Survey: Oracle Finds Mobile IT Spending Still Surging; Growing Focus on Security, Backend Integration

Enterprise investments in mobility will skyrocket some 50% over the next two years, according to a CIO survey released by Oracle Corp. That said, IT remains concerned over mobile security and mobile app integration with backend systems. IDN explores the survey with Suhas Uliyar, Oracle vice president of mobile strategy and product management.

Tags: ALM, API, connected enterprise, EMM, integration, MBaaS, MEAP, mobile, Oracle, SSO,

Suhas Uliyar
vice president of
mobile strategy and product management

"Mobile security is not just about one thing but the sum of many parts."

Mobile IT Summit
April 23, 2015
An Online Conference

Enterprise investments in mobility will skyrocket some 50% over the next two years, according to a CIO survey of 414 respondents released by Oracle Corp. That said, IT remains concerned over mobile security and mobile app integration with backend systems.


Even as mobile development has become entrenched in the enterprise, IT’s goals and challenges continue to quickly evolve. For instance, security and integration remain top concerns for mobility, especially BYOD, noted Suhas Uliyar, Oracle vice president of mobile strategy and product management.


Uliyar pointed out this survey, conducted by CIO Strategic Marketing Services and Triangle Publishing Services, found a pronounced shift in mobile development from a few years ago, where the mobile UI or front-end received the lion’s share of attention. The survey was done with the support of the Oracle Mobile unit.


The survey, titled “The Connected Enterprise: Keeping Pace with Mobile Development,” found the following:

  • Only 29% of IT development time is spent on front-end mobile app development, and the remaining more than 70% is spent on other aspects of the mobile lifecycle – including mobile app integration, security, quality assurance testing and design work.
  • Further, a whopping 93% of respondents cited concern over data loss and other security breaches related to mobile devices with BYOD being a key contributor to this concern.
  • “Mobile applications change continually,” – so much so that 35% of respondents said they update their apps portfolios monthly, and 82% expect to have to increase the rates of revs/new apps.
  • Some three-quarters of respondents (75%) said cloud or hybrid cloud technologies are “somewhat important” or “very important” to mobile application deployment. These include PaaS (platform as a service) and MEAP (mobile enterprise application platform).

In light of these findings, we asked Uliyar if mobile projects will drive the need to change how IT thinks about the end-to-end mobile ALM process to make it easier for front-end mobile devs to work with security, integration and other backend services.

“The Mobile ALM process does need fine tuning,” Uliyar told IDN. “Security must be addressed at all phases of the cycle – from understanding the user profile and the corporate policy for devices. Mobile security is not just about one thing but the sum of many parts. Typically, thought is given to application level authentication and authorization especially with the backend applications,” he said. “And while these are important concerns, they are not the only areas mobile IT should focus on to deliver end-to-end mobile security, he added.


Top Questions To Address End-to-End Mobile Security

“There are plenty more questions to be answered by the developer and today not many of these are part of the mobile development,” Uliyar said. “They are challenges IT faces once the app is built and in some cases after the app is deployed.” He shared a list of specific points for consideration, during the mobile development and mobile deployment processes:

  1. Who is using the application and where?
  2. What is the corporate device policy – BYOD vs corporate?
  3. Where is the source of data for the application – ERP, CRM, social, geo location Services etc. This impacts user credential login (SSO) and propagation?
  4. Where is data being stored – on the device, in an interim store, where is the interim store, how is it secured?
  5. How is data transmitted over the air – where is the termination point, is it encrypted, what is the encryption policy?
  6. Is the device trusted, registered with the corporate IT management system? Is it jail broken?
  7. What is the SSO policy?
  8. What is the device login policy – two-factor, PKI etc?
  9. For a B2C app what is the authentication process (banking, insurance) where data from the enterprise is required? Is there a step-up authentication requirement?
  10. Where is the credential store on device? What is the time-out policy?
  11. Where is the content management system – is there an enterprise store to sync and share documents or is it a public service (Mbox, Google Drive etc)? What are the auditing policies for content storage and management?
  12. What are the IT device leakage prevention policies?
  13. Are there are any policies defining service access (REST API access), e.g., no access to certain locations based on geography?
  14. Is there auditing, reporting and real-time denial of service for API access and how it is handled?
  15. How is the app going to be distributed – public vs private app store? What is the process by which this is automated?
  16. How is the app going to be containerized? What SDKs or wrapping service? What is the process to publish once wrapped and containerized?

“Our goal is to drive value to the developers and make it seamless [using] a check box for IT to deploy secure applications,” Uliyar told IDN.

Uliyar’s list of considerations also illustrates a related point – the growing convergence of how IT thinks about and implements an attractive mobile front-end and an enterprise-grade mobile backend that can be both reliable and performant. We asked how the Oracle Mobile Platform approach bridges this gap.


“We believe that mobile developers must be treated as a first class citizen in the application development eco system. The ideal world is where outside-in approach meets inside-out approach in a strong but loosely coupled collaborative way,” he said. The challenge in that is a common one, he added, noting “typical service developers do not know what to predict as it relates to the interfaces exposed from the backends as they have multiple consumers (application-to-application integration, mobile integration, web applications, B2B exchanges etc).”


Enter Oracle’s approach to leveraging the cloud and APIs to provide a more seamless mobile lifecycle.


How Oracle Integration, APIs Speeds Mobile Access to Backend Resources

“ We have recognized this and we are solving this via the mobile cloud service that abstracts mobile APIs that mobile developers consume from the backend APIs. We provide tools for service developers to shape these APIs in a mobile-centric way via server side JavaScript containers (Node.JS) that allows them to mashup and create an API that is more suitable to mobile use cases,” Uliyar explained.


“On the mobile developer side, we provide tools for the mobile developer to sketch/mock up an API if a suitable one does not exist in the API catalog with mock data so they can continue with mobile app development without getting blocked. This mock-up designer process has a flow through to the service developer through standardized modeling language (RAML, in our case) for the service developer to download the scaffolding and fill in the code to make this service live,” he added.

Oracle’s approach also looks to speed delivery of mobile apps, Uliyar added.


“There are several ways to speed up enterprise mobile development with provision–ready and publishing-ready techniques (e.g., device cloud testing, testing and regression testing tools, service API testing, auto deploy to app stores etc.). However the first thing to do is to reduce the time to expose enterprise APIs in a way that is consumable. These APIs must be in a catalog that is searchable, easily describe-able, curated in a manner that is easily mapped to the application,” Uliyar said.


He shared an example.


Rather than a mobile dev having to figure out which PeopleSoft or SAP HR application API to use based on geography, the service needs to be defined correctly to promote easy ways for the developer to identity and use the service. So, in this case, Uliyar suggested, “the service must be an employee service record that abstracts where the data is coming and providing a mobile API augmented with additional objects that is applicable to that app.”


Analytics can provide another useful tool to speed up the launch of mobile apps. “Analytics also help to determine at all layers for all personas (mobile developers, service developers, business owners) to determine what to tweak rather than just guess that a new app or modification is required,” he added.


In the end, Uliyar sees “lots of room for growth for mobile in the enterprise.” This next wave of enterprise mobility will show a “convergence of mobile specific functionality, API management and integration platform in the service as the new architecture of mobile and multi-channel apps in the cloud,” he added.

Download a copy of the survey “The Connected Enterprise: Keeping Pace with Mobile Development” here