Table of Contents
In our overview of the digital transformation landscape, we discussed how the stunning pace of innovation in information technologies has allowed the information aspects of every product and service to grow in importance—in some cases to such an extent that the information itself becomes the product or service: a “digital product.”
This trend creates both opportunities and threats. The web provides universal access to the entire global market, new ways to connect with prospects, and instant self-service delivery of digital products. The competitive field is open to anyone, not just those with massive investments and established relationships. Those who outpace the competition in capitalizing on information maintain relevance and gain competitive advantage. The rest may fall prey.
Digital products improve your business prospects in three fundamental ways: New digital services can expand your line of products and services or add value to existing products or services. Beyond improving the product itself, new mobile and social experiences enhance interactions with existing customers and attract new audiences of potential customers. Or digital technologies can improve operational insight and efficiencies and improve margins for your business.
Orienting toward digital opportunities is not a matter of successfully executing a single project, such as introducing a mobile app. Long-term success is achieved through systematically increasing the capacity to adapt and innovate to changing technologies. A business must cultivate the creativity to marry new technology possibilities with unique business value. It needs to develop the ability to capitalize on opportunities through the quick and flexible execution of IT projects. And it must deploy an IT architecture and platform that supports rapid development and delivery of scalable, secure, intelligent digital products. The ongoing discipline to improve these three capabilities—digital creativity, continuous execution, and evolving the infrastructure for digital business—is encapsulated in the term “digital transformation.”
This white paper looks specifically at fundamental components of the architecture and infrastructure supporting digital transformation, including capabilities for:
- Making the business programmable through APIs
- Programming the business using integration systems
- Maintaining solid identity and security practices
- Learning from usage and integrating intelligence into the system with real-time smart analytics
- Exploiting the potential of IoT and mobile devices
- Increasing agility through the adoption of open source and cloud systems
Digital products are driven by software, and the primary medium for implementing software is, of course, programming. The journey to become a digital business becomes the journey to make your business programmable.
Software functionality can be encapsulated to service consumers as an API (application programming interface). In other words, to be programmable is to have an API. The correspondence is so tight that we often overload the term API as shorthand both for the mechanism making the capability programmatically available and for the underlying functional unit.
Programmability enables efficient reuse of functionality, eliminating duplicative efforts and allowing you to focus on the new and innovative. For instance, a new algorithm can be quickly deployed as a complete application by integrating it with existing units of API-enabled functionality. Often innovation is accomplished by simply combining programmable units, in other words integrating APIs, in a new way.
One of the first tasks in many digital transformation efforts is to progressively expose the capabilities currently locked away in siloed information systems to internal digital product developers. For instance, a customer profile often spans multiple systems, such as tech support call records, billing records, and website analytics, to name a few. By unlocking the data in these systems through APIs, new applications can be developed: for example, an app supporting the sales team’s success by providing a broadly informed indication of customer satisfaction prior to or during a rep’s sales call.
There are also many general-purpose APIs available online that you can leverage. It does not take long to assemble a capable innovation backplane from internal business-specific APIs and external general-purpose APIs. Your API business platform serves as your digital innovation platform, and its richness correlates to the breadth of possibilities for building new digital products.
Besides inspiring your internal innovators, APIs offer the potential to generate new value and inspire creativity outside your organization. By offering selected core business capabilities through an API, you can incubate an ecosystem of partners, customers, or public third-party developers. This ecosystem can offer a virtuous cycle of business value for you and for your ecosystem.
For example, a company offering a product for sale through a traditional online storefront might also introduce an API for submitting orders directly. This API appeals to a certain business customers that automate their stock management. Now their stock management system can call the API to enter an order directly, making the customer more efficient while decreasing your own sales costs. As an additional benefit, the relationship strengthens and becomes harder for a competitor to disrupt.
APIs can, themselves, evolve into digital products, delivering new sources of revenue to the business. An organization may choose to offer an API only to paying subscribers to directly monetize the API. Alternatively, the enterprise may provide a free API that can be embedded within a service or app to enable monetizable transactions, such as the placement of orders. But most often, a public API brings indirect value—most typically extending the reach of the brand, nurturing new leads, collecting valuable data, or deepening partnerships.
Remember when we only had to develop a web page, and all customers came to that single online point? Those days are long gone. Now customers expect web experiences to scale to many different viewing sizes or even avoid browsers altogether, instead using mobile apps that offer richer capabilities like location, touch, fingerprint recognition, voice, image capture and recognition, and so much more. Increasingly, enterprises are adopting an omni-channel approach to interactions, extending them across mobile, the website, chat, Internet of Things (IoT) devices, and social media platforms. To automate the interactions, these organizations are turning to technologies, such as voice-activated bots, real-time analytics, and predictive systems. The list goes on and grows larger every day.
APIs have a central role in powering new customer experiences, since the user experience is implemented close to the consumer but connects back into your information systems to provide core business functionality. Some of these experiences can be implemented directly using the internal APIs in your innovation platform, but often a special-purpose API is deployed, tailoring and combining backend capabilities into a coherent API that is designed to efficiently drive a family of customer experiences.
Enterprises building an agile service-oriented architecture (SOA) have found that managing the use of APIs improves their security, clarifies usage patterns and dependencies, and helps connect developers and consumers in a productive cycle.
Central to managing an API is the concept of subscription. A consumer must subscribe to use the API and receive a token that identifies his or her use of the API from that of other consumers. This token allows enterprises to track usage, revoke the rights of abusers, enforce limits or alternate qualities of service, and calculate billing or cost sharing. With a known identity for an API consumer, access to backend systems can be properly granted, bridged, audited, and controlled. Rich per-consumer analytics provide insight to both API consumers and publishers.
The need to manage subscriptions has given rise to API management platforms, which provide this function.
Besides managing subscriptions, deploying an API management platform accelerates API deployment and consumption by supporting API consistency, discoverability, the publishing process, security, and analytics.
Consistency: APIs have the most rapid impact when they are easy to use and consistent with other APIs available internally or externally. Following current standards and best practices lowers the need for special skills and makes it easier for consumers to adopt an API. Current best practices standardize the protocols, data formats, authorization, and description of the API (HTTP/REST, JSON, OAuth, and Swagger respectively). An API management platform supports the consistent use of this set of standards, as well as provides a stable and secure gateway endpoint for accessing the API. This indirection point provides a stable endpoint while allowing the implementation details of backend services to change or to bridge into a service’s legacy protocols and formats as needed.
Discoverability: API consumers need to be able to efficiently discover APIs, as well as understand their capabilities and how to access them. Key features for supporting the adoption of APIs, along with the experimentation and productization of new product ideas, include a portal for the API platform, the ability to search across the API platform, documentation, and the option to try out an API, and self-service functionality for subscribing to and using the API. The developer portal user experience must be highly customizable, as it represents your brand.
Publishing process: API creators publish their APIs, after completing the approval workflow established by the organization, using a dedicated publisher portal. Through this interface, they can publish the details of the API, test the API before release, manage the lifecycle and versions of the API, authorize user roles and usage patterns, and build a community around their APIs.
Security: The API management gateway acts as a key part of the security system, verifying that access is authorized and proper security protocols are followed. It helps bridge between the credentials of the consumer and those that may be required by the backend services. The gateway also generates a wealth of data that can be analyzed and used for auditing or for threat detection and remediation in real time.
Analytics: The ability to evolve as a business depends on grounding strategy decisions in data. Since APIs map to business functions, the vast amounts of data they generate offer an indication of the performance of the underlying business. Data patterns can suggest operational efficiencies, or they can be fed into machine-learning algorithms to develop new business value, create better security policies, or enable real-time decision-making. An API management platform includes a real-time analytics component that can capture, store, analyze, display, as well as identify patterns requiring immediate reaction.
As an innovation platform powered by APIs emerges, new product development involves programming to these APIs. At the same time, a larger share of development is spent in integrating with existing APIs and less time on writing capabilities from scratch, increasing the importance of tools specifically designed for integration.
Organizations tend to adopt a variety of integration tools and techniques. These include sophisticated tools that can integrate diverse and difficult systems, for instance using legacy connection mechanisms to bridge a service into the modern API platform. On the other end of the spectrum are visual integration tools that can tie popular APIs quickly into new applications. Some integration platforms specialize in connecting cloud services while others focus on data sources or messaging systems. Enterprises should look for integration tools that can be specialized for the required scenario and developer skill to provide an optimum solution, depending on the situation.
Integration toolbox: Most enterprises cannot escape the need for tools that can achieve the most demanding integrations across services. Such a tool needs the capacity to connect to a wide variety of protocols and security mechanisms. Additionally, it should streamline integration APIs for popular on-premises software packages and cloud systems. Finally, it also should be able to make conversions between different protocols and data formats, and support integrations with multiple services.
Data integration: Many services represent data sets or queries over data sets. An integration platform often requires the ability to “service enable” raw data sets—connecting to databases, defining queries and mapping the results into a well-defined service interface, reshaping data, and bridging service authorization and data authorization domains.
Messaging: Integration tools require capabilities for supporting a variety of messaging patterns beyond request-response. Eventing mechanisms offer new design possibilities for scalable architectures and are increasing in importance and popularity. For instance, a scalable set of microservices may pick up tasks and deliver results to an event bus instead of relying on a central data store or central dispatching mechanism. Message queues can ensure that important tasks are not dropped if there are failures or delays in the system, and they can be useful when reliability and robustness requirements apply.
Business process execution: Most scalable web architectures strive to be stateless, allowing a process to be picked up by any members of a set of worker nodes without requiring them to maintain and share a lot of context. But there are situations requiring long-running, stateful, orchestrations. In these instances, multiple steps are orchestrated throughout an entire, long-running process—some even involving human involvement, such as acknowledgements or approvals—which must retain context representing progress throughout the process. A business process can be broken down to a set of steps that are executed in parallel or sequentially and can be modeled and executed as invocations against a set of backend services. Business process execution can be considered a type of integration, with its own specialized business process design tools and languages, such as the Business Process Execution Language (BPEL) and Business Process Modeling Notation (BPMN).
Service hosting: There are times when simply writing code is the most straightforward way to implement or support an integration. The functionality to deploy a service that exposes some new logic is always present in the integration toolbox.
Analytics: All parts of the platform should have analytics, including the integration toolbox, to monitor system operation and enhance security, as well as provide better insights into the underlying business.
As integration becomes more agile and rapid, security challenges don’t disappear. In fact, they multiply as systems inside and outside the enterprise interact. Part of integrating systems is ensuring that each component of the system maintains proper security measures or a proper security environment, as well as a chain of authorization as a systems spans multiple systems. Technologies for safely bridging identities between systems form a core part of a modern digital transformation pattern.
In conjunction with integration tools, identity management capabilities also offer new possibilities for improving customer experiences. Federated logon, for instance, allows users to bring their own identities to your system by coordinating with an outside identity provider preferred by the user, such as Google or Facebook. This offers convenience and added security for the customer.
For your employees and partners, federated login across multiple systems increases productivity, simplifies provisioning of new users across multiple systems, and allows centralized deprovisioning that reduces the risks of inappropriate access. This can span organizations as well; for instance, federating identities across ecosystem partners aligns provisioning and deprovisioning among these organizations.
While security architectures should be vetted by domain experts, other IT disciplines and business owners should develop enough familiarity with identity requirements to be able to envision the opportunities new identity technologies may open up for digital products, digital customer experiences, and digital operations.
Big data technologies have made it not just possible but commonplace to capture tremendous amounts of data about every interaction, system, environmental factor, and device status. This data enables the monitoring of system performance important for ensuring the smooth operation of a system, and increasingly it is proving useful in range of other scenarios as well.
Batch processing allows data to be analyzed after the fact, and the simple real-time display of data assists with monitoring. However, the next level of analytic technology enables analyses of and responses to data patterns in real time. This is often referred to as real-time analytics, stream processing, or complex event processing (CEP). Such technology opens a wealth of possibilities for digital products, experiences, and operations.
Advanced monitoring and policy enforcement: A platform for real-time analysis and automated response can be used for monitoring usage patterns and providing a mechanism for enforcing pattern-based rules.
Intelligent decision-making: Data sets processed with machine-learning technologies can derive significant insights from the data, as well as create models that can automate any number of tasks. Configured with such models, a system can take responsive action automatically and intelligently to a variety of situations.
Threat detection and response: Systems trained to identify security threats and fraud can detect and respond automatically to a class of threats.
Predictive services: Analyzing the behaviors of customers, systems, or devices can lead to a proactive approach in addressing issues and identifying new opportunities. For instance, predicting when a customer might be dissatisfied or amenable to expanded services, anticipating when a device might need maintenance, or making delivery projections in order to accelerate them or optimize delivery channels.
New revenue streams: The insights generated from data—raw, processed, or in the form of artificial intelligence (AI)—may themselves become valuable new digital products. AI techniques and tools are rapidly evolving, spanning and specializing in many domains. Open source projects represent the leading edge of advanced AI capabilities, simplifying both their use and integration into a smart analytics platform. Applying the capabilities enabled by these technologies can provide new business value across all your digital initiatives.
All WSO2 products come with their own analytics modules based on the WSO2 DAS as well, to provide a rich set of domain-specific capabilities out of the box.
Current trends predict that the number of connected devices will outpace the global population by large factors in the near future—leading to significant potential for disruption. These devices will offer new opportunities for engaging with customers; tapping new sources of valuable data; and monitoring and controlling physical equipment, buildings, and even entire “smart” cities. Prepare for this by considering how IoT and mobile devices fit into your digital transformation strategy.
Integrating devices into a digital business requires the many capabilities already discussed—connection through a managed API, integration for incorporating device capabilities into digital products, management of identity and security all the way to the edge, and smart analytics. But IoT devices also pose some unique challenges that require some specific solutions.
Devices can be deployed at large scale, which implies a need for automatic discovery and connection, provisioning, and remote management mechanisms. This suggests the need for a device management platform that offers capabilities for registering and deregistering devices, assessing their health, and remotely controlling and upgrading the devices.
At the same time, IoT devices represent a huge increase in the scale of possible attack surfaces. Therefore, best practices include the ability to upgrade firmware to fix security flaws, together with the application of techniques to protect against firmware hacking.
The need to connect devices also introduces challenges. Because devices are distributed throughout an environment, it may be harder to maintain connections. Additionally, mechanisms may need to be deployed to reduce the impact of connections that are intermittent, poor quality, and low bandwidth.
Mobile phones and tablets constitute an important class of devices, both because they offer a personal user interface and because they are general-purpose devices capable of running many different apps—desirable or undesirable.
Mobile device management (MDM) solutions offer some control over mobile devices, whether they are personal bring your own device (BYOD) models brought into a sensitive environment or corporate-owned personally-enabled (COPE) devices. In either case, there are ways enterprises can improve efficiency and security. For instance, convenience is increased through the automatic registration and distribution of a set of required apps to managed devices. Meanwhile, security is increased by blacklisting certain apps, requiring users to set a passcode for the device, or allowing remote wipes of information on the device if it is lost or stolen. Fine-grain control of features can be achieved by actions, such as establishing a geofence inside in which camera functions are disabled.
Enterprises that are developing mobile apps for employees often provide mobile application management (MAM) through an enterprise app store that lets users discover and install required, recommended, and allowed apps for their role.
Incorporating IoT and mobile devices into your digital platform is an emerging field with rich possibilities for you to explore.
We’ve touched on some of the fundamental components of the architecture and infrastructure comprising a digital transformation infrastructure. These provide the core building blocks but each organization must assemble a platform optimized to meet its own maturity level and needs. Additional components not covered here might include:
- Development tools for continuous development, agile project management, and automated testing
- Tools supporting “inside source,” a developer environment where code and learning can be shared among a vibrant community
- User experience (UX) frameworks
- Data governance tools
- AI systems
Your digital innovation platform should be characterized by flexibility and agility. You need the ability to experiment, prototype, and deliver minimally viable products, as well as iteratively discard or improve products. The format of your technology helps provide that flexibility.
Open source offers you the ability to instantly download software without obligation or the need to review proprietary license terms, speeding your experimentation and development. Open source tends to be rich in extension points, and retains your option to influence its evolution, build upon it, and even to package it into your own offerings. Commercial support is most often provided on a pay-as-you-go model. Additionally, open source lends itself to the process of assembling a platform.
Cloud takes this agility even further. You can access running systems online in minutes, usually with trial periods, minimal commitments, and nominal entry fees. Cloud solutions often come with scalability built in, and may provide other pre-built integrations. For example, WSO2 API Cloud is integrated with a payment gateway for monetized APIs while the on-premises WSO2 API Manager requires you to perform this integration.
The form of deployment (on-premises or cloud) is an ongoing choice that can be made for each digital project. Over the life of a project, the factors influencing that choice may change. Therefore, to minimize the impact of deployment modifications, it’s useful to select products that can be migrated easily between an on-premises, ideally open source, deployment and a cloud deployment. Running the same software on-premises and in the cloud also enables organizations to implement advanced scenarios, such as an on-premises solution bursting to the cloud during periods of peak demand.
WSO2’s product platform is designed to serve as the core of a digital transformation platform:
- WSO2 API Manager
- WSO2 Enterprise Integrator
- WSO2 Identity Server
- WSO2 Data Analytics Server
- WSO2 IoT Server
These products are fully open source under the Apache 2.0 license, which is widely recognized as safe for any organization to adopt. The products are easy to assemble with other components you choose for your platform, but they are also built from common code to ensure they work seamlessly together with other WSO2 products. Digital products often span several of these functional areas, so consistency across the products makes the development process more productive.
Product capabilities are available on-premises or as a managed cloud hosted by WSO2. Additionally, capabilities for API management, integration, identity and access management, and mobile and IoT management are available in the public WSO2 Cloud (though some cloud capabilities are not in commercial release at time of writing).
In addition to the products, WSO2 offers services that support your innovation practice and talent strategy. Typically, each digital initiative needs agility in assembling a project team with the right expertise, resources, infrastructure, and support. The team may be in-house, outsourced, or some combination of the two. WSO2 offers a variety of services to broaden the choices available to you and support your talent strategy in a way that reliably generates success.
These services include:
- Subscriptions. WSO2 offers commercial support for our products through a subscription that includes a real-time stream of WSO2 Updates and 24x7 support services with an aggressive service-level agreement (SLA). Note that WSO2 Updates are available to non-customers but not licensed for production use without a subscription contract—effectively a free unlimited-term trial for pre-production use.
- Architectural expertise. WSO2 offers pre-sales architectural advice plus systematic architectural design and review services. The QuickStart is designed for project inception, Quarterly Architectural Reviews for ongoing support of complex projects, and Platform Architecture consultants for general purposes.
- Talent development. WSO2 increases the capabilities of your team through training courses, certification, on-line access to product experts (support tickets), WSO2Con events, and subsequent recordings.
- On-site teaming. Staff augmentation brings immediate expertise to a project while facilitating longer-term knowledge transfer.
- Off-site development. WSO2 engineers can cost-effectively execute certain development tasks and projects appropriate to remote implementation.
- Operational support. An operational expert from WSO2 can work with your team on-site to support key production deployment milestones and implement best practices around deployment, backup, disaster recovery, deployment automation, security, and governance. With WSO2 Managed Cloud, we offer fully managed services for a dedicated system run by our WSO2 Cloud operational team.
- Partner ecosystem. WSO2 supports customers’ outsourcing strategies with an active partner program that backs our system integration partners with enablement, validation, and referrals. When large portions of a project are to be outsourced, we recommend using a WSO2 partner instead of strategic talent augmentation from WSO2.
WSO2 understands that a digital transformation strategy is critical to your business, and has helped many organizations to realize the opportunities. With key products and services, we work hard to become your experienced and trusted partner for this exciting journey.
For more details about our solutions or to discuss a specific requirement contact us.