By Mark O’Neill, VP Innovation at Axway
Recent research from Gartner suggests that by 2017, the Bring Your Own Device (BYOD) trend will become mainstream in the enterprise. However, businesses are still holding off on embracing this growing trend because of the security fears surrounding it. After all, if a device containing corporate or customer data is lost or stolen, there is a danger that the data may fall into the wrong hands. However, empowering BYOD in the enterprise environment has its positives – a better work-life balance and an increase in productivity and innovation to name a few. With this in mind, security professionals need to find a way for employees to securely integrate their personal lives with their work lives, and quickly, if they want to see the rewards.
The answer to allaying security fears lies in Application Programming Interfaces (APIs). By choosing to deliver data via an API, organisations can ensure that their data doesn’t reside on the mobile device. Rather, it is accessed by the applications running on the device. So in the event a device is lost or stolen, or changes are made to the user’s data entitlement, access can simply be turned off by the business so that data cannot be exploited by a non-authorised user.
With mobile, Cloud and social technologies rapidly gaining traction within enterprises, the door has opened for a new enterprise API economy that is driven by growing demand for access to information, anytime, anywhere.
There are generally two types of APIs: Open APIs and Enterprise APIs, but the two are very different. Open APIs, also known as public APIs, provide developers with programmatic access to a proprietary software application, sothat they can develop new services and apps, leveraging data made available via the original proprietary software application. Enterprise APIs on the other hand, run inside the enterprise and are not publicly available.
When we talk about using APIs in relation to BYOD, we are referring to Enterprise APIs. They essentially bridge the gap between mobile devices and the data by enabling mobile applications to communicate with the corporate servers.
Secure API management
In any information security situation, authentication is vital to maintaining control over who has access to corporate data. However, in an increasingly mobile world where data is taken beyond the traditional enterprise edge, businesses need to go one step further and take control of where, when and how their APIs can be accessed. Context is key to securing mobile data exchange. For example, if an employee is attempting to access an organisation’s API from an unidentifiable location, from an unknown device or outside a specific time range then access should be blocked to that user. When it comes to authenticating API usage, these factors need to be considered before allowing access to the API.
With more and more employees expecting to use their personal devices at work, businesses need to accept that the trend is here to stay and start planning how they can embrace BYOD securely. By delivering data to mobile devices via APIs, security professionals can rest assured that sensitive company information will not be hijacked by an unauthorised user if a device is lost or stolen. On top of this, with an effective API management strategy firmly in place, organisations can protect against unauthorised access to their network. Overall, APIs offer businesses the ideal remedy to their security headaches and in turn, help them to unlock and enjoy the benefits of BYOD.