BYOD is unstoppable. Smart companies must build apps


Published on

The Bring Your Own Device (BYOD) movement has gained unstoppable momentum. And thanks to the burgeoning mobile app market, employees have high expectations for these tools. They want an attractive user experience tailored to their devices. In other words, companies need to invest in building apps, period.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

BYOD is unstoppable. Smart companies must build apps

  1. 1. BYOD is unstoppable. Smart companies mustbuild appsBy Matt McLartyLayer 7 Technologies. Apr. 8, 2012.The Bring Your Own Device (BYOD) movement has gained unstoppablemomentum. And thanks to the burgeoning mobile app market, employeeshave high expectations for these tools. They want an attractive userexperience tailored to their devices. In other words, companies need to investin building apps, period.During my two decades of working in enterprise IT, I’ve observed the client-server revolution, the internet explosion and the service-oriented architecture(SOA) boom. Despite all the buzz around cloud and big data, I believe mobilewill dominate enterprise IT transformation over the next decade and help toshape those other two trends. Our company, Layer 7 Technologies, andcompetitors such as Apigee and Mashery, are providing API managementsolutions to support mobile integration for the consumer app market. Ibelieve that BYOD will spark an ever greater demand for API management toaddress enterprise mobile apps.
  2. 2. I’ve seen some companies try to cut corners by pushing their existingbrowser-based enterprise apps out to mobile devices, and the returns are notencouraging. One electronics company Layer 7 worked with wanted to createa multi-platform mobile app for their employees, but discovered that theirweb security tokens were truncated on iPhones. An airline we worked withrolled out their first iPhone app and failed to get traction, because the userinterface mimicked their backend green screens. These companies limitedthemselves by not taking advantage of the unique features of mobile devices,and employees were uninterested in using the clunky apps.These are cautionary tales, but they have happy endings. Both companiesended up investing in the user experience. And by reusing much of theirexisting enterprise infrastructure, they still saved a lot of money. Theelectronics company fixed their mobile security protocol without replacingtheir access control servers. And the airline rewrote their mobile app to bemore user-friendly without changing the backend enterprise application. Bothcompanies combined their existing enterprise assets with an API managementsolution to create mobile-friendly APIs. These APIs powered the mobile appswith suitable security, reliability and performance.Redrawing the borders between the presentation, logic and data tiersThese examples signal a shift in the enterprise IT landscape. During theinternet explosion, applications settled on three tiers: presentation, logic anddata. Because of the enabling technologies, the lines between the presentationand logic tiers frequently blurred, and a hard border was created between thelogic and data tiers. For example, a web app for order processing mightinclude business logic steps in the browser code either deliberately or byaccident (if the same developer codes both tiers). With the enterprise mobilemovement, I think that the tiers will remain the same.However, I believe that the overwhelming emphasis on user experiencecombined with the impact of cloud and big data will now blur the linebetween logic and data, and the border between presentation and logic willbecome much more complete. That concrete border has a name: it is the API.That order process now needs to be available on the web and to a variety ofmobile devices, so that the logic tier can be accessible to all channels throughthe API.The API border is the new security perimeterBecause personal mobile devices cannot be trusted the same way a company-owned and managed desktop PC could be, the concrete API border is also thenew security perimeter. For these reasons, an enterprise API proxy that
  3. 3. provides secure, multi-channel access to the logic and data tiers will bevaluable.This API proxy plays a dichotomous role. It opens and eases integration withenterprise APIs, and it enforces the policies that check user identity andcontrol access to backend resources and data. Due to the mixed personality ofBYOD devices — business and pleasure — no API request message can betrusted outright. Identity must be checked using any number of principals —app, device, end user — and weighed against the requested assets.The value proposition of the API proxy increases dramatically if it is able tomap between the security protocol of choice in the mobile world, OAuth, andthe existing security infrastructure in the enterprise. Web single sign-onsolutions are too heavyweight for mobile devices, but their underlying policiesand infrastructure can be reused in this context. The API proxy is the key tobridging the gap between the integration and security needs of the mobiledevices and the existing and proven enterprise services and policies.Companies are using the API proxy at the core of their API managementsolution for secure mobile app integration with their enterprise systems. Ahealthcare company we worked with wanted to offer an iPad-based app tocollect their member data. The company was very concerned about dataprivacy and access control. Through the proxy, they were able to exceed theindustry’s security requirements and easily reuse their enterprise applicationsto launch the app.A developer-driven approach to integrationDriven by BYOD, companies are also following consumer app trends andoffering API portals where developers can find out which APIs are availablein the enterprise, how to connect to them, and how to establish contracts thatinclude quotas, costs and service levels. I believe that this developer-drivenapproach to integration is a refreshing shift from the current SOA state andwill help to improve the overall agility of enterprise IT.Business and IT leaders who are wrestling with whether or not personaldevices should be allowed in their company’s network should embrace thischange. There is no stopping it, it’s already here. And there is a big upside toBYOD beyond employee satisfaction. People treat their personal mobiledevices as an extension of themselves. Employee productivity improves witheach new task that they can accomplish on their favorite toy and a ton ofcosts can be saved through reduction in paperwork and manual processing ingeneral.
  4. 4. If companies turn their worries to figuring out how to engage field employeeswith apps that leverage 1080p resolution and LTE connectivity, they can restassured that through API management they will have a solution that deliverson the promise and protects against the threats of the mobile future, addsimmediate value to the present, and leverages the investments of the past.Matt McLarty is vice president of client solutions for Layer 7 Technologies, a provider ofAPI management solutions. Prior to Layer 7, Matt led technical sales for IBM applicationintegration middleware and worked extensively as an enterprise architect in the financialservice industry.