric | Page 6

App governance portfolio in May 2017

1. Starting with a portfolio of 375 unique

Apps
2. We challenged the App owners
• with the low number of downloads
• With no updates in the last year
• …
3. 158 apps were removed from the stores
4. 85 Apps were selected to be kept and to
converge to Master Apps
5. We defined 5 categories of Master Apps

Confidential Property of Schneider Electric | Page 7

Bringing
App global consistency
governance & Process: Mobile apps governance Process
All Apps should start entering the process prior to any development
Golden Rules
 Registration feature & Promotion budget Mandatory
 Published under One Schneider Electric account

• Process defined to put App Lifecycle under control

• Validation « badges » for 5 « streams »
 Naming/Branding
 UX/UI Design
 Architecture
 CyberSecurity
 Publishing

Process supported by a new Portal

and
http://appsgovernance.schneider-electric.com/

Confidential Property of Schneider Electric | Page 8

Apps in the process…

Confidential Property of Schneider Electric | Page 9

 Branding & Naming Stream – Mobile & Tablets Apps
Kevin CASTEL

Confidential Property of Schneider Electric |

 A Lack of Consistency
can bring on a lack of interest

Confidential Property of Schneider Electric |

Confidential Property of Schneider Electric |
 brand.schneider-electric.com
http://brand.schneider-electric.com/confluence/display/CreativeExpression/Mobile+and+Tablet+Apps+Brand+Guidelines

Confidential Property of Schneider Electric |

 4 Key Drivers

mySchneider
Wiser

Simplicity Customer Centricity Opportunity Strategy

We are simplifying our
Portfolio of Brands and
Ranges – not only for the
apps but also for our Offer
and Services for Partners.
We are creating names We have identified We have a future
to build multi-screen untapped marketing proof naming
experience. opportunities on App Store architecture for all the
and Google Play. future offer.

Confidential Property of Schneider Electric |

 4 Key Drivers

mySchneider
Wiser

Simplicity Customer Centricity Opportunity Strategy

We are simplifying our
Portfolio of Brands and
Ranges – not only for the
apps but also for our Offer
and Services for Partners.
We are creating names We have identified We have a future
to build multi-screen untapped marketing proof naming
experience. opportunities on App Store architecture for all the
and Google Play. future offer.

Confidential Property of Schneider Electric |

 4 Key Drivers

mySchneider
Wiser

Simplicity Customer Centricity Opportunity Strategy

We are simplifying our
Portfolio of Brands and
Ranges – not only for the
apps but also for our Offer
and Services for Partners.
We are creating names We have identified We have a future
to build multi-screen untapped marketing proof naming
experience. opportunities on App Store architecture for all the
and Google Play. future offer.

Confidential Property of Schneider Electric |

 4 Key Drivers

mySchneider
Wiser

Simplicity Customer Centricity Opportunity Strategy

We are simplifying our
Portfolio of Brands and
Ranges – not only for the
apps but also for our Offer
and Services for Partners.
We are creating names We have identified We have a future
to build multi-screen untapped marketing proof naming
experience. opportunities on App Store architecture for all the
and Google Play. future offer.

Confidential Property of Schneider Electric |

 Training
EcoStruxure Building
Branding & Naming
Save the Date
Operation: Best-class BMS
UI/UX
Branding & Naming
Save the Date
UI/UX Training May 31st – 3pm CET > 4.30pm CET

May 31st – 3pm CET > 4.30pm CET

Confidential Property of Schneider Electric |

UI design Stream
Thierry Rutgé

Confidential Property of Schneider Electric

A strong brand design enables a strong
brand consistency

Schneider Electric brand design must unable

brand recognition, and reveal the specificity and
unique character of our brand
The common DNA of our software applications is
expressed through a precise and specific
vocabulary
The consistent usage of this specific vocabulary
clearly and readably differentiates our software
offering, while guaranteeing the same brand
identity

Confidential Property of Schneider Electric | Page 20

A strong brand design enables a strong brand consistency

Before After
 User interface
design
guidelines
The ergonomics and
graphic rules
to apply

Confidential Property of Schneider Electric | Page 22

How to work this the Design Lab?

The earlier the better!

Confidential Property of Schneider Electric | Page 23

Architecture Stream
Kevin Bertholio

Confidential Property of Schneider Electric | Page 24

Architecture - Our missions

• Define Mobile Application Standards

• Review apps architecture
• Provide technical support
• Help to define the mobile strategy

Confidential Property of Schneider Electric | Page 25

Architecture - Mobile App Standards

1 document about: SCHNEIDER ELECTRIC -

MOBILE APP GOVERNANCE
ARCHITECTURE GUIDELINES

• Tech Stack
• Requirements
• Recommendation
• =S= Architecture pattern SCHNEIDER ELECTRIC

Confidential Property of Schneider Electric | Page 26

Architecture - Review

1 hour with tech lead

• Technical info
• Functional Description
• Data Model
• Component Diagram
 feedbacks

Confidential Property of Schneider Electric | Page 27

 Mobile App Architecture Standards:
https://schneider-electric.box.com/s/k9tpczxdbga98r54vvdzg3iop33ln9ps

Contacts:
elia.reininger@schneider-electric.com
kevin.bertholio@schneider-electric.com

Confidential Property of Schneider Electric | Page 28

Cybersec Stream
Ashwath Desai - Priya Shekar

Confidential Property of Schneider Electric

Apps not related to a product
Application Certification Framework
Application Certification

PRIVACY

SECURITY

Confidential Property of Schneider Electric |

 CERTIFICATION JOURNEY
Commit
Certification
Required
Project Initiation
....
I Risk Assessment
Project Manager fills a Risk
Assessment Form to identify the
risks to be addressed.
Certification Area Leader assists
you and issues a risk
assessment report.
Complete Risk
Assessment
Open Do Go Live
Application
Certified
Project Planning Project Execution
....
II Risk Mitigation III Certification
Project Manager fills a
Project Manager plans and executes a risk Certification Checklist to
mitigation plan to ensure that risks are ensure that risks have been
mitigated. properly mitigated.
Certification Team helps you providing Certification Team checks
vulnerability assessment service and evidences and issues a
certificate.
connecting you with experts if needed.
Store all documentary Complete
evidences into an Certification
assigned BOX folder Checklist
32
 START CERTIFICATION TODAY

Follow “IPO Application Certification” subject

Download a Risk Assessment Form

1 https://schneider-electric.box.com/v/certification-SE

Request support from a certification team if needed

2 Certification.SE@schneider-electric.com

Complete the Form and E-mail it for review

3 Certification.SE@schneider-electric.com
Confidential Property of Schneider Electric |
Apps related to a product
Mobile Pentest Methodology - Confidential
SERVICES PROVIDED BY GSL

Code Scanning

Penetration Testing

Final Testing
SERVICES PROVIDED BY GSL (PENTESTING)
Penetration Test for

Web/Cloud Applications

Mobile

PC Software

OT

http://pso.schneider-electric.com/wiki/index.php/Global_Security_Lab
FULL SPRINT (6 WEEKS)

one week four weeks one week

understand the product, testing the product with methodology consolidating results +
meeting with dev team + writing word document making presentation

final results
kick-off first run intermediary report final results
(meeting)

-Install\test plan -Manually and semi auto exploitation tests

-Run Semi-Auto V- -Manual Abuse case Testing
Scan -Manual penetration tests

Presentation Zip with

+ Meeting RAW results Word
report
APPROACH FOR MOBILE APPLICATIONS

Information
Vulnerability Analysis
Gathering

Forensic
Static Analysis Dynamic Analysis
Methods

Exploitation

Risk Rating/Creating Test Report

MOBILE TOP 10 VULNERABILITY TESTING - 2016

1. Improper Platform usage

2. Insecure Data Storage
3. Insecure Communication
4. Insecure Authentication
5. Insufficient Cryptography
6. Insecure Authorization
7. Client code quality
8. Code Tampering
9. Reverse Engineering
10.Extraneous Functionality
 Make the most of
your energy™, securely..

Confidential Property of Schneider Electric

Apps Publishing Stream
Grégory Brunet

Confidential Property of Schneider Electric | Page 41

Mobile Application Publising

The first step is to define where you mobile application must be published.
It depends of the phase in which your application is:

- Development / Test (iOS & Android) *: HockeyApp

HockeyApp is a good way to collect live crash reports, get feedback from your users, distribute your betas, and analyze your test coverage. It
makes it the Schneider Electric choice for the tests made during the development phase of your application.

* Necessary time to plan: 2 days

- User Acceptance Testing *: Apple App Store & Google Play Store (Through the Beta & Alpha dedicated areas)

The UAT phase must be done with real users, not only Schneider Electric employees.
The application will be published on the official public store accounts. Each account (iOS AppStore & Android Google Play Store) have a place
allowing you to push a build and invite users to test it.
It remains private and your application is not visible to all during this phase.

* Necessary time to plan: 3 days

Confidential Property of Schneider Electric | Page 42

Mobile Application Publishing

- Public Production *: Apple App Store & Google Play Store

The public productions are the official Apple and Google Stores, it makes your application visible by all.
Schneider Electric own an official publisher account in both.

* Necessary time to plan: 10 days

- B2B Production *
- iOS: Apple Volume Purchase Program (https://developer.apple.com/programs/volume/b2b/)
- Android: Google Play for Work https://developer.android.com/distribute/googleplay/work/about.html

Distributing mobile applications for B2B means distributing the apps privately to an SE customer that will make this application available
internaly for his organisation, in that case Schneider Electric is the Developer.

The targeted account must be owned by the SE customer, created with his own DUNS Number.

* Necessary time to plan: 10 days

Confidential Property of Schneider Electric | Page 43

Mobile Application Publishing

Prerequisite:

In any case, your application must be signed with a certificate and a provisioning profile (mainly for iOS apps).
Depending on the purpose and on the targeted publisher account, the files and user accounts will be different.

To make sure the publication will be accepted, please provide the following to Gregory Brunet:

- Name of your application

- Its default language
- State your specific needs (Push notifications / AppGroups / Widget / Siri / iCloud etc …)
- Targeted publisher account (Hockeyapp for dev / Public Beta or Alpha / Production / B2B)
- Name & eMail address of the developer allowed to sign the application
- Name & eMail address of all the persons who must have an access to the publisher accounts BO (with role details)

Necessary time:

- Please refer to the two previous slides. The time to plan will be different depending the targeted publisher account,
to summarize it will be between 2 to 10 working days.

Confidential Property of Schneider Electric | Page 44

Analytics
Peter Mo

Confidential Property of Schneider Electric | Page 45

Basic mobile apps analytics
Until recently, we measured our apps performance with only one metric : the number of downloads.

Downloads number is important, but is not enough to tell us if our apps are really adopted by our customers!

That’s why we need more data such as:

Store views Conversion Usage

(impressions)
Sessions
rate (DAU/MAU)

Keywords (ASO) Ratings Reviews

Confidential Property of Schneider Electric | Page 46

 Basic mobile apps analytics dashboard – App Annie

MY APP ANALYTICS:
• Info for >400 SE apps (Android
and iOS)
• Download
• In-app analytics (if connected)
such as usage and sessions

MARKET INTELLIGENCE:
• Competition analysis
• App positioning & ASO
• Portfolio management
• App reviews & ratings

Registration procedures and onboarding sessions recordings:

https://schneider-electric.box.com/s/zq3ozuzyuxp48f79rpudgeodm2sf63aj

Confidential Property of Schneider Electric | Page 47

Q&A

Confidential Property of Schneider Electric | Page 49

Appendix

Christine de Changy

Confidential Property of Schneider Electric Page 50