The Bring Your Own Device (BYOD) movement has gained unstoppable momentum. And thanks to the burgeoning mobile app market, employees have high expectations for these tools. According to Matt McLarty of Layer 7 Technologies, companies need to invest in building apps, period.


The Bring Your Own Device (BYOD) movement has gained unstoppable momentum. And thanks to the burgeoning mobile app market, employees have high expectations for these tools. They want an attractive user experience tailored to their devices. In other words, companies need to invest in building apps, period.

During my two decades of working in enterprise IT, I’ve observed the client-server revolution, the internet explosion and the service-oriented architecture (SOA) boom. Despite all the buzz around cloud and big data, I believe mobile will dominate enterprise IT transformation over the next decade and help to shape those other two trends. Our company, Layer 7 Technologies, and competitors such as Apigee and Mashery, are providing API management solutions to support mobile integration for the consumer app market. I believe that BYOD will spark an ever greater demand for API management to address enterprise mobile apps.

I’ve seen some companies try to cut corners by pushing their existing browser-based enterprise apps out to mobile devices, and the returns are not encouraging. One electronics company Layer 7 worked with wanted to create a multi-platform mobile app for their employees, but discovered that their web security tokens were truncated on iPhones. An airline we worked with rolled out their first iPhone app and failed to get traction, because the user interface mimicked their backend green screens. These companies limited themselves by not taking advantage of the unique features of mobile devices, and employees were uninterested in using the clunky apps.

These are cautionary tales, but they have happy endings. Both companies ended up investing in the user experience. And by reusing much of their existing enterprise infrastructure, they still saved a lot of money. The electronics company fixed their mobile security protocol without replacing their access control servers. And the airline rewrote their mobile app to be more user-friendly without changing the backend enterprise application. Both companies combined their existing enterprise assets with an API management solution to create mobile-friendly APIs. These APIs powered the mobile apps with suitable security, reliability and performance.

Redrawing the borders between the presentation, logic and data tiers

These examples signal a shift in the enterprise IT landscape. During the internet explosion, applications settled on three tiers: presentation, logic and data. Because of the enabling technologies, the lines between the presentation and logic tiers frequently blurred, and a hard border was created between the logic and data tiers. For example, a web app for order processing might include business logic steps in the browser code either deliberately or by accident (if the same developer codes both tiers). With the enterprise mobile movement, I think that the tiers will remain the same.

However, I believe that the overwhelming emphasis on user experience combined with the impact of cloud and big data will now blur the line between logic and data, and the border between presentation and logic will become much more complete. That concrete border has a name: it is the API. That order process now needs to be available on the web and to a variety of mobile devices, so that the logic tier can be accessible to all channels through the API.

The API border is the new security perimeter

Because personal mobile devices cannot be trusted the same way a company-owned and managed desktop PC could be, the concrete API border is also the new security perimeter. For these reasons, an enterprise API proxy that provides secure, multi-channel access to the logic and data tiers will be valuable.

This API proxy plays a dichotomous role. It opens and eases integration with enterprise APIs, and it enforces the policies that check user identity and control access to backend resources and data. Due to the mixed personality of BYOD devices — business and pleasure — no API request message can be trusted outright. Identity must be checked using any number of principals — app, device, end user — and weighed against the requested assets.

The value proposition of the API proxy increases dramatically if it is able to map between the security protocol of choice in the mobile world, OAuth, and the existing security infrastructure in the enterprise. Web single sign-on solutions are too heavyweight for mobile devices, but their underlying policies and infrastructure can be reused in this context. The API proxy is the key to bridging the gap between the integration and security needs of the mobile devices and the existing and proven enterprise services and policies.

Companies are using the API proxy at the core of their API management solution for secure mobile app integration with their enterprise systems. A healthcare company we worked with wanted to offer an iPad-based app to collect their member data. The company was very concerned about data privacy and access control. Through the proxy, they were able to exceed the industry’s security requirements and easily reuse their enterprise applications to launch the app.

A developer-driven approach to integration

Driven by BYOD, companies are also following consumer app trends and offering API portals where developers can find out which APIs are available in the enterprise, how to connect to them, and how to establish contracts that include quotas, costs and service levels. I believe that this developer-driven approach to integration is a refreshing shift from the current SOA state and will help to improve the overall agility of enterprise IT.

Business and IT leaders who are wrestling with whether or not personal devices should be allowed in their company’s network should embrace this change. There is no stopping it, it’s already here. And there is a big upside to BYOD beyond employee satisfaction. People treat their personal mobile devices as an extension of themselves. Employee productivity improves with each new task that they can accomplish on their favorite toy and a ton of costs can be saved through reduction in paperwork and manual processing in general.

If companies turn their worries to figuring out how to engage field employees with apps that leverage 1080p resolution and LTE connectivity, they can rest assured that through API management they will have a solution that delivers on the promise and protects against the threats of the mobile future, adds immediate value to the present, and leverages the investments of the past.

Matt McLarty is vice president of client solutions for Layer 7 Technologies, a provider of API management solutions. Prior to Layer 7, Matt led technical sales for IBM application integration middleware and worked extensively as an enterprise architect in the financial service industry.

Image courtesy of Flickr user Robert Agthe.

You’re subscribed! If you like, you can update your settings

  1. Sad, but my company just took a step back ten years this week. We were a small company originally, very mobile IT engIneering and sales teams. If you ever came to our offices it would be a ghost town during the day if everyone was busy out on client sites. We had Citrix for access back to the office, an allowance to get whatever data plan we wanted, provided light weight laptops, and all our apps were available by remote. Then we got bought by a much bigger company. Easier to kill of our systems and move us into the collective. Now my laptop is a shitty dell that weighs a ton, and our time sheet system now only works with IE, so my iPad now can no longer work seamlessly, so I HAVE to take my laptop with me, and our office communicator system now only works on the corporate network.
    No companies have to support BYOD, but it does make it feel like ten years ago with out it. 8(

  2. Reblogged this on Virtualized Geek Blog and commented:
    I talked about this a couple months ago on virtualizedgeek.com. The above comment talked about Citrix which is a good start but ultimately organizations need to focus on cloud type services. This doesn’t mean public cloud solutions such as Salesforce but the idea is the same. The applications need to be web based and support multiple browsers. Users will bring their own devices if they are approved or not by IT.

    This will soon become an issue for retaining top talent. Top talent will want to utilize their own technology in the way that they want or leave. This may sound like an over reaction but, I don’t believe that’s the case. Top talent finds a way to be more productive and being able to seamlessly combine their personal productivity with your work productivity is a big factor for these contributors. IT needs to understand how to service these customers while keeping the data within the boundaries of their control. VDI is a start but again if all this talent wanted to use Windows then Mac OS X/iOS and Android wouldn’t be doing so well.

    1. I hate comments from people who don’t know Binary.

      1. You don’t agree with my view or I’m not clear?

  3. In large organizations, this API-fication is going to take quite a while, with all of the typical systems rresemted in a corporate environment. This is one of the forces driving adoption of the iPhone and iPad in corporate environments.

    We all agree. APIs are the right path. The battle is going to be long, and as a mobile experience designer, IT is my greatest obstacle.

    1. Completely agree. As much as i get excited with the technology innovation that is happening from a decade majority of medium to large enterprises are still working on technologies and with a mindset from a decade ago. While APIs are right path should wait and see if that ll really materialize soon enough :)


  4. Stephen Lustigson Sunday, April 8, 2012

    Great article about the future of enterprise IT. I think the greater challenge is going to be between knowledge worker and executive as to what API to build or open API app to integrate with. As consumerization continues to build, it will be up to management to get the buy in of their users before making a decision, and this decision making process is where it is going to get really interesting.

    1. Stephen, totally agree. As I just mentioned in my first comment, the main challenges with this technological innovation will be non-technical. That’s always the way! :-)

  5. Matt McLarty Sunday, April 8, 2012

    Every enterprise will vary in how they get this done, but I really feel that even thought it’s early, we’re past the tipping point. Those that figure out how to leverage their existing assets early will have a competitive advantage. The laggards will be too late. Now is the time to move to mobile. It may be more of a process challenge than a technical one (as is usually the case), but it’s very achievable. I agree with the comment about top talent: as more and more jobs are created in IT compared to other sectors, the relative value of talent increases. BYOD complemented by a suite of focused, user-amorous apps is definitely a way to engage and retain top talent. Thanks everyone for reading this article… Matt McLarty, Twitter: @MattMcLartyBC

  6. so true.

  7. Danny de Wit Monday, April 9, 2012

    Interesting take on the market. I agree completely, but we arrive at the same conclusion coming from the ‘different side'; we’ve built an cloud based OS (HTML5) based that connects to any HTML5enabled device. So the whole layer in between, in our view, will be replaced. For those interested you can find it at http://www.exvo.com.

  8. Shanghai Shunky Machinery Co.,ltd is a famous manufacturer of crushing and screening equipments in China. http://www.sandmaker.biz We provide our customers complete crushing plant, including cone crusher, jaw crusher, impact crusher, VSI sand making machine, mobile crusher and vibrating screen. http://www.shunkycrusher.com What we provide is not just the high value-added products, but also the first class service team and problems solution suggestions. Our crushers are widely used in the fundamental construction projects. The complete crushing plants are exported to Russia, Mongolia, middle Asia, Africa and other regions around the world.

  9. Troy Norcross Monday, April 9, 2012

    Nice article and I take your point the BYOD is inevitable. And when it comes to apps there is another core consideration – device and OS fragmentation. Just like developers for Android are struggling because they have to create different versions of their apps for so many different devices and Android release versions – so too will IT departments struggle.

    At the end of the day an HTML5 / cloud based service will have greater adoption and lower development/maintenance cost over native apps.

    1. Too true, my company http://atlascode.com is working to identify ways in which we can bridge the gap between fragmented devices

Comments have been disabled for this post