Blog Post

BYOD is unstoppable. Smart companies must build apps

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

The Bring Your Own Device (BYOD) movement has gained unstoppable momentum. And thanks to the burgeoning mobile app market, employees have high expectations for these tools. They want an attractive user experience tailored to their devices. In other words, companies need to invest in building apps, period.

During my two decades of working in enterprise IT, I’ve observed the client-server revolution, the internet explosion and the service-oriented architecture (SOA) boom. Despite all the buzz around cloud and big data, I believe mobile will dominate enterprise IT transformation over the next decade and help to shape those other two trends. Our company, Layer 7 Technologies, and competitors such as Apigee and Mashery, are providing API management solutions to support mobile integration for the consumer app market. I believe that BYOD will spark an ever greater demand for API management to address enterprise mobile apps.

I’ve seen some companies try to cut corners by pushing their existing browser-based enterprise apps out to mobile devices, and the returns are not encouraging. One electronics company Layer 7 worked with wanted to create a multi-platform mobile app for their employees, but discovered that their web security tokens were truncated on iPhones. An airline we worked with rolled out their first iPhone app and failed to get traction, because the user interface mimicked their backend green screens. These companies limited themselves by not taking advantage of the unique features of mobile devices, and employees were uninterested in using the clunky apps.

These are cautionary tales, but they have happy endings. Both companies ended up investing in the user experience. And by reusing much of their existing enterprise infrastructure, they still saved a lot of money. The electronics company fixed their mobile security protocol without replacing their access control servers. And the airline rewrote their mobile app to be more user-friendly without changing the backend enterprise application. Both companies combined their existing enterprise assets with an API management solution to create mobile-friendly APIs. These APIs powered the mobile apps with suitable security, reliability and performance.

Redrawing the borders between the presentation, logic and data tiers

These examples signal a shift in the enterprise IT landscape. During the internet explosion, applications settled on three tiers: presentation, logic and data. Because of the enabling technologies, the lines between the presentation and logic tiers frequently blurred, and a hard border was created between the logic and data tiers. For example, a web app for order processing might include business logic steps in the browser code either deliberately or by accident (if the same developer codes both tiers). With the enterprise mobile movement, I think that the tiers will remain the same.

However, I believe that the overwhelming emphasis on user experience combined with the impact of cloud and big data will now blur the line between logic and data, and the border between presentation and logic will become much more complete. That concrete border has a name: it is the API. That order process now needs to be available on the web and to a variety of mobile devices, so that the logic tier can be accessible to all channels through the API.

The API border is the new security perimeter

Because personal mobile devices cannot be trusted the same way a company-owned and managed desktop PC could be, the concrete API border is also the new security perimeter. For these reasons, an enterprise API proxy that provides secure, multi-channel access to the logic and data tiers will be valuable.

This API proxy plays a dichotomous role. It opens and eases integration with enterprise APIs, and it enforces the policies that check user identity and control access to backend resources and data. Due to the mixed personality of BYOD devices — business and pleasure — no API request message can be trusted outright. Identity must be checked using any number of principals — app, device, end user — and weighed against the requested assets.

The value proposition of the API proxy increases dramatically if it is able to map between the security protocol of choice in the mobile world, OAuth, and the existing security infrastructure in the enterprise. Web single sign-on solutions are too heavyweight for mobile devices, but their underlying policies and infrastructure can be reused in this context. The API proxy is the key to bridging the gap between the integration and security needs of the mobile devices and the existing and proven enterprise services and policies.

Companies are using the API proxy at the core of their API management solution for secure mobile app integration with their enterprise systems. A healthcare company we worked with wanted to offer an iPad-based app to collect their member data. The company was very concerned about data privacy and access control. Through the proxy, they were able to exceed the industry’s security requirements and easily reuse their enterprise applications to launch the app.

A developer-driven approach to integration

Driven by BYOD, companies are also following consumer app trends and offering API portals where developers can find out which APIs are available in the enterprise, how to connect to them, and how to establish contracts that include quotas, costs and service levels. I believe that this developer-driven approach to integration is a refreshing shift from the current SOA state and will help to improve the overall agility of enterprise IT.

Business and IT leaders who are wrestling with whether or not personal devices should be allowed in their company’s network should embrace this change. There is no stopping it, it’s already here. And there is a big upside to BYOD beyond employee satisfaction. People treat their personal mobile devices as an extension of themselves. Employee productivity improves with each new task that they can accomplish on their favorite toy and a ton of costs can be saved through reduction in paperwork and manual processing in general.

If companies turn their worries to figuring out how to engage field employees with apps that leverage 1080p resolution and LTE connectivity, they can rest assured that through API management they will have a solution that delivers on the promise and protects against the threats of the mobile future, adds immediate value to the present, and leverages the investments of the past.

Matt McLarty is vice president of client solutions for Layer 7 Technologies, a provider of API management solutions. Prior to Layer 7, Matt led technical sales for IBM application integration middleware and worked extensively as an enterprise architect in the financial service industry.

Image courtesy of Flickr user Robert Agthe.

49 Responses to “BYOD is unstoppable. Smart companies must build apps”

  1. Tom Benson


    I agree with the above comments. Also I was pleased to see you mention your competitor’s names in the article. Many posters don’t do this.

    • Matt McLarty

      Hi Tom, glad you like the article! As a former customer myself, it’s important for people to have choices. As much as we are competitors, we are also kindred spirits in the capabilities we are looking to provide.

  2. Cellrox

    Should enterprise commit to API vendors?
    Why should a company R&D team use an API? Why can’t themjust develop freely or choose any 3rd party App from the market?
    Security? correct!
    We believe that the correct solution is Multi-Persona where the Business persona is encrypted, VPNed, PROXYed and can host any native App!

    Check out (make sure you watch the demo clip)

  3. Rogerthat platform

    When companies need to support BYOD, development costs will increase inevitably through needing to support a broad range of devices.
    This is where the Rogerthat multiple choice messaging platform can bring a cost effective solution.
    Interested ? ==>

  4. Patricia Reed

    Thanks for the thought provoking article, Matt, though I lean towards Danny de Wit and Troy Norcross’s arguments that apps for enterprise functionality loses when compared with cloud-based HTML5 service. Web-based apps remove the complexity associated with disparate device platforms needed for functionality to cross multiple devices. Simpler means cheaper and more efficient, which in the Darwinian world of tech, usually wins.

    • Matt McLarty

      Hi Patricia, as I said in one of the comments, I can see HTML5 being very popular in the enterprise world, but there will still be a need for some device specifics for optimal user experience, and there is still the challenge of securing an untrusted endpoints. Thanks for reading! Matt

  5. pavelow007

    Surely the biggest obstacle to BYOD is the need for companies to retain control of their data after an employee has left the company.

    Unlike company owned devices which can be bricked as soon as the company knows the employee has left/is leaving, personal devices remain the property of the user and I’m sure the owner will be more than a little aggrieved if the company wiped the entire device in order to protect their intellectual property.

      • Romin Irani

        Agree with this. One of the challenges is going to be about accessing corporate data while on the move (and in an offline state). Companies will have a serious challenge allowing data to be offloaded on a device. The solution could possibly lie in a sort of virtualization layer on the Device, where all the company apps/data are in that virtual layer and not mixed with the employee’s apps on his/her device. Might even make it easier for the company to delete the profile/virtual layer without affecting any other stuff. Ofcourse one will need Management Tools for that also. But its going to be interesting since BYOD has a lot of momentum at this point.

  6. Corporate sceptic

    BYOD = giving your employer permission to access, examine, and in the end, wipe, YOUR device containing YOUR information. Since YOUR device will, by definition, be “on” during YOUR OWN TIME, it locks you into 24×7 contact with work. You have to be nuts to sign up for that.
    Yes, having more than one phone/laptop etc etc is annoying and inconvenient, but liberty and freedom (in all forms, major and minor) come at a price. For me, that’s a price worth paying!

    • Michael Karnes

      Agreed. It’s the question that I keep asking for the last two years… I have privacy concerns regarding BYOD. Everyone seems to be jumping on the BYOD parade, but they are blindly giving access and control of the device to their corporate management. Someday soon we are going to hear a horror story of abuse where corporate IT allowed management to access an employees personal data on their device.

      I know of one person who utilized the BYOD policy… and when she left her company they bricked her phone. She lost everything simply because she didn’t work there any more… and there was nothing she could do about it.

      I was accessing my company e-mail through my Android. It was simply for my work convenience. Last month my company put out a BYOD policy that stated I had to agree to it and install their security app on my phone (which gave them access and control). I deleted my coporate e-mail account on the device right then.

  7. Francis Carden

    Can’t argue with the intent but I can argue with why, despite this article being the goal of all of us in IT for the last 20+ years (and I include client/server in that), we keep failing?

    1. Technology keeps changing but legacy business logic does not.
    2. Good developers get bored after 18 months and move on before development is complete.
    3. Less good developers get told to rush the finish and a new legacy system is born that’s not very good.
    4. Client/Server looked better than green screens but Fat Clients went out of fashion thanks to Browser
    5. Browsers we’re weak (still are) so business logic moved to all tiers (API,’s client side logic and ESB’s etc.,)
    6. Browsers we’re weak and became “client server in disguise” – read Chrome, JavaScript, Flash, Flex, Silverlight – it’s a mess
    7. Ipads and other cool GUI’s will not solve Enterprise issues, even if the world was full of the “real” API’s…. API’s are never finished, there’s never enough to do the whole job and they themselves become legacy.

    I believe, the next success will come from the next-gen 4GL (I don’t know which one, or even if there is one) but a 4GL, built on new technically, truly separating all the layers (as raised in this article and the many more needed), will mean – TRUE, rich, flexible Enterprise applications will be able to become – Super Cool… Easy to use and work to the full demands of the entire enterprise – don’t hold you breath!

  8. Joe Cñr

    Hmm , , guess I would observe that Google doesn’t seem to have a support number that I can find, much less a workable support network. No WONDER they make so much dough. (O;

    If this BYOD movement is genuinely off-the-chain, it’s not Apps that we need [first and foremost].

    Google gotta go as a middleman – at least in its current incarnation, if not altogether. And if the Big G -does- adapt, look for their stock price to . . ahem . . plummet . . at least for a good while.

    Of course, if you have a better way to sync everything everywhere, sans a USB cable or an army of privately held gear dedicated to the task, then you might be the next King/Queen of the Hill.


  9. David Bressler


    Nicely said. Didn’t realize you guys were positioning in that space.

    The big insight that you point out at the end of paragraph 3: “Employees were uninterested in using the clunky apps.”

    Since when can business users choose NOT to use something at work that they don’t like? This is becoming acceptable as a result of the “better” technology solutions people experience in non-IT environments. I do it myself, in fact. This attitude will change the way IT (or at least, a good IT department) delivers services. They can no longer shove solutions down people’s throats if people can decide not to use them.


    • Matt McLarty

      Hi David,

      Thanks! Passive resistance is a major cash drain in large organizations. Historically, this was hard to observe and harder to measure. I believe that the social element to the mobile revolution will make it much more apparent when an enterprise app has become an epic fail, and the company will be much more sensitized to this. This will not prevent some companies from trying to shove the wrong apps down their employees’ throats, but it will certainly reward the companies that pay respect to their employees’ wishes.

      And in the last year and a half, we’ve seen overwhelming growth in our business as a result of API Management. We just launched a specific API Portal product.

    • Richard Rabins

      I was struck by the same thing as David – i.e. Since when can business users choose NOT to use something at work that they don’t like?

      “This is becoming acceptable as a result of the “better” technology solutions people experience in non-IT environments. I do it myself, in fact. This attitude will change the way IT (or at least, a good IT department) delivers services. They can no longer shove solutions down people’s throats if people can decide not to use them.”

      Do other agree that we are in the middle of a fundamental transition where IT has to become way more responsive to users.

      If this is the case we are going to need to see more attention paid to cutting the time taken to build these modern mobile apps for business to cater to the BYOD generation.

      I touch of humor – when I first learnt of the term BYOD, I was hoping it meant Bring Your Own Dog to work:)

      Richard Rabins

      Here are pictures of my dog Clifton who I bring to work and who has the distinction of being in charge of “sniff testing”

  10. Matt McLarty

    I believe HTML5 will see greater adoption in enterprise as companies seek to minimize the rework they have to do on each app platform, but I still think the user experience demands of the mobile paradigm will mandate the need for device-specific (i.e. platform-enabled) features. Furthermore, HTML5 itself still allows for and encourages API calls under the covers. Lastly, regardless of the app architecture, BYOD means personal devices in the workplace and that still equates to untrusted components outside the perimeter, even if they’re an access mechanism.

    Really appreciate everyone’s comments so far! Well, except for the spammers… :-)

  11. This was a great introduction to the *real* article of how to actually implement the topics you introduced. Feel free to go into as much depth as you want.

  12. Ideally, mobile should exactly mirror existing resources, including the UIs of each device, and there are several companies that are making this possible with a cloud-based approach. The 451 Group just released a report that covered this segment of the market, and the conclusions were positive.

    One of the companies in the study (Webalo) lets companies connect users to the exact enterprise data and functionality they want, then automatically maps that through a proxy server to match the UI of Android, Apple, BlackBerry, and Windows phone devices. The enterprise security protocols are maintained, additional encryption is added during transmission, data can be set to persist on the device or to expire, and remote management of devices can be handled through BES or a third party tool.

    What users see on their smartphones and tablets won’t have the high-end graphics offered by companies like Roambi, which is included in the report, but they will be able to access far more than the BI data that Roambi handles — anything from IBM, SAP, Oracle, Microsoft, or any other enterprise or in-house software. Yet, from a TCO perspective, mobile devices don’t have to keep scaling up their storage as the number of mobile apps grows because, with Webalo at least, every enterprise-to-mobile capability runs through a single mobile app that’s available through the respective app stores.

    From IT’s perspective, the API issue goes away, as does the need to utilize skilled IT staff to create the mobile connections because, instead of relying on the SDKs and IDEs of MEAPs, configuration’s done through a web page; all you have to know is the location of the resources (which, admittedly, may be something that IT knows best but that a non-IT employee could probably learn — the server that houses a database or the query string for a lookup, for instance).

    I can imagine that, if I were able to access the financial, inventory, sales, and scheduling data I use through a tablet or a smartphone instead of a laptop, I’d consider that progress. And if IT “can configure the enterprise integration in minutes, in real time,” according to the 451 report, then development bottlenecks could, potentially, disappear.

  13. Chris St Clair

    Interesting, and I suspect that for non-IT-intensive users this is likely to be the way to go – services delivered seamlessly through a common channel irrespective of end device.

    What is interesting though is that I know of at least one large (10,000+ employee) organisation which was looking into this but scrapped the whole idea, mainly because they felt it was too difficult!

  14. Troy Norcross

    Nice article and I take your point the BYOD is inevitable. And when it comes to apps there is another core consideration – device and OS fragmentation. Just like developers for Android are struggling because they have to create different versions of their apps for so many different devices and Android release versions – so too will IT departments struggle.

    At the end of the day an HTML5 / cloud based service will have greater adoption and lower development/maintenance cost over native apps.

  15. Shanghai Shunky Machinery Co.,ltd is a famous manufacturer of crushing and screening equipments in China. We provide our customers complete crushing plant, including cone crusher, jaw crusher, impact crusher, VSI sand making machine, mobile crusher and vibrating screen. What we provide is not just the high value-added products, but also the first class service team and problems solution suggestions. Our crushers are widely used in the fundamental construction projects. The complete crushing plants are exported to Russia, Mongolia, middle Asia, Africa and other regions around the world.

  16. Danny de Wit

    Interesting take on the market. I agree completely, but we arrive at the same conclusion coming from the ‘different side’; we’ve built an cloud based OS (HTML5) based that connects to any HTML5enabled device. So the whole layer in between, in our view, will be replaced. For those interested you can find it at

  17. Matt McLarty

    Every enterprise will vary in how they get this done, but I really feel that even thought it’s early, we’re past the tipping point. Those that figure out how to leverage their existing assets early will have a competitive advantage. The laggards will be too late. Now is the time to move to mobile. It may be more of a process challenge than a technical one (as is usually the case), but it’s very achievable. I agree with the comment about top talent: as more and more jobs are created in IT compared to other sectors, the relative value of talent increases. BYOD complemented by a suite of focused, user-amorous apps is definitely a way to engage and retain top talent. Thanks everyone for reading this article… Matt McLarty, Twitter: @MattMcLartyBC

  18. Stephen Lustigson

    Great article about the future of enterprise IT. I think the greater challenge is going to be between knowledge worker and executive as to what API to build or open API app to integrate with. As consumerization continues to build, it will be up to management to get the buy in of their users before making a decision, and this decision making process is where it is going to get really interesting.

    • Matt McLarty

      Stephen, totally agree. As I just mentioned in my first comment, the main challenges with this technological innovation will be non-technical. That’s always the way! :-)

  19. Nicholas

    In large organizations, this API-fication is going to take quite a while, with all of the typical systems rresemted in a corporate environment. This is one of the forces driving adoption of the iPhone and iPad in corporate environments.

    We all agree. APIs are the right path. The battle is going to be long, and as a mobile experience designer, IT is my greatest obstacle.

    • Sudheer Raju

      Completely agree. As much as i get excited with the technology innovation that is happening from a decade majority of medium to large enterprises are still working on technologies and with a mindset from a decade ago. While APIs are right path should wait and see if that ll really materialize soon enough :)

  20. Reblogged this on Virtualized Geek Blog and commented:
    I talked about this a couple months ago on The above comment talked about Citrix which is a good start but ultimately organizations need to focus on cloud type services. This doesn’t mean public cloud solutions such as Salesforce but the idea is the same. The applications need to be web based and support multiple browsers. Users will bring their own devices if they are approved or not by IT.

    This will soon become an issue for retaining top talent. Top talent will want to utilize their own technology in the way that they want or leave. This may sound like an over reaction but, I don’t believe that’s the case. Top talent finds a way to be more productive and being able to seamlessly combine their personal productivity with your work productivity is a big factor for these contributors. IT needs to understand how to service these customers while keeping the data within the boundaries of their control. VDI is a start but again if all this talent wanted to use Windows then Mac OS X/iOS and Android wouldn’t be doing so well.

  21. Sad, but my company just took a step back ten years this week. We were a small company originally, very mobile IT engIneering and sales teams. If you ever came to our offices it would be a ghost town during the day if everyone was busy out on client sites. We had Citrix for access back to the office, an allowance to get whatever data plan we wanted, provided light weight laptops, and all our apps were available by remote. Then we got bought by a much bigger company. Easier to kill of our systems and move us into the collective. Now my laptop is a shitty dell that weighs a ton, and our time sheet system now only works with IE, so my iPad now can no longer work seamlessly, so I HAVE to take my laptop with me, and our office communicator system now only works on the corporate network.
    No companies have to support BYOD, but it does make it feel like ten years ago with out it. 8(