mobile enterprise application, mobile application development, mobile enterprise, hybrid mobile, mobile security, reverse engineer, obfuscation, ibm, mobilefirst platform, bluemix, api management, mobile backend as a service
4. 5
Simple, scalable and proven enterprise mobile governance
platform
Protect from mobile-
specific threats across
channels
Interaction
Analytics
Application
Lifecycle
Mobile APIs
Comprehensive
Security
Better understand your
users how they interact
with channels
Reduce time and costs
of operations and fast
and frequent updates
Add channel specific
interactions logic and
common business logic
as APIs
Essential mobile
services enriching user
experience
Push &
Offline Sync
Mobile Enterprise Application Platform in a Nutshell
5. 6
z
Operations
Back-end
Front-end
30%
of the value
and effort is
visible
(mobile UI)
70%
of the value
and effort
lies under
the surface
Short time to market
Web? Hybrid?
Native?
Framework to use
Who, When and
How the
application is used
Track problems that
affect UX
Manage and
enforce app
versions
Security
Data
protection
Push
upgrades
User
authentication
User engagement
Connect to back-end
Efficient and flexible
push notifications
Offline availability
B2E app distribution
Track and leverage
location
Mobile apps go deeper than front-end UI
6. 7
Amateur Mobile Developer Enterprise Mobile Developer
“If you think it's expensive to hire a
professional to do the job, wait until
you hire an amateur”
Application Vulnerabilities
API Endpoint Security
Integration with System of Records
Secure offline Storage
Application Obfuscation
Mobile Testing
Direct Update to thousands devices
Endpoint Protection
Financial Malware Protection
Security Audit
7. 8
Mobile Enterprise Development Lifecycle
Design &
Develop
Obtain
Insight
Manage
Deploy
Measure
Integrate
Test
Scan & Certify
Industrialize
8. 9
Critical Capabilities for Mobile Application Development Platforms
1. App Analytics and Reporting
2. App Testing/Life Cycle Management
3. Cloud and Mobile Back-End Services
4. Content Management/Dynamic Updates
5. High-Productivity IDE
6. Integration and API Management
7. Low-Code/No-Code App Building Tool
8. Omnichannel Support
9. Platform Security and Certification
10. UI and Native API Support
11. UX, Process and Data Modeling
0 5 10 15 20 25 30
B2E Simple B2E Complex B2C Transactional B2C Informational
9. 10
1. App Analytics & Reporting
+ Analytics address the following:
• User adoption, device and app properties
• User actions and called adapter procedures
• Performance and data usage information
• Exceptions, crashes, logs, response time
+ Increase customer satisfaction
• Respond quickly to crashes and app performance problems
+ Rapidly discover issues
• Configure threshold-based alerts to stay on top of problems without constant monitoring
+ Stay in focus
• Prioritize by crash rate, crash count, or devices affected
+ Easily troubleshoot to root cause
• Identify offending lines of code in 2 clicks
• Download client logs to discover the cause
10. 11
2. App Testing & Lifecycle Management
+ Evidence-based prioritization
enable business and IT to collaborate on mobile strategy and UX
+ Over the air app distribution
get the latest in the hands of testers as soon as it is available
+ Frictionless bug reporting
spend every minute on testing latest and greatest builds,
not the hassles
+ In-app crash reporting
rapid understanding of why an app fails, Get aggregated crash logs and complete
complete stack trace from pre-production and production environments automatically.
+ Sentiment analysis
mine app ratings and reviews to extract actionable feedback before they go viral
11. 12
3. Cloud and Mobile Backend Services
+ From multiple point-to-point integrations
• Multiple sets of integrations to enterprise resources
to build and maintain
• YOU manage caching, synchronization and end-to-
end encryption
+ To streamlined, transparent access
• transforms enterprise data into mobile-friendly, JSON format
• manages caching, data synchronization and end-to-end
encryption
ERP
Engine
App DB
SQL
JSON
Mobile Adapters
Mobile
Server
ERP
Engine
App DB
Cloud
Service
Cloud
Service
WindowsAndroid BlackberryApple
WindowsAndroid BlackberryApple
SAP
HTTP (REST, SOAP), JMS HTTP, CAST IRON
12. 13
4. Content Management and Dynamic Updates
1. Web resources packaged with app to ensure initial offline availability
2. Web resources transferred to app's cache storage
3. App checks for updates on startup and foreground events
4. Updated web resources downloaded when necessary, with user confirmation or silently
Mobile
Server
Native Shell
Pre-packaged
resources
Download
Update web resource
App Store
Web
resources
Cached
resources
Transfer
Check for
updates
1
2
3
4
13. 14
5. High Productivity IDE
+ Code assist tools with auto-complete and validation
+ Application scaffolding and componentization
+ Mobile OS-specific optimization
+ Device-specific optimization with Skins
+ 3rd-party library integration for HTML5 and native components
+ Quick access to simulators, emulators, and debugging tools
14. 16
7. Low Code / No Code App Building Tool
+ Developers, not just business professionals,
can and should use low-code platforms.
+ Custom programming can still be used with
low-code platforms.
+ Low-code platforms can support large-scale
enterprises.
15. 17
9. Platform Security and Certification
Proactively enforce
security updates
Remote
disable
Direct update
Provide robust
authentication and
authorization to secure users
Authentication
integration
framework
Data
protection
realms
Coupling
device id with
user id
Streamline corporate
security approval
processes
Mobile
platform as a
trust factor
Protect from
Known Application
Security Threats
Code
obfuscation
SSL with
server
identity
verification
Proven
platform
security
Device
provisioning
integration
App
authenticity
testing
Protect data on the device
Encrypted
cache / DB
Offline
authentication
Secure
challenge-
response on
startup
16. 18
10. UI and Native API Support
+ Support all various
Mobile
Development
approaches
+ Pure Web,
Hybrid,
Pure Native
17. 19
Mobile Enterprise Skill Migration Path
• HTML5
• JavaScript
• CSS
• Angular
Web
App
• Ionic
• Apache
Cordova
• Mobile SDK
Hybrid
Mobile
App
• Swing
• Spring
• Struts
Java
C/C++
• Android SDK
• Apple XCode
Native
Mobile
App
• ASP.NET
• Windows
Forms
C# /
C++
• Xamarin
• Qt
Native
Mobile
App
• API Consumption
• Secure Coding Practice
• Integration with Enterprise App
• SOAP Based Web Services
• Multi Platform Debugging
Common Skill
19. 21
Industrial Core
Application
➢ SQL injection
➢ Repackaging
Governance
➢ Uncontrolled damage
➢ Unaware intrusion
App Dev Studio
App Code
Banking Apps
Device
Environment
Security
Analytics &
Alerts
App Scanning
Device
➢ Unknown device
➢ Confidential data leak
User
➢ Man in the middle
➢ Unsafe user sessionForms/Pages
Certificates
Authenticate
Crash
Logging
Disable
Device
Application
Authenticity
Step up
Authentication
Framework
Disable
Application
Device
Identification
Mobile Foundation
Mobile Devices are NOT in Your Control
Storage
App Store
Encrypted
1 0 1 0 1 0
0 1 0 1 0 1
App binary
1 0 1 0 1 0
? X ? X ? ?
Risks
Synchronize
Offline Data
SDK SDK SDK
Obsfuscate
OSRegistration
20. 22
Protecting the Mobile APIs is as equally Important
Real Time Traffic Attack
➢ Clear text on the wire
➢ Denial of service attacks
➢ Cross site scripting
➢ Burst traffic
Message Level Attack
➢ Inconsistent access
➢ JSON injection
➢ XML injection
➢ Message replay
➢ Sensitive data leakage
Push
Authentication
Live Update
Offline Sync
Mobile API
Mobile Foundation
API
API
Management
Microservices
Integration
services
API
Risks
Message Security
Threat Protection
Confidentiality
OAuth 2.0
Throttling
Transport Security
DDoS Prevention
DataPower
Traffic Routing
21. 23
Cloud
Interaction Tier
SDK SDK
Systems of
Record
Mobile
Foundation API Management
DataPower Gateway
www
eWallet
Time
Traveler
Watch
My
Portal
Other
Digital
Channels
Application Secure Gateway
High performance gateway to secure multi-channel
traffic across mobile, IoT, cloud, web, B2B, SOA and
APIs
API Management
Create, Run, Manage & Secure new or existing APIs
and Microservices in a hybrid deployment with
Node.js and Java to power modern digital
applications
Essential mobile backend services pre-integrated
with advanced mobile safeguards, management
and analytics
Mobile Foundation
Add access control and policy
enforcement over APIs, publish to
self-service developer portal.
Complement mobile analytics with
advanced API usage analytics for
end-to-end visibility.
Delivery a Secured Omni Channel Experience
25. 27
Mobile and API Platform
Continuous
& Rapid
Innovation
✓ Secure &
ProtectedAdaptive
APIs
MBaaS
Microservices
Authenticity Policy
Personalized
Experience
User
Experience
Analytics &
Insights
App
Life
Cycle
Mgmt.
INT Web
AppINT Web
App
EXT DEV INT DEV
Self-
Service
App
iOS
Android
Windows
3rd
Party
App
✓ Fast & Agile
✓ Contextual &
Relevant UI/UX
✓ Insightful
Innovation
✓ New Revenue
Streams
HR
App
UX/UI Tools of Choice App ScanClient Platform SDKs
✓ Managed &
Controlled
Automated Testing
Industrial
Core
BI
Analytics
Core
Business
$$$
CustomersResource
planningResource
planningResource
planning
ESB
Dev Portal1) 2) 4)3) 5)
Service
Exposure
Revitalize An Enterprise Mobility Journey....
34. 36
Key Take Away
1. Open Standard – Support industry standards on building native or hybrid frontend UI and backend
services and prevent from being locked in to proprietary technology
2. Rich Partner Ecosystem – Providing an open platform that attracts implementers to build their
mobile solutions using their choice of 'best of breed' tools and technology
3. Automated DevOps – Enabling rapid and continuous integration for digital economy by
automating application distribution, testing and certification through CLI
4. Device Independency – Zero day support of any new device OS platforms and any device types to
make sure apps working continuously
5. Integrated to Microservices Runtime – Rapid MBaaS creation and integration with PloyGot
microservices runtime of your choice
6. Usage & Custom Analytics – Targeted measurement of usability is key to continuous innovation
and improvement of digital apps
7. Advanced App Security – Extensible step up authentications to control access to sensitive
transactions and protect data privacy in different app contexts
8. Omni Channels – Centralizing security, governance and analytics for all major digital channel
applications, and the corresponding backend microservices
IBMMobileFoundation
35. Find @IBMIndo on:
www.ibm.com/id
#IBMIndo80Tahun or #IBMIndo 80Years
(choose one from the 2 hashtag)
Nugroho Gito
Software Architect
ngito@id.ibm.com
https://github.com/ngito/
https://www.slideshare.net/ngito
https://git.ng.bluemix.net/