Middleware for Mobile - Making it Safe to Deploy Systems of Engagement

June 19, 2013

Middleware for Mobile

Making it Safe to Deploy Systems of Engagement

Middleware is not a happy topic.  It is something everyone needs and everyone expects, but it is not something everyone is willing to pay for, at least not very much.  And as a result, it does not get the quality attention it inevitably requires.  Instead, like the rough beast from Yeats’ Second Coming, it seems perpetually to be “slouching towards Bethlehem to be born.”

Well, a number of us got together at Mohr Davidow Ventures the other evening to see if we could not play midwife and move this baby along a bit (see Cast of Characters below).  What brought us together was the realization that without an appropriate fabric of middleware in the Cloud, enterprise CIOs cannot aggressively deploy all the next-generation Systems of Engagement apps that our firms are developing and that business users everywhere are clamoring for. 

We spent two hours in lively discussion, first channeling our inner CIOs (with the help of some actual CIOs in the group), then outing our selfish vendor and investor interests (this is Silicon Valley, after all), all of which was prelude to a break-out session where each of three groups proposed their best cut at a Reference Architecture Checklist for Mobile Middleware.  The two key criteria for evaluating all such lists are that the items are 1) Mutually Exclusive and 2) Collectively Exhaustive (MECE).

Each group took a different path to this goal, so what I will do here is give my best synthesis of where we ended up.  That said, this is a work in progress, with the next step being a set of interviews funded by our friends at Box, so keep your eyes on this space.

The Core Set of Functions

There are four key focal points for cloud middleware in support of mobile applications:

  1. Devices.  This is the realm of MDM (Mobile Device Management), MAM (Mobile Application Management) and Mobile Security.  It enables you to identify a device by one or more signatures, encrypt and secure enterprise data inside a container on the device, provision applications onto the device, and wipe the enterprise-relevant portions of the device as necessary.
  2. Users.  This is the realm of Identity and Authentication, where the issue is to determine if users really are who they claim to be, and if so, what access rights do they have based on what role they play in the enterprise and under what circumstances they are engaging with the systems—all within the context of a single sign-on approach that addresses the unsupportable cacophony of passwords currently in use.
  3. Data.  This refers to Data Security, comprising all enterprise data that has restricted distribution, regardless of whether it is behind the firewall, on a device, in transit, or just being passed back and forth among APIs.  This is a complement to enterprise application security, which is a different beast, one that controls access to the application as opposed to the data per se.
  4. Programs.  This is the realm of Authorization and Access, programs being the active ingredient that binds the prior three entities together.  It is the ultimate focal point for control, the Big Switch, from which policies related to the other three can be managed.  It is likely to be running on top of some generalized bus architecture in order to facilitate connections among widely disparate facilities running on very different architectures.

Those are the four key areas that must be covered more or less without exception.  As a CIO you do not necessarily have to understand how, but you would be wise to make clear who.  Personally, I am a great believer in one throat to choke, so I am encouraging all the CIOs I connect with who want to aggressively deploy Systems of Engagement applications in a B2B context to appoint a single individual to own this fabric end-to-end.

A Supporting Infrastructure

A secondary result of our combined efforts was the observation that, while the facilities above are the only ones that are absolutely necessary, they are not in themselves sufficient, not if CIOs want to deploy an increasing number of systems of engagement at increasing scale.  To take on this expanded scope of effort, the following capabilities should also be put in place:

  • A systems of engagement development environment
  • API discoverability and management
  • An application distribution utility that supports self-service provisioning
  • Transparent accounting and legal for monetization and charge-backs
  • Usage and performance monitoring for quality of user experience
  • Monitoring and alerts for security threats and violations
  • E-Discovery for litigation support

Today this infrastructure comes from a hodge-podge of vendors and is cobbled together in varying ways by systems integrators and IT departments on a catch-as-catch-can basis.  Frankly, this is a disgraceful set of affairs, and the sooner those companies who purport to be “enterprise vendors” step-up to this challenge and configure ready-to-go architectures to supply these capabilities, the better.  (Oh, by the way fellas, the single company whose name comes up most often as the one to do this is Amazon—if that does not keep you up at night, nothing will.)

Cast of Characters

  • Max Alexander - MD for Innovation and BD, TalkTalk Group and Best Buy Europe
  • Nik Bahram - VP, Mobile & Computing Segments VP, BU & P&C Strategy and Marketing, NXP
  • Rob DiBiase - Vice President, Global Software Sales, Aruba Networks
  • Jonathan Dippert - Vice President, Synoptek
  • Joel Evans - VP, Technical Advisor, Mobiquity
  • Scott Kolman - Vice President Product Marketing, Synchronoss Technologies
  • Marina Levinson - Founder and CEO, CIO Advisory Group, LLC
  • Anthony Lye - Global President Digital Platforms & Products, Razorfish, DigitasLBi, Fluent, CRM365
  • Bill Lynch - Co-founder and VP of Product Management, Jive Software
  • Steve Macbeth - Founding Partner, EnderRealm / Partner Engineering Manager, Microsoft
  • Ty Rollin – Chief Architect, Mobiquity
  • Sam Schillace – SVP  Engineering, Box
  • Job Simon – IT Strategy & Architecture, VMware
  • Mark Tonnesen – SVP and CIO, EA
  • Mark Torrance – CTO, Rocket Fuel
  • Ray Valdes – Research VP, Gartner
  • Sandra Vaughan - Chief Marketing Officer, Marble Security