John Hawley

John is Senior Director of Security Strategy for CA Technologies. He has been working in the security sector for 15 years and is a frequent speaker at security-focused conferences and events, often discussing how to leverage innovative identity and access management (IAM) capabilities to accelerate the business.

July 17th, 2013

Secure APIs: The Road to Business Growth

CA Technologies Mobile SolutionsBusinesses today are under intense pressure to reach new customers, collaborate with new partners and build new mobile apps that transform business processes.

If you’re a bank, you might want to sign customers up using a tablet on the street corner. If you’re servicing cell phone towers, you might want a technician’s tablet or cell phone to know his location, open the right support ticket and send him the proper documentation for that work site. If you’re selling to end customers, you want to give them exactly the information they need, when they need it, on whatever device they choose, when they’re ready to buy.

But when the business comes to IT for such applications, we often tell them “no” – or, at least, “not now.” One reason is that IT is short on developers. But IT’s hesitance also stems from an appropriate concern with issues like access control or the possibility that backend systems might crash under the load from mobile applications or the cost of converting data for these new services and devices. As we learned from connecting our backend systems to the Web, adding a new platform can mean a profound change in how these systems are used – instead of checking a flight once when the travel agent makes a reservation, people now check on-flight information dozens of times as they search for the best flight on the Web or check their mobile phones to see whether Grandma’s flight has arrived yet.

IT can help meet these needs if we realize the business is not asking for a series of huge new standalone apps. What it’s asking for is the ability to experiment, to try a lot of new ideas quickly and at low enough risk and cost that even if some ideas fail, that’s still okay – as long as one or two succeed in a big way. As Linus Pauling put it, “If you want to have good ideas you must have many ideas. Most of them will be wrong and what you have to learn is which ones to throw away.”

Such experimentation is often impossible in-house and not just because of a lack of the skills. The hand-coding process used in most organizations today forces them to build the same app multiple times, once for the browser, once for mobile, once for Google Glass or whatever the next platform is. That not only delays deployment, it also increases cost and risk so much that experimentation in the business is not possible.

But secure APIs can make that experimentation possible. Here’s how.

Secure APIs provide a single gateway for developers from smaller companies that are in your organization’s “ecosystem” to access and monetize the backend systems, databases and information that are your core assets. If you can support outside developers in creating great apps for you, you avoid grinding out that code yourself. That makes you much more agile and reduces your cost and delivery times. It also lets you tap outside developers if you need help in a new or emerging area, such as a Google Glasses app or Big Data or for a short-lived app like one that works with a Super Bowl promotion.

In addition, outside developers might see ways to monetize your internal systems that you cannot. They might come up with, say, a social banking app that builds brand loyalty by using a customer’s social group to encourage her to contribute to a retirement account. They might develop a branded pedometer app for a health plan to track a member’s exercise routine. This is no different than when Twitter or any other social media platform lets third-party developers connect to their information systems, delivering revenue in ways the business might never have imagined.

Organizations taking advantage of this market opportunity are building on a platform that allows them to abstract security and data transformation tasks into a technology layer purpose built to enable this innovation. Think of this as a mobility Gateway that streamlines development and reduces risk by eliminating the need to write everything from security to access control, caching and load management for every application. If those functions are delivered from the Gateway, developers can focus on quick revisions of the front-end application to go after those potential big market wins.

At CA Technologies, we are now providing such a secure Gateway, following our acquisition of Layer 7. The Layer 7 technology provides a secure Gateway that sits in front of your backend systems, exposing them via simple and secure APIs. It provides everything from identity verification to caching through a single security and IT optimization layer, giving developers – and the business – the freedom to experiment and innovate.

The way to build out your APIs is to start slowly using budget from individual projects but keeping the long-term architecture in mind. Don’t try selling it to the business in terms of APIs, caching and security layers. Instead, tell it how you’re giving it the ability to rapidly and securely experiment with new business models at low cost. Talk about how you’re letting it roll out a new mobile application more quickly or giving an outside developer the tools to find a new route to market for you.

We’re seeing that customers who build APIs, not applications, are leveraging the creativity of a world of clever developers. What challenges and rewards have you found on your API journey?