August 8th, 2014

Notes from the W3C Workshop on the Web of Things

W3C LogoAt the end of June, I had the opportunity to attend the W3C Workshop on the Web of Things, in Berlin. I saw some fascinating presentations and had some equally engaging one-to-one conversations. This was a great opportunity to learn about some new innovations around connected devices and the Internet of Things.

In particular, I was very intrigued by the WAMP Protocol, which I had not heard about before attending the workshop. I subsequently contacted Tobias Eberstein from Tavendo, who is one of the key maintainers of WAMP. We had a very interesting conversation about some of WAMP’s unique concepts, which I will talk about more in a future blog post.

In the meantime, here is a quick summary of my notes from the presentations I attended and the conversations I had at the workshop. If you would like to get more information on any of the emerging technologies outlined below, you can view some of the workshop presentations here and here.

Siemens Smart Grid
Siemens has chosen to use the XMPP messaging protocol as the standard for its smart grid technology. XMPP is being used because IoT, like online messaging, is based on distributed collaboration, in real-time, spanning multiple domains. In this sense, IoT is fundamentally closer to social media than it is to SOA-style Web services.

Siemens Connected Car Authentication
Siemens also presented an IoT authentication method, using the connected car as its real-world example. In this method, security concerns are separated between a Web API server and the car’s backend server. Client apps communicate with the car indirectly, via the API server. Sensitive vehicle data cannot be accessed directly via the API server.

EXI for Long-Lived Connected Things
Waste could be a serious problem in IoT. With billions of connected devices, we can’t afford to have anything becoming obsolete too quickly – ideally any given device should last at least five years. The Efficient XML Interchange (EXI) format addresses this by using XML schema to enable binary coding for extensible message formats.

Echonet Lite for Client-Side Energy Demand Management
The Echnonet Lite protocol allows smart meters to communicate with home appliances, enabling smart home energy management. Echnonet Lite is UDP-based and has more than 80 device models defined. It is already widely used in Japan and is starting to gain significant traction outside the Asia-Pacific region.

Sony Web API Server
Sony is working on a Web API server for the Android platform, using the previously-mentioned WAMP protocol. WAMP, which is essentially a sub-protocol of WebSocket, combines RPC-style and SubPub semantics.

IBM NodeRED
IBM’s NodeRED is an integrated development and runtime environment based on node.js. In the NodeRED environment, it is possible to design integration flows without resorting to code, by graphically snapping together components. NodeRed also allows the use of JavaScript to act on or transform data in flows.

August 1st, 2014

Balancing Security & Developer Enablement in Enterprise Mobility: Gartner Catalyst 2014

Gartner Catalyst San Diego 2014It’s that time of year again… time for another beautiful late-summer Gartner Catalyst conference in America’s Finest City: San Diego. Aside from being my hometown, the reason San Diego is so great is that it has balance. The warm sun is balanced by the cool ocean breeze, the strong business climate is balanced by the laid-back surf culture and the delicious fish tacos are balanced by a cold Corona. Balance makes everything better. Maintaining this balance is just as important when you’re talking about mobile strategy for your enterprise; that’s why I’ll be presenting a talk titled Balancing Security & Developer Enablement in Enterprise Mobility at Catalyst.

Enterprise IT security departments have always had a somewhat adversarial relationship with application developers, even when the applications ran entirely within the intranet. Now that internal data and applications are being exposed to employees, partners and customers through a whole new breed of mobile apps, these teams could potentially clash even more often. Security architects are more concerned than ever about core principles and security standards while developers are more focused than ever on providing incredible user experience rather than worrying about internal restrictions.

I’ll be discussing how these two groups – enterprise and security architects on one side and mobile app developers on the other – can accomplish the same goals. CA’s Layer 7 API Management solutions enable the enterprise to enforce the latest security specifications to the letter, protecting against malicious (or even accidental) threats to critical systems. But at the same time, they enable mobile app developers to very quickly consume the appropriate data through secure APIs, without having to implement the client side of those cutting-edge security standards. Stop by my talk on August 12 at 12:45pm to get the details or come by the Layer 7 booth (#113) to talk in more depth about how we can bring balance to your workplace.

 

July 23rd, 2014

Paper or Plastic? Changing Paradigms & How Service Providers Can Thrive in the App Economy

Paper or PlasticPaper or plastic? It used to be a question that was a source of discussion, debate and dilemma for grocery shoppers. In a relatively short time, at least where I live, that question simply went away. For me and most folks I see at the market now, the small fee for disposable bags had a big impact on behavior. Now, it’s a matter of getting into the habit of bringing reusable bags along. For manufacturers of disposable bags, whether paper or plastic, the world changed pretty quickly.

For service providers, I’d argue a similarly fast and fundamental change is taking place, one that’s best described as “the application economy”. If you’re working for a service provider that’s still focusing on the questions of a few years ago, there’s a good chance you’re not going to be providing answers that are relevant to your customers.

Today, applications sit at the confluence of some pretty major trends – mobility, cloud and social, for starters – and these applications are becoming increasingly vital, from a strategic point of view. The quality, innovation and value that get realized through applications will play an increasingly central role in the trajectory of a business and ultimately whether there’s any future at all for that organization. While this is true in enterprises, the stakes may be even higher for service providers.

In the application economy – and our emerging world of crowdsourcing, cloud, DevOps and wearables – what role will the service provider play? I’d argue that having a well-conceived, compelling answer to that question is one of the most vital challenges confronting service providers right now.

Whether you’re working for a telecommunications service provider, managed service provider or cloud service provider, success will hinge on how you adapt to today’s new realities. Deliver services that help your customers thrive in the application economy and your business will thrive. Fail to adapt and you’ll stand to lose business, market share and relevance.

For example, if you work for a telco, the application economy can present a clear fork in the road. One path is the status quo and while mobile traffic is growing more essential, the delivery of that service is increasingly being relegated to the status of plumbing and becoming highly commoditized. The other approach is to build on your unique advantages – to deliver the APIs and integrations that put your organization at the center of application innovation.

More and more, the best way to deliver value to customers is through applications. Harness the innovations of application developers to bring value-added services to customers. Publish the APIs that enable not only internal teams but also a range of external developers to accelerate application innovation. Further, by using APIs to provide self-service access to your service offerings, your organization can boost both recurring revenues and margins.

The battle to avoid commoditization isn’t solely a challenge for telcos either. Managed service providers and cloud providers will also find themselves in an increasingly tenuous position. If they can’t deliver a compelling application-level value proposition, they will be forced to duke it out on who can offer the lowest prices. To compete, these service providers will need to deliver more value. And applications increasingly represent the lens through which customers see and define value.

If a managed service provider only focuses on a server infrastructure but can’t help customers track the actual end user experience for core business applications, its service value will be limited. For customers, differentiators like application quality, innovation and availability will grow ever more significant. Meet this demand with high-value monitoring services and your business will be well positioned to maximize its growth potential.

For cloud providers, there is a huge opportunity in helping customers get new, higher-quality applications to market – and doing so faster and more cost effectively. Application-focused offerings will empower cloud providers to move up the value chain, become increasingly interconnected with their customers and gain stronger competitive differentiation.

To learn more about the application economy – and the threats and opportunities it presents for service providers – be sure to download the white paper How the Application Economy will Make & Break Service Provider Businesses.

July 16th, 2014

The Maker Manifesto

Written by
 

The Maker ManifestoOne of the few perks of having to travel for work is the opportunity to read books (remember those?), from cover to cover, in one go. I recently had the chance to read The Maker Manifesto by Mark Hatch, the CEO of TechShop. It is one of those rare books that make you want to jump up and start “making” something (which isn’t very practical when you happen to be on an airplane, I admit). But I will talk about this more in a minute.

I’ve been struggling lately with the overbearing Internet of Things (IoT) coverage and hype. All the ingenuity and potential seems to becoming increasingly directed towards creating yet another platform for advertising. Most if not all IoT presentations start out by citing the same one or two studies talking about billions of devices and trillions of dollars just beyond the horizon (I call it the x+1 syndrome – it is always one year out). This is usually followed by promises about how this or that gadget/protocol/framework/alliance is going to liberate us from our earthly burdens like switching off lights or turning on the coffee maker.

Of course, everything is open to debate but I personally prefer my simple wall-mounted light switch over having to pull out my smart phone and tap on an app.

In these challenging moments it is refreshing to remind myself what has drawn my interest to IoT in the first place. For me, the Internet of Things is simply a term describing a much deeper and more fundamental shift in society. And this shift – or rather the anticipation of this shift – is being called the “Internet of Things” in IT circles, the “Industrial Internet” by GE and the “Fourth Industrial Revolution” (aka “Industry 4.0”) in Germany. Meanwhile, The Economist and the previously-mentioned maker movement have been throwing around the term “artisan entrepreneur”.

The common theme across all of these manifestations is that technology is democratizing the way things are made. Maker-centric technologies like 3D printing could vastly increase the number of people who have direct access to the manufacturing process – which could be truly revolutionary.

To catch a glimpse of the future, look no further than Etsy, which has made a billion-dollar-plus business from selling individually-made crafts. And for what it’s worth, Etsy’s engineering blog is one of the finest – I love their mantra “Code as Craft”.

This brings me back to The Maker Manifesto. While Mark Hatch is coming at it from a maker perspective, someone could (and maybe should) have written a very similar book from a software perspective. Cloud IT, HTML5, Javascript, Node.js, Raspberry Pi, Arduino, GitHub – these are the tools for the coming “software maker” revolution. Both books would meet where our ability to create, to make is only limited by our imagination – and where individuals will be able to provide viable alternatives to industrial-scale production. It is my conviction that the Internet of Things describes the “place” where both software and hardware makers will meet. Having skills in both areas will become key to unlocking IoT’s potential.

It’s worth noting here that Hatch points to an emerging type of company that is built on software but reliant on a physical delivery platform. This is particularly prominent in the “sharing economy” created by companies like Uber, Airbnb and Getaround. It is a demonstration of how combining software with physical things like spare rooms and idle cars can be hugely disruptive to the way real-world products and services are delivered.

You might wonder where APIs are in all this. Well, just as cloud computing commoditized access to compute and storage resources, APIs are democratizing access to all manner of data and application functionality. Organizations across the private and public sectors are using APIs to open their information assets for use by external developers. In turn, these developers are creating apps that make previously siloed corporate information assets available to a vast number and variety of people.

As new hardware and software technologies combine with IoT and the good-old-fashioned physical world, APIs will be the glue that holds everything together. And – of course – API Management technology will be there to make sure it all happens securely and efficiently.

June 27th, 2014

Drones, Phones & Pwns:
The Promise (& Dangers) of IoT APIs

DroneEarlier this month, CA Layer 7 participated in yet another great conference – this time, it was QCon New York. As a three-time QCon attendee, I have always really appreciated the level of technical knowledge displayed by attendees. At this show, it’s rare that I have to explain the basics of APIs; most attendees are already using APIs in some form or another. And even though many of them are very hands-on developers, they are savvy enough to realize when it is and isn’t appropriate to “build it yourself.”

Many of my conversations began with, “We’re exposing APIs but we don’t have a good way to manage our developer community.” Even more interesting were the ones which began, “We built our own API Management layer but it doesn’t…” There was a wide array of endings to that sentence, including “scale well,” “provide any real security” and “help our developers build applications quickly.” Security was an especially common theme as these folks are smart enough to realize they are not primarily experts at implementing OAuth-based access control or protecting APIs against structural or content-based threats. They’d rather let Layer 7 worry about the implementation and simply configure which options are relevant to their applications. And, of course, many examples of app hacks, data breaches and identity theft are in the news these days; nobody wants their company to be the next victim.

Aside from being a common theme in discussions at the show, maintaining security and privacy in an increasingly interconnected world was the theme of my talk, titled Drones, Phones & Pwns: The Promise (& Dangers) of IoT & APIs. In the first half, I discussed the recent transition of drones from military/intelligence use cases to commercial/personal use and talked about some of the cool technologies already being enabled by these and other data-gathering “things”, such as our phones. I used personal examples to show how my life and the lives of many others are made more pleasant and efficient by this connectivity and data aggregation. After delving into the broad range of use cases made possible by the Internet of Things, it was time to take a look at the other side of the coin.

The second half of my presentation was about the darker side of all the personal data flowing around the Internet and the leaking/sharing/exposure that happens with or without our awareness. I tried not to mention obscure exploits that are unlikely to ever be used; instead, I used real-world examples of glaring privacy holes in devices and apps that we use every day. Rather than simply fear mongering, I tried to make a point about the trust that people – myself included – place in the companies and entities around them. And I followed up those bits with some advice about what we can do to make our future a little less frightening.

The reaction to my presentation was pretty surprising. Even amongst a very technical audience, I still had people approaching me all day afterward, explaining that I had scared them so much they weren’t ever going to look at their phone/car/gaming console/app the same way again. For those that were already familiar with some of the examples I had given, it provided a great conversation starter about security and what sort of cultural shifts will be required to alleviate some of the more pervasive issues.

These are the types of conversations we like to have with our customers – realistic assessments of the risks and challenges encountered by enterprises opening their data and applications to customers, partners and employees, followed by specific discussion of solutions. Considering the interest our customers are showing in these discussions, we’ve decided to do an encore presentation of my conference talk for a larger audience. I’m excited to announce the Layer 7 webinar Drones, Phones & Pwns: The Promise (& Dangers) of IoT & APIs will be held on July 23 at 9am Pacific Time. Registration is now open.

Sign up for the webinar >>