IT shops that want to support a mobile workforce without ripping and replacing legacy infrastructure to do it can use new middleware appliances known as mobile Backend as a Service.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Mobile Backend as a Service (MBaaS) vendors such as Apigee Corp., StackMob Inc. and Layer7 Technologies provide prebuilt appliances that connect mobile applications to an organization's existing data repositories through application programming interfaces (APIs). Other vendors in this burgeoning mobile technology niche offer customers the ability to build custom apps alongside managing database connectors from companies such as Xamarin Inc. and FileMaker Inc.
"Any time we go into an organization and the service layer that sits between the databases and what will be a mobile app isn't there, we immediately put a pause on things," said Matt Bridges, chief technology officer for Intrepid Pursuits, a Cambridge, Mass.-based mobile app development shop.
Intrepid has worked with organizations that don't understand which data will be used by employees on a mobile device, how the mobile app will access that data and how the organization will properly secure access to that data in transit, Bridges said. "The front end of the app is what gets all the attention, but you can't just jump into mobile without understanding the intention behind the tool," he said. "That service layer for exposing data is the critical component for enabling mobility."
Mobile Backend as a Service bridges back-end business processes and mobility
The middleware layer that exposes on-premises APIs also allows application developers to use public APIs from such cloud services as Google's mapping technology to build out tools much faster than they would otherwise, said Stefan Rust, CEO of Exicon, a Hong Kong-based mobile application lifecycle vendor.
More on mobile Backend as a Service
Frequently asked questions about BaaS
Users, players and trends: Backend as a Service
The Spillers Group, a company in Dallas that manages three large restaurants, sought a way to push performance metrics stored on spreadsheets in Google Drive out to employees at each location. Spillers piloted Roambi, MeLLmo Inc.'s mobile business app that uses a database connector to pull information and deliver it to mobile devices in a visually appealing way. After deploying Roambi, the restaurant group saw a 10% savings in labor and food costs, according to Shane Spillers, co-founder of the Spillers Group. "We're able to reallocate resources much faster because we have a mobile tool that takes advantage of all the data metrics we're generating," he said. Previously, he generated PDFs at the end of every month. By automating and mobilizing that same business process, he can get the necessary data into the hands of his decision makers within two or three days.
Organizations like Spillers Group can enable mobility simply by identifying existing business processes, writing mobile applications for that process and combining it with an API back into the database, said Benjamin Robbins, principal at Palador Inc., a mobile consulting firm based in Seattle.
MBaaS version control and security
While MBaaS can aid enterprise mobility, there are snags that IT should prepare for when using this type of middleware.
Version control can be problematic when such third-party vendors as Google or Salesforce.com update their APIs or when organizations update their own APIs.
DevOps teams need to make sure the updated APIs don't break the system and the mobile apps before deploying them, said Mark O'Neill, founder and chief technology officer at Vordel Inc., an API management vendor based in Boston. APIs are also a common avenue for hackers to harvest data for private information, perform denial-of-service attacks on the network, and cause other security problems, he said. "The more lines of code an API has, the more difficult it is to secure it," he added.
Developers can protect APIs with Secure Sockets Layer encryption and client-side certificates, or even by requiring, for instance, that request signatures need a timestamp.