Monday, January 28, 2013

The importance of APIs to BYOD

My colleague John Thielens, Chief Security Architect at Axway, writes this week about BYOD security in CBR Online. As John mentions, BYOD is here to stay because users, especially millenials, expect to use their own devices for work: tablets, iPhones, various Android devices, etc.

John writes:
While employers are feeling the pressure to implement Bring Your Own Device (BYOD) schemes within the workplace and to make the most of the changing technology landscape, this needs to be coupled with policies and security measures that provide full visibility of where data is and who is accessing it at all times. This end-to-end visibility, together with proper BYOD policies, can be the difference between earned customer loyalty and irretrievable brand damage.
http://www.cbronline.com/blogs/cbr-rolling-blog/guest-blog-data-privacy-day---is-your-security-blanket-intact-280113
APIs are at the center of this. If you deliver your data via APIs, then the data does not rest on the mobile device. Instead, it is accessed by apps on the device. If the device is lost, or the user no longer has the entitlements to access the data, then the access is simply turned off. This requires, of course, policy to be enforced for the API access. An API Server provides this, as well as providing monitoring analytics about API usage (the "end to end visibility" which John mentions). In this way, it's at the heart of a secure BYOD strategy.