News Stay informed about the latest enterprise technology news and product updates.

Backend as a Service: Reap the benefits, master the challenges

In this Q & A, Gartner Research Director Gordon Van Huizen discusses Backend as a Service (BaaS) trends with contributor Peter Schooff.

In this Q&A, Gartner Research Director Gordon Van Huizen, a specialist in mobile application development, discusses Backend as a Service (BaaS) trends and issues with contributor Peter Schooff. Their conversation has been edited for clarity and editorial style.

First, can you just give us a quick overview of Backend as a Service?

Gordon Van Huizen: Sure. When we talk about mobile application development, we often focus on the mobile device itself, and the trade-off of things like HTML 5 versus native occupies a lot of the conversation. But most mobile applications also require resources on the other side of the network: a place to store data, means for managing users, support for push notifications and things like leveraging geolocation services.

In fact, building a fully featured mobile app often depends on the ability to support these back-end capabilities. In response to that need, a new class of Platform as a Service [PaaS] has emerged that many in the market referred to as Backend as a Service because these offerings provide the required back-end capabilities in a cloud-hosted model.

They're often accessible via Web [application program interfaces (APIs,)] but Web APIs are also typically accompanied by [software developer's kits (SDKs)] for popular mobile device platforms like iOS and Android. And using these SDKs, the cloud services provide one common back end that's usable across applications written for multiple device platforms.

Many of the offerings are provided by smaller vendors, either as standalone offerings or as part of a broader mobile application platform. But some larger players are also getting into the game, such as Microsoft offering Azure Mobile Services. entered the arena very recently, a few months back. And, interestingly, Facebook recently acquired a small company called Parse that was one of the leading brands, if you will, one of the more visible players in the mobile Backend as a Service arena.

Very interesting that Facebook has gotten in on it. What would you say are the significant advantages of Backend as a Service?

Van Huizen: To me, the advantages stem from several different areas. First, these cloud mobile back-end services provide prebuilt out-of-the-box capabilities that would otherwise require, perhaps, a significant amount of custom development configuration in the case of push notifications, setting up multiple push-notification servers to deal with both Android and iOS, etc.

The low cost of entry for Backend as a Service can be seductive and somewhat deceptive.

Gordon Van Huizen, Gartner Inc.

But, as with many forms of cloud service, they unburden the application provider, the person deploying the mobile application, from buying, configuring and operating server infrastructure. That's something they have in common with cloud services overall, as well as the fact that they're often inexpensive -- or, quite often, free -- [making it easier] to get started with the cost and scaling along with the subsequent adoption and, hopefully, the success of the application.

But, as I mentioned, because they're often accompanied by device platforms, specific SDKs, they typically feel like a natural extension of the client-side programming model for the app developer. So they don't need to learn our server-side programming model or a different programming language. They just suddenly have additional capabilities that they can take advantage of within their mobile application.

In short, they make building and delivery mobile apps a lot easier by abstracting away the back end as much as possible.

What would you say are some of the hurdles that companies face in looking at Backend as a Service?

Van Huizen: That's a great question. There are several hurdles, some of which are relatively obvious and some of which are less so.

One of the more obvious ones is that many of the vendors in the space are relatively small, which means they may not be around forever. They may be acquired -- and they may be acquired by somebody that you may not want to do business with. So to the extent that your mobile apps depend on a given cloud back end, you want to be ready to move to another vendor should the need arise. The space is likely to be somewhat volatile for the next few years.

As with many cloud services, though, the low cost of entry can be seductive and somewhat deceptive. Although you can get in for literally nothing, in many cases, or just by entering a credit-card number, the cost can pretty rapidly escalate along with the success of the application.

So you need to understand how the cost will increase with usage. When used in a business context, as virtually all mobile apps in the enterprise space are, you need to understand the value of the app and what it provides to the business in such a way that you can cover the ongoing operational expense of the cloud back end.

Lastly, there may be security issues to consider. Those range from things like the security of the cloud stack itself to your ability to govern data movement between the mobile device, the cloud and your existing enterprise systems.

That makes a lot of sense. Now what's the difference between Backend as a Service and mobile middleware?

Van Huizen: That's a great question as well. At a conceptual level, cloud mobile back-end services, of course, play a similar role to what you might think of as mobile middleware. They're providing a back end, after all.

But there's still some pretty significant differences, although those differences may decrease over time. Many cloud mobile back-end services were initially designed to support [business-to-consumer (B2C)] scenarios without the heavy use of enterprise back ends, or perhaps without any kind of enterprise back end at all.

Partially as a result of that, they don't typically include some of the features associated with mobile middleware, which did primarily grow up in the enterprise space. For example, they don't often support storing data-synchronization services that would be required for use in offline scenarios or conflict resolutions if [for example,] a couple of users are attempting to update the same product record or inventory record.

And they may not directly support enterprise-driven security requirements. Commonly, Web applications and mobile applications would like to link with authentication services inside the enterprise, enterprise identity-management resources, that kind of thing. Quite often, today's cloud mobile back-end services don't provide that kind of a linkage.

Over time, we expect to see cloud mobile back-end services address those issues more and provide better support for enterprise scenarios. But today, most of them do not provide for a significant amount of enterprise integration.

A follow-up question to that in terms of the integration is: What are the challenges of connecting back-end data to the front end for mobile development?

Van Huizen: Another role of mobile middleware is that, quite often, the middleware does act as a bridge to enterprise systems from both a data-access point of view and a process-integration point of view. So most cloud mobile back-end services do not directly support that yet, requiring that the existing enterprise resources be integrated and services through some other means using integration technology, enterprise service buses, that kind of thing.

But even once that's been accomplished, regardless of how the back-end systems are brought into the equation, cloud mobile back-end services introduce a new form of security challenge. Any time you have the intersection of enterprise data, cloud services and a mobile device, you have an opportunity for data leakage. The data leakage may actually occur in the mobile device and, typically, these are not governed environments.

So, in many cases, it's desirable -- and often required -- to find some way to govern those interactions. Today, that's primarily performed using access gateways that wouldn't be part of the cloud service offering, but that need to be deployed at the edge of the enterprise as the mobile app to access enterprise systems.

One can imagine that over time, cloud service providers would offer some form of governance themselves, at least some auditing and logging capabilities. But for today, the governance of those interactions is an exercise left to the reader, one might say.

Contributor Peter Schooff is a former contributing editor to SearchCloudApplication's sister TechTarget site ebizQ.

Dig Deeper on Mobile infrastructure and applications