As businesses moved toward digital transformation, applications played an increasingly important role in success. During the last year, the COVID pandemic has only accelerated their importance. Today, applications are the center of the business universe, and thus, application development.
How did this happen?
First, let’s recognize that this digital transformation has been evolving for several years. The past year didn’t launch a new evolution, it simply gave the existing movement significantly greater momentum. With physical locations closed and personal contact no longer possible, digital engagement became the only way to conduct business, and interact with customers, partners, and employees. The migration was one of necessity.
This acceleration has several implications for technology and companies.
Applications as Brand
Today, the application is the brand. For simplicity, we’ll consider brand to be the overall impression a consumer has for a company. With all interactions now only possible via a digital channel, applications are how you make an impression. Yes, web pages play a role, especially in e-commerce. However, applications, either on the web page or via a mobile device, remain the only way to conduct business between a consumer and the company and that transaction determines the customer’s impression of the company. As a result, the quality of the application—its ease of use, completeness of function and action-ability—becomes the face of the organization.
I often illustrate this with a simple running example of a modern bank that I’ll call Agile Bank, Inc. Let’s look at two examples the examine the implications.
Prior to the COVID pandemic, a customer of Agile Bank needed to make a physical trip to an ATM and physically touch the screen to confirm their identity and withdraw cash.
When the pandemic hit, customers demanded a contact-less way to withdraw funds. Agile Bank responded by quickly developing a new mobile application that linked the user and several banking data sources and applications. A customer could use the application to locate a contact-less ATM.
Interaction between the mobile application and the ATM would then use multi-factor authentication to identify the customer. The application would check available funds with the bank, authorize the transaction, dispense the cash, and update accounts—all touch-less except for removing the cash from the machine.
Contrary to the initial forecasts of economists, the sale of houses skyrocketed during the pandemic. And with it the need for processing loan applications. Prior to COVID, a loan application for Agile Bank could be submitted online but approvals and funding required physical presence, or a substantial effort to email and scan documents back and forth. The process could be time consuming, at odds with the rapid offer and close cycle of the hot market.
After COVID, Agile Bank responded with a new loan application that eliminated the need for in-person contact or lengthy documentation process. A customer could submit their application via the bank’s mobile application and verify their identity through multi-factor authentication. The mobile application could then link all relevant financial documentation, property valuation and appraisal, and, using AI, approve the loan.
The mobile application could then interact with the financial system of the title company to fund the loan and close the transaction—again without the need to meet in person or execute a cumbersome documentation process.
What This Means for Apps
This new way for conducting business through an application places huge demands on the application. The customer must be willing to use the application and, when used it should:
• Be easy to use, preferably involving no additional steps beyond those within the mobile app,
• Provide meaningful function and necessary features,
• Deliver new features faster than the competition to maintain a competitive advantage,
• Be secure and trusted, given the sensitive nature of personal information, and
• Deliver no-wait performance
The challenge with an application is it must deliver an excellent experience from the start—then get better. Customers don’t have a lot of patience for an application that doesn’t deliver as promised. They know how good an application can be and they expect nothing less. In fact, a poor application experience is far worse than no application experience.
What This Means for Developers
The importance of the application and customers’ expectations for its quality put a great deal of pressure on the application developer. The developer must create robust, rock-solid applications with a rich set of features—from the start. And they must continually evaluate how the application is being used and how best to add features that customers want.
Application service meshes can help. They provide ready-to-use and proven application components for the most common services such as user interface and data calls with APIs stitching the entire application stack together. Additionally, they need to define the software infrastructure to simplify the headaches of managing security, scale, and differences in semantics. In both cases, APIs are central to the success of the application.
APIs and Connectivity
Let’s take the example of Agile Bank’s contact-less cash withdrawal above to illustrate the developer journey as they fire up their IDE to build a feature-rich banking application.
First, the developer needs to discover the available APIs and providers to deliver feature velocity and capabilities. For the Agile Banking application, the developer looks for a mobile API for the front-end, public cloud service APIs for the back end, SaaS-provided APIs for customer data, traditional transactional system APIs for consistent customer account information, and edge and branch APIs for consistent branch and ATM cash flow information.
After they have discovered the necessary APIs, the developer uses them to connect the various app services and support the seamless flow of data and information used in their application. During each of these phases, issues with semantic consistency, version management, policy constraints, data flow and other challenges typically arise.
APIs and Security
The internet is the platform that makes modern distributed applications work. But the wide-open nature of the web also adds an element of security risk. Traditional perimeter-based security doesn’t work for such applications. We believe security needs to evolve in several directions to deliver defense in depth supported by API security.
First, APIs and data objects are the new perimeter. API calls are executable actions and securing them will secure the application. Modern applications need to secure API-to-API calls and API-to-data access calls whether the APIs are internal (both cloud native or traditional) or from a third-party API provider (public cloud or SaaS).
Second, API and data security needs geo-fencing controls to meet data sovereignty requirements.
Third, API security needs to work hand in hand with other cloud and network security solutions across the full stack, with real-time reporting to ease the friction between developers and security engineers.
And, finally, API security needs to integrate seamlessly with a developer’s choice of IDE and their existing CICD pipelines, such that the reputation, policy and security of any API are available and enforced from when the developer fires up their ID to when they deploy in staging or production.
For businesses that adopt a robust application development ecosystem—with integral API connectivity and security—the new application imperative can be a significant competitive advantage.