August 1st, 2014

Balancing Security & Developer Enablement in Enterprise Mobility: Gartner Catalyst 2014

Gartner Catalyst San Diego 2014It’s that time of year again… time for another beautiful late-summer Gartner Catalyst conference in America’s Finest City: San Diego. Aside from being my hometown, the reason San Diego is so great is that it has balance. The warm sun is balanced by the cool ocean breeze, the strong business climate is balanced by the laid-back surf culture and the delicious fish tacos are balanced by a cold Corona. Balance makes everything better. Maintaining this balance is just as important when you’re talking about mobile strategy for your enterprise; that’s why I’ll be presenting a talk titled Balancing Security & Developer Enablement in Enterprise Mobility at Catalyst.

Enterprise IT security departments have always had a somewhat adversarial relationship with application developers, even when the applications ran entirely within the intranet. Now that internal data and applications are being exposed to employees, partners and customers through a whole new breed of mobile apps, these teams could potentially clash even more often. Security architects are more concerned than ever about core principles and security standards while developers are more focused than ever on providing incredible user experience rather than worrying about internal restrictions.

I’ll be discussing how these two groups – enterprise and security architects on one side and mobile app developers on the other – can accomplish the same goals. CA’s Layer 7 API Management solutions enable the enterprise to enforce the latest security specifications to the letter, protecting against malicious (or even accidental) threats to critical systems. But at the same time, they enable mobile app developers to very quickly consume the appropriate data through secure APIs, without having to implement the client side of those cutting-edge security standards. Stop by my talk on August 12 at 12:45pm to get the details or come by the Layer 7 booth (#113) to talk in more depth about how we can bring balance to your workplace.

 

May 27th, 2014

Hybrid App Growth in the Enterprise: Lessons Learned at Gartner AADI

Gartner AADI 2014Last week, I was lucky enough to attend the latest Gartner Application Architecture, Development & Integration Summit in London. One of the key themes that emerged from this show was the need to create agile architectures for mobile apps that leverage enterprises’ backed systems. Architectural agility has long been a central concern for enterprise IT but it has taken on a new urgency with the mobile revolution. As all sorts of enterprises scramble to launch effective mobile app strategies, the issue of how to build agile architectures for the mobile domain is ever more pressing.

One of the key questions for architects charged with enabling enterprise app strategies is whether enterprises should be developing fully native mobile apps, building apps on Web standards like HTML5 or taking a hybrid approach. Based on the sessions I attended and my conversations with architects who are attempting to answer this question in the field, it is clear that each approach has its own advantages and pitfalls. The Web-centric approach enables enterprises to be quick-to-market – a significance advantage in the current climate. But HTML5 simply cannot deliver the kind of rich and seamless functionality offered by native apps.

Logically then, the hybrid approach would seem like the way to go. But even this has its disadvantages. For example, platform vendors like Apple and Google might impose more restrictive terms and conditions on hybrids. Furthermore, hybrid apps retain many of the disadvantages of a Web-centric approach. Hybrids can never deliver the full native experience users prefer and they create significant testing and security challenges. And it’s quite possible that, at some point in the future, mobile development tools could improve to the point where hybrids are no quicker or cheaper to deploy than native apps.

Nevertheless, hybrid apps have significant advantages. First and foremost, the hybrid approach turns the whole “Web-versus-native” binary into a continuum, allowing sophisticated trade-offs to be made between cost/time-to-market and functionality. Furthermore: tools to create hybrid apps are well understood and widely available; unlike pure HTML5 apps, hybrids allow a presence in the app store for marketing purposes; hybrids allow some content and features to be updated without resubmitting the app to the store.

In light of all this, it seems clear to me that the hybrid approach will have a role to play in the ongoing development of enterprise mobility. Indeed, if I remember correctly, one study I heard mentioned said that, by 2016, over half of all mobile apps deployed will be hybrids – whereas less than a quarter were just a year ago. Still, hybrid apps won’t work for every use case and my advice to architects would be to make sure your architectural approach matches the needs and resources of your organization. And whatever approach you take, make sure that it is built on a technology platform that will allow the apps to run smoothly at scale, without impacting the security or performance of backend systems.

December 10th, 2013

Layer 7 at Gartner AADI Las Vegas 2013

Gartner AADI 2013Last week, I attended the Gartner Application Architecture, Development & Integration Summit in Las Vegas for the third consecutive year. Aside from the cool alumni sticker on my attendee badge, returning annually to this conference also provides a really interesting touch-point with a familiar cross-section of potential (and existing) customers.

In past years, talking to other attendees during exhibit hours involved some amount of basic education around the value of APIs to enterprises, potential use cases and the need for security and management of those APIs. This year was a totally different experience, as there was no education necessary. Instead, I found these decision makers already informed – eager to implement or continue implementing their API strategies in order to achieve real-world mandates from their management and lines of business.

They told me about mobile initiatives requiring apps developed for customers, partners and/or employees; they talked about modernization of legacy infrastructure and a deeper embrace of hybrid cloud; they recognized the need for developer enablement and a shift toward continuous deployment. Most importantly for us, they recognized that APIs are essential to the successful deployment of each of these initiatives.

In a world quickly moving toward “software-defined everything,” they also acknowledged the importance of API security and management. Instead of asking why they would need our solution, they asked for differentiators in the marketplace and our latest innovations. I was happy to talk with them about the recently-released version 2.0 of our Mobile Access Gateway, which enables developers to focus on creating the best apps possible while maintaining an unprecedented level of end-to-end security from the native app to the enterprise datacenter.

We also talked about: advanced features in the latest releases of our Gateway and API Portal products; our unparalleled capabilities in security and integration; our recognition from analysts as leaders and innovators in the industry. And we talked about the future – what new technologies are being considered and how they’re going to transform the enterprise even further.

As 2013 comes to a close, this year is beginning to look like a turning point. This may be remembered as the year enterprises embraced the API, leading to a broad range of innovative programs. We’ve seen massive consolidation and investment in our space, including our own acquisition. APIs have certainly joined the mainstream. Now it’s time to see what great things we can help our customers accomplish. I’m really looking forward to 2014!

October 15th, 2013

Three-Peat! Layer 7 Named a Gartner MQ Leader

Gartner/Layer 7Here at CA Layer 7, we’re thrilled to once again be recognized as a Gartner Magic Quadrant Leader. The recently-published Gartner Magic Quadrant for Application Services Governance, August 2013 report takes into account capabilities in both SOA Governance and API Management. As such, it represents Gartner’s acknowledgement of the sea change APIs have created in enterprise architecture.

The document provides a valuable market survey, which covers Layer 7 along with many of the other vendors in this area. We believe Layer 7’s third straight Leader’s recognition reflects a longstanding commitment to both innovation and customer success.

We believe this report provides further evidence that there is a growing awareness of the central role APIs are now playing in enterprise architecture, while also highlighting the importance of supporting SOA Governance for large organizations. We are providing complimentary access to the Magic Quadrant here. Enjoy!

Gartner, Magic Quadrant for Application Services Governance, Paolo Malinverno et al, August 8, 2013

  • Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
November 2nd, 2012

Opening up Enterprise APIs

Written by
 

Enterprise APIsA few months back, I wrote a blog post titled “Are Open APIs Too Open for Big Business?” That post was about the challenges large businesses face when adopting an open API mentality. In it, I described the fears of brand damage and lack of control that prevent enterprises from opening up their data stores and services to the world. I also reasoned that large organizations could provide a new type of stable, trusted and highly-available API in the marketplace. Not a lot has changed over the last three months – big businesses are still absorbing the idea of open APIs and are continuing to weigh accessibility against control before taking the plunge. As before, the good news is that their reservations around control are being addressed with solutions like Layer 7′s API Management Suite, which lets them create a developer experience that will bring in the hordes while still keeping the gates secure.

The reality is that many enterprises are already taking advantage of the API wave by using open API tools and philosophies to create and mange private APIs that, in turn, power their branded mobile and browser applications. This is a good thing as it allows businesses to reach their customers and to integrate easily with smaller mobile and device development shops. Plus, it fits well with a corporate culture of control. But organizations are missing a trick if they don’t consciously explore the benefits of opening these APIs up and joining the world of platforms, developers and communities that rely on open APIs to power their applications and projects.

These are big decisions with big consequences. The success of an enterprise open API program will likely be dependent on those at the very top of the organization providing the necessary leadership and investment required for big change to happen. That takes time. In the meantime, the projects won’t stop, the need for B2B integration will continue and the consumer demand for applications on every device will grow louder and louder. In this climate, there is an immediate need for enterprises to release APIs (be they private or public) as quickly and efficiently as possible while still addressing concerns over control.

Layer 7′s new APIfy service fits perfectly in this space as it allows small teams within the enterprise to get their private or public APIs out the door with a cloud-based API Management solution. They will get all the benefits of rate limiting, controlled access and the developer-friendly portal experience that are the hallmarks of a real Web API, in a SaaS platform. The fact that it is cloud-based means that smaller groups will be able to focus on delivering the solution without diving deep into hosting and implementation details.

Amidst all the decision making, strategizing and private API launches, the steady drum beat of progress towards open APIs in the enterprise has not stopped. The idea that information and services need to be shared in order to be valuable is taking root amongst thought leaders in the mainstream technology world and is, in turn, being heard within the enterprise. For example, Gartner has just published a research article claiming that financial institutions should be investing in APIs rather than applications (with API Management technology addressing the issues around control). Just as online banking started with private connections before it eventually landed on the public Web, the big banks could shift from private API adoption to public API adoption very quickly if the market demanded it. When banks open up their services for controlled consumption, there will be little doubt that the open API era has arrived for the enterprise.

It hasn’t gotten any easier to become an open API enterprise over the last three months but it certainly isn’t becoming less important. Hopefully, continued improvements in API Management technology will make that shift just a little bit easier.