API management platforms and API integration providers can look to leading mobile solutions provider Good Technology to learn how to work with risk-averse enterprises when developing an API strategy. Good Technology – which provides the Good Technology DocuSign Integration mashup – has made its’ embedded security provisions a standard feature across the company’s Good Dynamics Network.
The move aims to offer an ‘outsourced’ solution to managing security protocols for app developers, while appeasing enterprise concerns around opening access to proprietary data on BYOD handsets used by field staff.
Jeff McGrath, Senior Director of Product Marketing at Good Technology, spoke with ProgrammableWeb after the company’s recent announcement that Salesforce has come onboard as a customer:
“Our Good Dynamics Network APIs and Salesforce SDK allow integrators to create custom apps for the enterprise. For example, if an enterprise wants to optimize the power of mobility and empower the sales staff’s on-time with clients, they could create apps that draw on the business’ customer data stored in Salesforce. This data is a key business asset and needs to be kept secure, so if it is exposed via apps stored on a sales agent’s BYOD device, the enterprise needs to be able to maintain the security and control of that data.”
Discussions at recent API events have shown that security issues can sift down to become a lower priority concern amongst developers who are often more focused on UX and workflow integration using APIs. One of the main strategies of the Good Technology approach is that they have held separate discussions with other stakeholders in an enterprise to show they are listening to the concerns of clients who are hesitant about making use of APIs in fear of exposing their digital assets.
The lesson here for API management platforms and providers offering integration-as-a-service solutions built on APIs is that it is incumbent on the service provider to manage both conversations with a business. Fostering an active and engaged developer community is one thing, but this community may not necessarily evangelize the benefits of API integration and in-house apps in a way that alleviates their concerns around business risk exposure and the protection of company data and intelligence.
“We want consistent security controls and we are seeing businesses drive this discussion”, McGrath said.
Good Technology has an active community of around 5,000 developers and IT administrators and, according to McGrath, provides “a ton of documentation and frequent webinars (which are led by our inhouse developers). We also have around 100 enterprise-developed apps registered with the Good Dynamics network, and an active ISV network.”
While the convergence of API and SOA governance gets underway, more API providers will be required to understand the drivers and – particularly security – concerns of enterprise clients. Good’s strategy of communicating separately and having the infrastructure to back up both conversations may be a strategy worth replicating.