Consumerisation is unstoppable

Businesses must build mobile apps in the wake of the BYOD trend, says Matt McLarty

The bring-your-own-device (BYOD) trend has gained momentum, and it is now unstoppable. Thanks to the burgeoning of mobile apps, employees have high expectations for these devices, so companies need to invest in building apps.

Over 20 years in enterprise IT, have observed the client-server revolution, the internet explosion and the service-oriented architecture (SOA) boom. Despite all the buzz around cloud and big data, I believe mobile will dominate enterprise IT transformation over the next decade and help to shape those other two trends.

Some companies try to cut corners by pushing their existing browser-based enterprise apps out to mobile devices, and the returns are not encouraging. Web security tokens can be truncated by the iPhone, for example, or a mobile app may have a user interface that causes problems with what they are already using.

Investing in the user experience and reusing existing enterprise infrastructure, enabling savings, can be key.

During the internet explosion, applications settled into three tiers: presentation, logic, and data. Because of the enabling technologies, the lines between the presentation and logic tiers frequently became blurred, and a hard border was created between the logic and data tiers.

For example, a web app for order processing might include business logic steps in the browser code either deliberately or by accident (if the same developer codes both tiers). With enterprise mobility, the tiers will remain the same.

However, the overwhelming emphasis on user experience combined with the impact of cloud and big data will now blur the line between logic and data, and the border between presentation and logic will become much more defined. That concrete border has a name: it is the API.

That order process now needs to be available on the web and to a variety of mobile devices, so the logic tier can be accessible to all channels through the API. And because personal mobile devices cannot be trusted the same way a company-owned and managed desktop PC might be, the concrete API border is also the new security perimeter.

For these reasons, an enterprise API proxy that provides secure, multi-channel access to the logic and data tiers will be valuable.

Such an API proxy both opens and eases integration with enterprise APIs and enforces the policies that check user identity and control access to back-end resources and data.

Due to the split personality of BYOD devices – used for both business and pleasure – no API request message can be trusted outright. Identities must be checked using app, device, or end user and weighed against the requested assets.

If the API proxy can map between mobile security protocol OAuth and the existing security infrastructure in the enterprise, it is more valuable. Web single-sign-on solutions are too heavy for mobile devices, but their underlying policies and infrastructure can be reused in this context.

The API proxy is the key to bridging the gap between the integration or security needs of the mobile devices and proven enterprise services or policies. Companies are using it at the core of their API management.

Firms are also following consumer app trends and offering portals where developers can find out which APIs are available in the enterprise, how to connect to them, and how to establish contracts that include quotas, costs and service levels. This developer-driven approach to integration is a refreshing change from the SOA state and will help make enterprise IT more agile.

And there is an upside to BYOD beyond employee satisfaction. Many people treat their personal mobile devices as an extension of themselves. Employee productivity may improve with each new task that they can accomplish on their favourite toy, potentially enabling savings in paperwork and manual processing in general.

Matt McLarty is vice president of client solutions at Layer 7 Technologies