The Bring Your Own Device (BYOD) movement has gained unstoppable momentum. And thanks to the burgeoning mobile app market, employees have high expectations for these tools. They want an attractive user experience tailored to their devices. In other words, companies need to invest in building apps, period.
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
BYOD is unstoppable. Smart companies must build apps
1. BYOD is unstoppable. Smart companies must
build apps
By Matt McLarty
Layer 7 Technologies. Apr. 8, 2012.
The Bring Your Own Device (BYOD) movement has gained unstoppable
momentum. And thanks to the burgeoning mobile app market, employees
have high expectations for these tools. They want an attractive user
experience tailored to their devices. In other words, companies need to invest
in building apps, period.
During my two decades of working in enterprise IT, I’ve observed the client-
server revolution, the internet explosion and the service-oriented architecture
(SOA) boom. Despite all the buzz around cloud and big data, I believe mobile
will dominate enterprise IT transformation over the next decade and help to
shape those other two trends. Our company, Layer 7 Technologies, and
competitors such as Apigee and Mashery, are providing API management
solutions to support mobile integration for the consumer app market. I
believe that BYOD will spark an ever greater demand for API management to
address enterprise mobile apps.
2. I’ve seen some companies try to cut corners by pushing their existing
browser-based enterprise apps out to mobile devices, and the returns are not
encouraging. One electronics company Layer 7 worked with wanted to create
a multi-platform mobile app for their employees, but discovered that their
web security tokens were truncated on iPhones. An airline we worked with
rolled out their first iPhone app and failed to get traction, because the user
interface mimicked their backend green screens. These companies limited
themselves by not taking advantage of the unique features of mobile devices,
and employees were uninterested in using the clunky apps.
These are cautionary tales, but they have happy endings. Both companies
ended up investing in the user experience. And by reusing much of their
existing enterprise infrastructure, they still saved a lot of money. The
electronics company fixed their mobile security protocol without replacing
their access control servers. And the airline rewrote their mobile app to be
more user-friendly without changing the backend enterprise application. Both
companies combined their existing enterprise assets with an API management
solution to create mobile-friendly APIs. These APIs powered the mobile apps
with suitable security, reliability and performance.
Redrawing the borders between the presentation, logic and data tiers
These examples signal a shift in the enterprise IT landscape. During the
internet explosion, applications settled on three tiers: presentation, logic and
data. Because of the enabling technologies, the lines between the presentation
and logic tiers frequently blurred, and a hard border was created between the
logic and data tiers. For example, a web app for order processing might
include business logic steps in the browser code either deliberately or by
accident (if the same developer codes both tiers). With the enterprise mobile
movement, I think that the tiers will remain the same.
However, I believe that the overwhelming emphasis on user experience
combined with the impact of cloud and big data will now blur the line
between logic and data, and the border between presentation and logic will
become much more complete. That concrete border has a name: it is the API.
That order process now needs to be available on the web and to a variety of
mobile devices, so that the logic tier can be accessible to all channels through
the API.
The API border is the new security perimeter
Because personal mobile devices cannot be trusted the same way a company-
owned and managed desktop PC could be, the concrete API border is also the
new security perimeter. For these reasons, an enterprise API proxy that
3. provides secure, multi-channel access to the logic and data tiers will be
valuable.
This API proxy plays a dichotomous role. It opens and eases integration with
enterprise APIs, and it enforces the policies that check user identity and
control access to backend resources and data. Due to the mixed personality of
BYOD devices — business and pleasure — no API request message can be
trusted outright. Identity must be checked using any number of principals —
app, device, end user — and weighed against the requested assets.
The value proposition of the API proxy increases dramatically if it is able to
map between the security protocol of choice in the mobile world, OAuth, and
the existing security infrastructure in the enterprise. Web single sign-on
solutions are too heavyweight for mobile devices, but their underlying policies
and infrastructure can be reused in this context. The API proxy is the key to
bridging the gap between the integration and security needs of the mobile
devices and the existing and proven enterprise services and policies.
Companies are using the API proxy at the core of their API management
solution for secure mobile app integration with their enterprise systems. A
healthcare company we worked with wanted to offer an iPad-based app to
collect their member data. The company was very concerned about data
privacy and access control. Through the proxy, they were able to exceed the
industry’s security requirements and easily reuse their enterprise applications
to launch the app.
A developer-driven approach to integration
Driven by BYOD, companies are also following consumer app trends and
offering API portals where developers can find out which APIs are available
in the enterprise, how to connect to them, and how to establish contracts that
include quotas, costs and service levels. I believe that this developer-driven
approach to integration is a refreshing shift from the current SOA state and
will help to improve the overall agility of enterprise IT.
Business and IT leaders who are wrestling with whether or not personal
devices should be allowed in their company’s network should embrace this
change. There is no stopping it, it’s already here. And there is a big upside to
BYOD beyond employee satisfaction. People treat their personal mobile
devices as an extension of themselves. Employee productivity improves with
each new task that they can accomplish on their favorite toy and a ton of
costs can be saved through reduction in paperwork and manual processing in
general.
4. If companies turn their worries to figuring out how to engage field employees
with apps that leverage 1080p resolution and LTE connectivity, they can rest
assured that through API management they will have a solution that delivers
on the promise and protects against the threats of the mobile future, adds
immediate value to the present, and leverages the investments of the past.
Matt McLarty is vice president of client solutions for Layer 7 Technologies, a provider of
API management solutions. Prior to Layer 7, Matt led technical sales for IBM application
integration middleware and worked extensively as an enterprise architect in the financial
service industry.