July 23rd, 2014

Paper or Plastic? Changing Paradigms & How Service Providers Can Thrive in the App Economy

Paper or PlasticPaper or plastic? It used to be a question that was a source of discussion, debate and dilemma for grocery shoppers. In a relatively short time, at least where I live, that question simply went away. For me and most folks I see at the market now, the small fee for disposable bags had a big impact on behavior. Now, it’s a matter of getting into the habit of bringing reusable bags along. For manufacturers of disposable bags, whether paper or plastic, the world changed pretty quickly.

For service providers, I’d argue a similarly fast and fundamental change is taking place, one that’s best described as “the application economy”. If you’re working for a service provider that’s still focusing on the questions of a few years ago, there’s a good chance you’re not going to be providing answers that are relevant to your customers.

Today, applications sit at the confluence of some pretty major trends – mobility, cloud and social, for starters – and these applications are becoming increasingly vital, from a strategic point of view. The quality, innovation and value that get realized through applications will play an increasingly central role in the trajectory of a business and ultimately whether there’s any future at all for that organization. While this is true in enterprises, the stakes may be even higher for service providers.

In the application economy – and our emerging world of crowdsourcing, cloud, DevOps and wearables – what role will the service provider play? I’d argue that having a well-conceived, compelling answer to that question is one of the most vital challenges confronting service providers right now.

Whether you’re working for a telecommunications service provider, managed service provider or cloud service provider, success will hinge on how you adapt to today’s new realities. Deliver services that help your customers thrive in the application economy and your business will thrive. Fail to adapt and you’ll stand to lose business, market share and relevance.

For example, if you work for a telco, the application economy can present a clear fork in the road. One path is the status quo and while mobile traffic is growing more essential, the delivery of that service is increasingly being relegated to the status of plumbing and becoming highly commoditized. The other approach is to build on your unique advantages – to deliver the APIs and integrations that put your organization at the center of application innovation.

More and more, the best way to deliver value to customers is through applications. Harness the innovations of application developers to bring value-added services to customers. Publish the APIs that enable not only internal teams but also a range of external developers to accelerate application innovation. Further, by using APIs to provide self-service access to your service offerings, your organization can boost both recurring revenues and margins.

The battle to avoid commoditization isn’t solely a challenge for telcos either. Managed service providers and cloud providers will also find themselves in an increasingly tenuous position. If they can’t deliver a compelling application-level value proposition, they will be forced to duke it out on who can offer the lowest prices. To compete, these service providers will need to deliver more value. And applications increasingly represent the lens through which customers see and define value.

If a managed service provider only focuses on a server infrastructure but can’t help customers track the actual end user experience for core business applications, its service value will be limited. For customers, differentiators like application quality, innovation and availability will grow ever more significant. Meet this demand with high-value monitoring services and your business will be well positioned to maximize its growth potential.

For cloud providers, there is a huge opportunity in helping customers get new, higher-quality applications to market – and doing so faster and more cost effectively. Application-focused offerings will empower cloud providers to move up the value chain, become increasingly interconnected with their customers and gain stronger competitive differentiation.

To learn more about the application economy – and the threats and opportunities it presents for service providers – be sure to download the white paper How the Application Economy will Make & Break Service Provider Businesses.

July 16th, 2014

The Maker Manifesto

Written by
 

The Maker ManifestoOne of the few perks of having to travel for work is the opportunity to read books (remember those?), from cover to cover, in one go. I recently had the chance to read The Maker Manifesto by Mark Hatch, the CEO of TechShop. It is one of those rare books that make you want to jump up and start “making” something (which isn’t very practical when you happen to be on an airplane, I admit). But I will talk about this more in a minute.

I’ve been struggling lately with the overbearing Internet of Things (IoT) coverage and hype. All the ingenuity and potential seems to becoming increasingly directed towards creating yet another platform for advertising. Most if not all IoT presentations start out by citing the same one or two studies talking about billions of devices and trillions of dollars just beyond the horizon (I call it the x+1 syndrome – it is always one year out). This is usually followed by promises about how this or that gadget/protocol/framework/alliance is going to liberate us from our earthly burdens like switching off lights or turning on the coffee maker.

Of course, everything is open to debate but I personally prefer my simple wall-mounted light switch over having to pull out my smart phone and tap on an app.

In these challenging moments it is refreshing to remind myself what has drawn my interest to IoT in the first place. For me, the Internet of Things is simply a term describing a much deeper and more fundamental shift in society. And this shift – or rather the anticipation of this shift – is being called the “Internet of Things” in IT circles, the “Industrial Internet” by GE and the “Fourth Industrial Revolution” (aka “Industry 4.0”) in Germany. Meanwhile, The Economist and the previously-mentioned maker movement have been throwing around the term “artisan entrepreneur”.

The common theme across all of these manifestations is that technology is democratizing the way things are made. Maker-centric technologies like 3D printing could vastly increase the number of people who have direct access to the manufacturing process – which could be truly revolutionary.

To catch a glimpse of the future, look no further than Etsy, which has made a billion-dollar-plus business from selling individually-made crafts. And for what it’s worth, Etsy’s engineering blog is one of the finest – I love their mantra “Code as Craft”.

This brings me back to The Maker Manifesto. While Mark Hatch is coming at it from a maker perspective, someone could (and maybe should) have written a very similar book from a software perspective. Cloud IT, HTML5, Javascript, Node.js, Raspberry Pi, Arduino, GitHub – these are the tools for the coming “software maker” revolution. Both books would meet where our ability to create, to make is only limited by our imagination – and where individuals will be able to provide viable alternatives to industrial-scale production. It is my conviction that the Internet of Things describes the “place” where both software and hardware makers will meet. Having skills in both areas will become key to unlocking IoT’s potential.

It’s worth noting here that Hatch points to an emerging type of company that is built on software but reliant on a physical delivery platform. This is particularly prominent in the “sharing economy” created by companies like Uber, Airbnb and Getaround. It is a demonstration of how combining software with physical things like spare rooms and idle cars can be hugely disruptive to the way real-world products and services are delivered.

You might wonder where APIs are in all this. Well, just as cloud computing commoditized access to compute and storage resources, APIs are democratizing access to all manner of data and application functionality. Organizations across the private and public sectors are using APIs to open their information assets for use by external developers. In turn, these developers are creating apps that make previously siloed corporate information assets available to a vast number and variety of people.

As new hardware and software technologies combine with IoT and the good-old-fashioned physical world, APIs will be the glue that holds everything together. And – of course – API Management technology will be there to make sure it all happens securely and efficiently.

June 27th, 2014

Drones, Phones & Pwns:
The Promise (& Dangers) of IoT APIs

DroneEarlier this month, CA Layer 7 participated in yet another great conference – this time, it was QCon New York. As a three-time QCon attendee, I have always really appreciated the level of technical knowledge displayed by attendees. At this show, it’s rare that I have to explain the basics of APIs; most attendees are already using APIs in some form or another. And even though many of them are very hands-on developers, they are savvy enough to realize when it is and isn’t appropriate to “build it yourself.”

Many of my conversations began with, “We’re exposing APIs but we don’t have a good way to manage our developer community.” Even more interesting were the ones which began, “We built our own API Management layer but it doesn’t…” There was a wide array of endings to that sentence, including “scale well,” “provide any real security” and “help our developers build applications quickly.” Security was an especially common theme as these folks are smart enough to realize they are not primarily experts at implementing OAuth-based access control or protecting APIs against structural or content-based threats. They’d rather let Layer 7 worry about the implementation and simply configure which options are relevant to their applications. And, of course, many examples of app hacks, data breaches and identity theft are in the news these days; nobody wants their company to be the next victim.

Aside from being a common theme in discussions at the show, maintaining security and privacy in an increasingly interconnected world was the theme of my talk, titled Drones, Phones & Pwns: The Promise (& Dangers) of IoT & APIs. In the first half, I discussed the recent transition of drones from military/intelligence use cases to commercial/personal use and talked about some of the cool technologies already being enabled by these and other data-gathering “things”, such as our phones. I used personal examples to show how my life and the lives of many others are made more pleasant and efficient by this connectivity and data aggregation. After delving into the broad range of use cases made possible by the Internet of Things, it was time to take a look at the other side of the coin.

The second half of my presentation was about the darker side of all the personal data flowing around the Internet and the leaking/sharing/exposure that happens with or without our awareness. I tried not to mention obscure exploits that are unlikely to ever be used; instead, I used real-world examples of glaring privacy holes in devices and apps that we use every day. Rather than simply fear mongering, I tried to make a point about the trust that people – myself included – place in the companies and entities around them. And I followed up those bits with some advice about what we can do to make our future a little less frightening.

The reaction to my presentation was pretty surprising. Even amongst a very technical audience, I still had people approaching me all day afterward, explaining that I had scared them so much they weren’t ever going to look at their phone/car/gaming console/app the same way again. For those that were already familiar with some of the examples I had given, it provided a great conversation starter about security and what sort of cultural shifts will be required to alleviate some of the more pervasive issues.

These are the types of conversations we like to have with our customers – realistic assessments of the risks and challenges encountered by enterprises opening their data and applications to customers, partners and employees, followed by specific discussion of solutions. Considering the interest our customers are showing in these discussions, we’ve decided to do an encore presentation of my conference talk for a larger audience. I’m excited to announce the Layer 7 webinar Drones, Phones & Pwns: The Promise (& Dangers) of IoT & APIs will be held on July 23 at 9am Pacific Time. Registration is now open.

Sign up for the webinar >>

June 26th, 2014

APIs in the Connected Car: APIdays San Francisco

APIdays SFToday, I’m going to share some rather opinionated thoughts about APIs and the connected car. My opinions on this subject sprang from a combination of real-world experience plus (informed) speculation and came together as I prepared a talk for APIdays San Francisco.

The connected car is widely recognized as a game changer for the automotive industry. Experts all agree that just selling cars is a thing of the past. Mobility, connectivity and in-car user-experience will be leading decision considerations for car sales. Right now, automotive manufacturers, content providers and app developers are all competing to take a leading role in the connected car space. This is a matter of survival. Winners of the competition will be richly rewarded; the losers may sink into oblivion.

Car manufacturers seem understandably determined to dominate the connected car space. But this space is inherently shared with device manufacturers, content providers and app developers. Take away any one participant and you no longer have a sustainable ecosystem. If the automotive sector is not prepared to work with and accommodate the needs of other stakeholders, then no one will win. There are three things the industry can do to make things significantly better right away.

1. Implement a Standard Hypermedia Type for Automotive APIs
Right now, every car manufacturer wants to do its own thing and sees originality as a key to differentiation. This is a fallacy. There are way too many car manufacturers for content providers and app developers to keep up with the variety. Some have suggested that all manufacturers should just deploy Android as the base OS. I personally doubt they will all be able to agree on something as fundamental as the core OS. We should shoot for something much more realistic.

This is where hypermedia comes in. The most distributed system ever built — the World Wide Web — uses a hypermedia type (HTML) as its engine. There is a great opportunity to create a hypermedia format for car APIs that will energize the space just like HTML did for the Web. I believe this format could be based on an existing, generic type such as: Uber, HAL or Siren. This would be similar to the way the Collection.Document type was created for the news media industry, based on Collection.json.

2. Adopt a Standard API Security & Identity System
The prospect of connected cars getting hacked creates enormous anxiety. But connected car security can be addressed quite simply by adopting a security framework based around compartmentalization and standards-based access control.

In this context, “compartmentalization” means that core functions of the vehicle should be highly guarded. Specifically, no third-party app should have access to core driving functions like handling and braking. Meanwhile, a standards-based access control framework like OAuth will provide secure, granular access to specific system features. This would be similar to the way mobile apps currently ask for access to other parts of the device (GPs, contacts etc.)

3. Enable App Developers
Currently, only the lucky few are able to develop apps for connected cars. Generally, these are app vendors that have formal partnerships with car manufacturers. In most cases, developers can’t even get access to API documentation without a group of lawyers signing stacks of papers. The connected car space will not develop if it remains a tightly-held, closed system. On the contrary, manufacturers must build developer communities by providing the things that developers require: documentation; self-service portals; sandboxes; SDKs etc.

But That’s Not All
These are three immediate steps that can be taken to improve the connected car space significantly but as the space develops, we will have to focus not only on immediate requirements but also on the big picture. The connected car is a special case of the Internet of Things (IoT). The context of IoT is different enough that it requires a fundamentally different approach to system design and architecture. Hopefully, I will be able to delve into this context more in future.

Another aspect of the big picture is a good deal simpler: fun. If this space is going to develop as it should, manufacturers will have to make it fun for developers to experiment with the potential of automotive connectivity.

So, have fun out there!

June 9th, 2014

Jailbreak Your APIs

Jailbreak Your APIsAt this week’s Computers, Freedom & Privacy Conference, I gave a presentation titled Jailbreak Your APIs, in which I explored the concept of “linked APIs” and explained the potential these interfaces have for helping us create a freer, more open world. The global informational overload that we are constantly exposed to, can be overwhelming but ideas like linked APIs help us remember that the explosive surge of available data also brings us beautiful things such as transparency, openness and an unprecedented feeling of global connectedness.

We’ve never felt more connected to the rest of the world than we do now. Computers, mobile devices and the Internet have brought us closer than ever before. We now take it for granted that a person can be pretty much anywhere in the world and still get a real-time, front-row view of breaking news from half-way around the globe. While this disappearance of informational boundaries has surfaced many of our most polarizing differences, we still cherish our unprecedented ability to access information because access to information has always been our most powerful weapon for defending our rights and liberties.

In this context, the White House’s Open Data Policy (part of the Open Government Initiative) is particularly exciting. Never before has the American public had so much access to government information, at all levels. And all this happens directly through the Internet, in near real-time. The ability to access this information in a timely manner is crucial – we need access to information right when it is immediately relevant to guaranteeing our freedoms. This relates to my work with CA Layer 7’s API Academy because APIs supply the core technology for facilitating timely access to data.

Recent growth in the prominence of APIs is not simply a reaction to Open Government and Open Data. The API has organically become more important in recent years, due to our increasingly mobile lifestyles. APIs are vital to mobility because they connect our mobile devices to the cloud – specifically, to the datacenters that host the information and functionality that powers our apps. APIs have played an undeniably critical role in the mobile revolution of recent years. However, for APIs to play a similar role in the Open Data revolution, we need them to become much better.

The problem with APIs right now is that most of them are, at best, creating narrow windows into solid walls surrounding siloed data. Even the biggest, most well-known APIs (such as those provided by Twitter, Facebook and Google) to a large extent, only operate on the data that is within these organizations’ own databases. And most Government APIs don’t even allow any “write” functionality – they are strictly read-only.

In that sense, most current APIs create isolated, guarded data islands. This is very “anti-Web” — the World Wide Web was created in the spirit of decentralized equal participation. On the Web, everybody publishes everywhere, owns their data and then we have ways to reach that data through hyperlinks, through Google search and other methods. APIs have not really reached that stage of maturity yet. APIs are highly centralized, in terms of data storage and virtually none of them ever link to other APIs.

We need a new breed of interfaces: linked APIs, based on the same hypermedia design that we have on the rest of the Web. Such APIs will have the biggest impact for Open Data because they will link and make connections across datasets and organizational boundaries. Linked APIs are also very scalable, so they will be best suited to meeting the challenges of Big Data. After all, the Web is the largest, most distributed network of information humankind has ever created. We know the architecture of the Web can scale and linked APIs have the exact same architecture, with hypermedia as the engine.

For freedom of data, we really need more linked APIs. We can only truly have open and free data if we jailbreak the information out of the silos it is currently stashed-away in. Linked APIs provide us with keys to the data fortresses where large aggregators currently keep data. Linked APIs can ensure that our data isn’t stashed in centralized warehouses. Linked APIs represent the engine of data freedom on the Web. Let’s get the engine cranking!