Thursday, May 24, 2018

From federated identity to consolidated identity: a look at the past, present and future


This post was also published in CIO.com.

It’s time for a better way to maintain identity in the enterprise. Let’s explore a new identity model, Consolidated Identity, that will simplify how employees authenticate into systems, access data and complete workflows.

Today, it is common to use your Google, LinkedIn, or Facebook identity to log into a website. However, in the first generation of the commercial Internet, this was not the standard experience. Virtually every internet service required users to create an account with a username and password. For services that were only used occasionally, having to create this account and remember all the associated passwords often created friction for new users.

The invention of federated identity for the consumer Internet

I worked for Sun Microsystems in the early 2000s and was fortunate enough to be the technical lead for a new concept called federated identity, which presented a way for separate online entities to share identity across any number of websites. In order to build it, Sun formed the Liberty Alliance, a consortium of large companies from a variety of sectors, ranging from telecom to travel to banking.

With federated identity, we separated two important concepts:

  • Logging into a website
  • Using a service from a website

Using a standard protocol, a user could, for example, log into Aol.com and then go rent a car from Hertz.com without having to log into their Hertz account. Federated identity allowed distinct websites to enter a business relationship with each other. Using a standard protocol, a website, such as Aol.com, could operate as an identity provider where users had an account with login credentials, while another website, such as Hertz.com, could operate as a service provider where users could then rent a car. As a result, users benefitted from simplified access to services using their pre-existing accounts.

User identity on the consumer internet

Federated identity was built on a loose trust model, which placed a firewall between users’ account information and their service history across providers. In other words, there was no need for AOL to know anything about your rental car history or for Hertz to know your AOL preferences. With the Liberty Alliance, we created extensions to the protocol that enabled services, such as user information transfer and payment processing, to be exchanged between providers.

The adoption of federated identity in the enterprise

The protocols of the Liberty Alliance became the basis of SAML 2.0 when they were transferred to the OASIS standards organization. Accelerated by the prevalence of identity servers and identity access managers that supported the SAML standard from vendors, such as Sun, Oracle, and CA, enterprises embraced the SAML 2.0 protocol as a standard way to perform single sign-on (SSO) across enterprise systems.

However, SSO is only the first step for a successful enterprise identity model since, unlike consumer internet and service providers, enterprise systems have a tight trust model. Many enterprise identity and service providers are hosted by the enterprise itself, and external service providers are subject to intense security controls and compliance to ensure that employee data remains secure.

A direct consequence of federated identity is that all of the data related to an identity is also federated across countless systems. Employee data, for example, is hosted in numerous systems, including payroll, human resources management, and financial and ticketing systems.

Consolidated identity is an evolution of federated identity, specifically for the enterprise. In an organization, there is no need for the firewall between the identity provider and the service provider. The enterprise itself is the primary identity provider and the service providers that provide services, such as payroll and time off requests, do not hold any data that should not be accessible to the enterprise.

In the enterprise, each employee has data spread across dozens of systems, and unfortunately with federated identity, there is no way for the employee to cross those silos – the employee has to log into each system and use its interface to access the data they need. That’s where consolidated identity comes in, providing employees with the same simplified access to their business services that federated identity delivers to consumers.

Here are the five steps to consolidating identity in the enterprise:

  1. Determine which authentication systems are in use and chain an employee’s identity across those systems. A typical enterprise uses one or more directories, such as Active Directory or LDAP, and enterprise mobility management systems.
  2. Consolidate the data associated with an employee. While it is considered incredibly difficult to integrate widespread data, it is much more efficient when the use case is narrowed. Typically, it is only necessary to consolidate the “active data” related to an employee. For example, the requests of the consolidated identity system could be only for open time off requests, rather than every time off request ever made for both active and inactive employees.
  3. Control how data can be accessed. A consolidated identity framework must also include a copy of the rules for how any cached data can be accessed. Most systems use declarative access rules and groups that can be copied along with data to ensure that data is only viewed by appropriate parties. Combining the rules that control how data is accessed with the data itself is a much more efficient mechanism than using mechanisms like data warehouse slices.
  4. Control access to functions, such as micro apps, with identity provider and application groups. In a typical enterprise, there are Active Directory groups, such as “Management”, as well as groups defined within applications like “ServiceNow Administrators”. A consolidated identity system needs the capability to validate a user’s membership in an application’s security groups.
  5. Facilitate writebacks to source systems. This can be performed using an application API with a service account and delegated authentication or a record notation of who performed an action. Another option is to leverage SSO to either deep link into a target application, so a user can perform an action within it, or have the user bounce to an application login page and login via SSO in order to get a user token to pass to an API.

Consolidated identity and the identity graph

A consolidated identity system evolves federated identity by creating an aggregated store of each employee and their entitlements across both identity providers and applications. This “identity graph” enables a new wave of applications that are both employee-centered and secure in authentication, authorization, and data governance.

For more, check out this whitepaper on consolidated identity that I wrote.

Monday, January 22, 2018

Why disrupting government pot policy is so much harder than the taxi commission


This post was also published in VentureBeat.

The recent legalization of recreational marijuana in California and other states now totals to 45 states that have legalized some form of marijuana. However, the federal government has never endorsed even medical marijuana. The Obama administration created rules known as the Cole memo where they decided not to enforce federal marijuana laws if states legalized it. Recently, Attorney General Jeff Sessions reversed this course and stated that marijuana laws would be enforced.

A raft of startups are operating in this tenuous legal gray area, including Eaze, Baker, and Pax Labs. Much like Uber and Lyft flouted taxi commission regulations, these startups are betting that public sentiment and user traction will overcome the existing legal and regulatory environment. Indeed, all of the state legalization efforts were passed by millennial-driven voter ballot initiatives in both red and blue states rather than by entrenched legislators. The citizens want their cannabis, just like they wanted their Uber.

Name brand Silicon Valley investors have been much more reticent to jump into the fray, which is understandable given the legal uncertainty. The void is being filled by seed investors like Snoop Dogg, AngelList cannabis syndicates, smaller institutional investors like The Arcview Group, and foreign firms like Merida.

The big question is, why is there such government resistance to legalizing marijuana? The answer is quite simple, and actually quite similar to the reason for the resistance to ride sharing. Just as the taxi commission and taxi companies were protecting the $3 billion taxi market, the war on drugs is a $76 billion annual business that decidedly does not want to be disrupted.

The government can credibly spend $76 billion a year on a very big problem with 44 million criminals. If marijuana is decriminalized, that subtracts 35 million people from the user count. It’s also hard to justify a war against the 15 million prescription drug abusers in the United States, because the drugs come from large pharmaceutical companies, not across the border from drug cartels.

Without marijuana users and prescription drug abusers, the annual $76 billion war on drugs becomes about just the seven million serious drug abusers who are consuming cocaine, heroin, hallucinogens, and other hard core drugs. That’s just not enough people to justify the huge investment and would constitute an incredibly excessive spend of about $11,000 per user.

Much as certain jurisdictions arrested Uber drivers and regional managers, it is very likely the federal government will actively bring its weight to bear on cannabis startups. Unfortunately for the nascent cannabis startups, the federal government is much more powerful than the taxi commission and regional police forces. Cannabis startups are already forced to avoid the federal banking system, and it is likely the government will use aggressive tools like asset forfeiture to seize profits.

An array of businesses, citizens groups, and legislators from both sides of the political spectrum are aligning to attempt to convince the federal government to change its mind. Both cannabis startups and investors thought they had a clear quasi-legal path to success with state initiatives, but the recent about-turn in federal government policy is definitely going to put a pause on the nascent industry. Disrupting the government is never easy, especially when $76 billion per year of spend is at stake. From that perspective, Uber had it easy.

The author last smoked pot at the tender age of 18.

Tuesday, September 12, 2017

Don’t Ignore Active Data, The Trees in the Big Data Forest


This post was also published on Enterprise CIO.

Big data has been in vogue for years, but many businesses are having a lot of difficulty harnessing value and gaining insights from the voluminous amounts of data they collect. However, there is an often-ignored set of data in the enterprise that is truly actionable, data that I call “active” data.

Active data is “in-flight data” that represents things that are changing or need some sort of action taken to move forward. Active data includes data like open purchase orders, new PTO or family leave requests, sales opportunities that are changing in scope, orders that are shipped late and so on.

Surprisingly, there's a relatively small amount of active data, even in companies with tens or even hundreds of thousands of employees. Yes, there is a lot of data floating around the enterprise, but there are only so many open Purchase Order requests and or Key Performance Indicators—data that employees actually need and use.

The problem with only focusing on big data is that most of this active data is buried in software that employees are reluctant to use. IT spends a lot of time extracting big data out of various systems, but assumes that things like Purchase Orders or sales opportunities are easy for employees to find and use with existing software. However, most of this active data is actually buried in legacy systems and hard-to-use SaaS systems.

Take the sales team for example. They need to know if or when their goals change or if they meet their projections. To do their jobs, they need only a small portion of all of the data they have access to, such as a sales executive’s top prospect running into an issue and filing it with customer support organization, the kind of data that usually falls through the cracks. Big data, on the other hand, can help tune the sales organization, for example making it more efficient in processing leads.

Sometimes the complexity that comes with big data ends up scaring employees away, causing no one to use the data at all. Big data has no effect on the short-term business impact, so employees are less likely to care. Gartner even says that the issue is not so much big data itself, but rather how it is used.

Every department, from IT (ironically enough) to sales to HR, is guilty of not using active data. That’s why it’s important for IT to consider the end user when it comes to extracting data from enterprise systems. IT should consider both the power users and the occasional users of various HR, CRM, or finance systems. Both types of users want access to data. However, an HR representative is a power user of Workday, and is in the system every day examining open PTO or family leave requests. Joe in marketing is an occasional user who just needs to know the status and next steps of his personal requests, his active data.

The IT team is often the most guilty of not distilling big data into active data for employees to act on. When I was the CIO at CBS Interactive, we processed almost one billion events a day that flowed from our web and application servers over message queues to a huge cluster of twelve-core Hadoop nodes that then fed a Teradata data warehouse. Now of course we analyzed that data and distilled insights to better package ad product. But what day-to-day managers needed were Key Performance Indicators like the bounce rate to be easily accessible and to be notified if they shifted unexpectedly.

For IT, big data isn't the end all, be all. Instead, enterprises should focus on the data that matters most to specific users now, so they can be as productive as possible. We know that today’s enterprise software offerings need to be modernized – or go micro as I like to say. According to a Forrester survey, the average worker spends one day a week searching for information across their various systems. And unfortunately, it is only getting worse as the amount of enterprise data doubles every 18 months.

Data should be personalized and delivered to employees in small, digestible sets. It's easy for IT teams to get lost in the process of building out big data infrastructure and forget that data needs to be usable, actionable and personalized. If IT arms employees with the personalized active data they need, productivity will easily increase.

Friday, July 28, 2017

Microsoft’s Slow Creep Back into Mobile


This post was also published on TechCrunch.

Despite an early lead with Windows Mobile and Windows CE — and spending billions on Nokia’s mobile business — Microsoft has been on its heels in the mobile device market since the one-two punch of iPhone and Android launching in 2007.

Over the past five years, Microsoft has staked out a strong position in the pro tablet segment with its Surface Pro. Microsoft is aggressively expanding its Surface line into the notebook and desktop segments. The upcoming introduction of x86-compatible ARM chips and the rise of progressive web apps could drive a return to the mobile market for Microsoft.

Microsoft’s foothold in the pro tablet market

Back in 2012, Microsoft entered the tablet market in full force. While the ARM-based Surface RT failed spectacularly in the tablet market due to lack of apps, Microsoft invented a new category of pro tablets that were as powerful as laptops. Microsoft has had a very straightforward play with its pro tablets: set the expectation that a pro tablet can function as a laptop with a powerful processor, keyboard cover, pen support, floating windows and a dock.

It has taken five years for Microsoft to push through here, and it is working. Apple has been chasing Microsoft in the pro tablet category and recently introduced floating windows and a dock for the iPad Pro. The key for Microsoft has been to iterate on its Surface Pro line to maintain a foothold in the mobile device category and slowly gain market share. It’s difficult to compare iPad Pro and Surface Pro sales directly as both Apple and Microsoft don’t break out unit sales by product. In 2014, all iPads outsold Surface Pros 9x. In 2017, that number has dropped to 5x as Surface Pro sales increase and iPad sales decline.

Surface’s expansion into the notebook and desktop market

Over the past 18 months, Microsoft repeated the Surface Pro playbook into every category of Apple’s Mac OS product line. With the Surface Book detachable notebook, Surface Studio desktop and now the Surface Laptop, Microsoft keeps releasing new, innovative features like detachable screens and the innovative Dial input device.

Apple’s Mac OS products have been a low bar to hit for Microsoft, as Apple’s products have been stagnant in recent years. Apple has focused on changing plugs and weird features like the MacBook Pro Touch Bar. Microsoft will keep plugging away with each of these products until it gets to a fifth of Apple’s volume, at which point the products have achieved escape velocity.

Re-entering the light tablet market

Five years after the ill-fated Surface RT flopped, ARM chips are finally powerful enough to run Windows 32-bit x86 apps in emulation. Emulation is a trick Apple has twice used to move customers from Motorola 68K to PowerPC to Intel x86. The apps run a little bit slower, but they run. There are few complaints as vendors recompile popular apps over time into the new processor architecture. It probably took some strong-ARMing from Microsoft to convince Qualcomm to add x86 emulation to ARM chips, but Windows Server ARM support was likely a good trade to enable ARM growth in the data center.

Before re-launching an ARM-based Surface Tablet, Microsoft will likely ship a Surface Book with an ARM chip that runs apps from the Windows Store. Once Surface Laptops and its cheaper kin from Windows OEMs flood the market, Microsoft will have a successful cross-processor apps strategy that encompasses both x86 and ARM chips. At that point, introducing a Surface Tablet will be no surprise. The Surface Tablets will effectively be Pro tablets that run on ARM chips, with Windows S, Microsoft Office and an entire library of Windows Store-vetted 32-bit x86 apps.

Making progressive web apps Windows apps

On mobile, it’s really all about the apps. In previous efforts, Microsoft tried to pay app developers to port to the Windows Phone. It wasn’t a bad strategy considering there is definitely a power law in app usage and there aren’t that many apps needed to reach critical mass. However, it was quite painful to port apps to Windows Mobile 8, which made it hard to entice developers who were battling to get installs on iOS and Android. Microsoft recently finally ended support for Windows Mobile 8.

Google has been pushing progressive web apps that make desktop websites run virtually like native apps on tablets and mobile. Even media-intensive sites such as SoundCloud now provide an HTML experience that is on par with native apps and can downscale to a mobile form factor and include features like ongoing playback through navigation and a clickable sound wave. “Mobile first” apps have fallen by the wayside to what I like to call “mobile also” apps that can be used on desktops, tablets and mobile devices.

Progressive web apps are very easy to turn into Windows 10 Mobile apps, as Windows Universal Apps can simply wrap Microsoft’s new Edge browser. Now Microsoft can get developers to simply wrap their progressive web apps as Windows 10 apps, which is quite easy to do. And Microsoft can easily convince native x86 developers to make sure that their tablet apps can downscale to mobile. What’s the difference, really, between a 6.5” phone and an 8” tablet?

Microsoft can take its time before introducing a Surface Phone. It will take a couple of years to establish Windows 10 S for the ARM-based Surface Laptop, re-introduce an ARM-based Surface Tablet and let OEM’s like the HP x3 be the test ground for the new Windows Mobile. Microsoft knows people aren’t going to rush out and buy a Surface Phone. To Microsoft, it doesn’t matter. They just need a viable toehold that they can grow into market share over time. Don’t think it can happen? They’ve already done it before with the Surface Pro.

Friday, December 16, 2016

Software is Due for a Bundling Event


This post was also published on TechCrunch.

We are approaching a new phase of enterprise software, where every niche of Software-as-a-Service has been filled and cloud companies are being consolidated into larger companies. Markets have a tendency to cycle from bundling to unbundling, and software is due for a bundling event. The cloud, open APIs, next-generation messengers and machine learning are combining to turn the end-user interface to enterprise software into a unified experience.

There have been attempts to do this, ranging from portal servers like Portal Software, to “Enterprise 2.0” collaboration software like Jive Software, to communications platforms like Yammer. However, none of these have stuck pervasively because they only solved one slice of the problem, various backends were difficult to integrate, it was hard to work with people outside of the enterprise and there was no machine learning to sift through all the data on users’ behalf.

In just the past couple of weeks, Microsoft, IBM and Facebook have all launched next-generation collaboration interfaces for enterprises. Slack kickstarted the reboot of Yammer and Chatter a couple of years ago, and now the big guns are back and swinging.

The key shift in these new messengers is the ability to integrate third-party software that can “push” messages with machine learning to help end users get only the data that is relevant. All of this is built on the rapid proliferation of micro services that allow easy access to most systems, including legacy systems. Some of the platforms even allow full integration of micro apps — simple, single-purpose apps that allow employees to quickly perform specific tasks.

The most convenient feature is to allow end users to drive micro flows, where they can complete simple actions such as approving a purchase order. As I wrote previously in TechCrunch, the unique combination of micro flows, micro apps and micro services is enabling a new architecture I call the “micro wave” architecture.

We at Sapho have had the privilege of working with most of these nascent platforms; here are our impressions.

Microsoft Teams

Key strength: Bundled with Office 365.

Pros: Microsoft’s recent foray into this market is a very comprehensive, well thought-out product. The third-party integration is best in class, with tabs that can support fully contained micro apps delivered by third-party systems. The bundling of Skype’s voice and video features is seamless and performs flawlessly, and even integrates into a channel’s conversational flow. The product out of the gate scales 5x in active users per channel past Slack. This really is a new Microsoft: The desktop version of Microsoft Teams uses Electron and Chromium and the product is available at launch on Windows, MacOS, iOS, Android and, of course, Windows Phone.

Cons: The interface is a bit busy; it packs a lot into the messenger frame. Microsoft will likely iterate on this and clean up the interface.

IBM Watson Workspace

Key strength: Cognitive grouping of messages with extraction of summaries and action items.

Pros: Watson Workspace offers the cleanest interface of all of the new messengers. The product is well planned and architected — like you would expect from an IBM technology, it can scale like a hockey stick. IBM has been a leader in bringing cognitive technologies to the enterprise; with Watson Workspace, it targeted one of the most painful aspects of messengers, which is not being able to find information easily. Watson Workspace magically organizes past messages into clusters and even extracts summaries and action items. It really has to be seen to be believed. The product is also free for users to start using, a first for IBM.

Cons: The third-party integration is excellent, but the ability to integrate a micro app into the interface is still coming. IBM does not jump to top of mind for buyers looking for next-generation collaboration tools. However, IBM has a noteworthy footprint with traditional buyers, and leveraging the Watson product line brand is smart, as it is really starting to get traction with buyers look for next-generation software.

Workplace by Facebook

Key strength: Familiar user interface with algorithmic surfacing of content.

Pros: The top benefit of Facebook Workplace is that everyone already knows how to use it. The interface is just like the consumer version of Facebook. Facebook’s magic algorithm that will surface content in a familiar feed. Facebook’s Messenger has been on steroids under the stewardship of David Marcus and Stan Chudnovsky. Facebook supports external team members out of the box, which is one of the main use cases for modern collaboration tools.

Cons: Facebook’s algorithm is tuned to show you what you would like, whether it’s puppy videos or a Donald Trump echo chamber. At work, people really need to be exposed to data they don’t necessarily like. Facebook has historically been blasé about privacy, and supporting enterprise single sign-on does not make the content hosted in Facebook any more secure. Facebook just announced they will support third-party integrations but does not seem to have a sense of urgency to roll out an ecosystem.

Slack

Key strength: First of the second generation, strong SMB usage.

Pros: Slack offers a clean, fun interface and is free to start using. It was the first to the market with a next-generation messenger client with cool features like autodetecting when code is pasted into a channel, and formatting it nicely. The third-party integration is quite good, but there are no plans to integrate micro apps directly into the messenger. Slack is the up-and-comer with a pure-play bottoms-up sales model, while the competition typically sells top-down to enterprise decision makers.

Cons: Slack has not been able to deliver an enterprise-grade product. Every Slack team runs on a distinct Amazon server running PHP and can’t realistically scale past 150 users. Users have to open a separate window and maintain a separate user name and password for every Slack team they work with, which is especially egregious considering that all Slack teams operate under the slack.com domain. C’mon Slack, put the user database in Amazon’s Redis implementation and pass an auth cookie between servers — it’s a one month project! At some point the kumbaya culture has to start delivering; they need to have some frank conversations in the engineering department that will make some millennials sad.

Google

Key strength: Can bundle with G Suite and Hangouts.

Google is the dark horse in this race. Just add persistent chat groups to Hangouts already!

Where it’s all going

Two of the biggest enterprise players, Microsoft and IBM, are gunning for this market now. Microsoft has an edge with Office 365 bundling and IBM has an edge with cognitive computing. Facebook is a new entrant that must overcome enterprise reluctance with its well-known interface and surfacing algorithms. Slack has been sitting on its laurels and now has to catch up with larger companies that are out-executing it. Google entering the market would target primarily the lower end of the SMB market that uses G Suite and would provide further challenges to Slack.

The exciting part of all of these players is that it is very quickly becoming possible to move beyond messaging and reinvent enterprise workflows with a new, modern interface. At large enterprises, in particular, this is sorely needed as workers become overwhelmed with information and stuck on old legacy software. Onward!

Sunday, September 11, 2016

Why App Development is Going Micro


This post was also published on TechCrunch.

Application development has long been fraught with peril: Projects become bloated, expensive and never ship. Implementation technologies tend to match the bloat, ranging from Service Oriented Architecture (SOA) to Business Process Management (BPM). As Redpoint’s Tomasz Tunguz recently pointed out, growth in Software-as-a-Service is slowing, and a next generation of applications will weave new workflows across existing applications in novel ways

The “micro wave” of services, apps and flows

The “micro” trend in application development is focused on delivering bottoms-up, simple solutions to complex problems. Micro services can easily integrate multiple systems, micro apps can present them as easy-to-consume user interfaces and micro flows allow users to simply complete tasks across systems. This “micro wave” triad of services, apps and flows offers a new way to weave existing systems in novel, organic ways in order to deliver solutions immediately.

Micro services

Interoperability between apps has long been the holy grail of application development. Heavyweight, top-down architectures such as CORBA/IIOP in the 1990s evolved into SOA in the 2000s. Implementing a SOA required enterprise-wide mandates and coordination. Payload standards such as SOAP are heavyweight and fraught with incompatibilities, especially at the authentication layer.

A few companies such as GE have had the discipline to implement a SOA, but for most enterprises, SOA projects have failed to gain widespread adoption. Even after success, the constant divestitures and acquisitions of the corporate world keep SOAs a moving target.

Over the past few years, micro services have become vogue. Micro services are atomic, self-contained services that perform a single operation on a back-end system, such as a retrieving a customer record. The most common interface to a micro service is the well-known and very straightforward JSON/REST/HTTPS paradigm. Authentication is also straightforward and is typically easy-to-use API keys.

The beauty of micro services is that they are incredibly easy to create, deploy and share. New and existing applications can easily call numerous external and internal micro services. Naysayers correctly point out the micro services can too easily propagate like mushrooms, fail to scale and are hard to share and discover. However, these are problems that should be corralled by policy within an enterprise, rather than heavy-handed technology.

Making it easy for apps to organically communicate with each other has spawned a new generation of app creation and delivery that has made it far easier for both enterprises and software vendors to accelerate a new generation of applications.

Micro apps

Since the introduction of iOS and Android app stores in 2008, mobile apps have taken over as many consumers’ primary interface to computing. With the plethora of apps available, it is so difficult to attract consumers to install an app on their device and keep using it. It is therefore very common for vendors to pile a bunch of features into their apps so they can retain existing users with new functionality, as well as attract more users. As a result, native apps are becoming increasingly bloated and hard to navigate.

A new wave of “micro apps” is emerging that are intelligent and context-aware. Platforms supporting micro apps range from interactive Slack and Facebook Messenger bots to Google’s interactive answer boxes, such as weather and flights. These micro apps are typically single purpose and use a combination of straightforward user interfaces and context.

Facebook Messenger’s micro apps are composed of rich bubbles and menus

Micro apps are based on HTML and load dynamically, typically bypassing app stores and loading directly into existing communication tools like Slack and Facebook Messenger. There is definitely pushback to the natural language aspect of “bots.” However, the ability to quickly load interactive micro apps directly into messengers and even search results is quickly gaining traction. Facebook Messenger, in particular, is quickly integrating new features, such as dynamic menus and interactive units, which can do anything, from helping you buy a shirt to ordering a pizza.

Slack’s director of developer relations, Amit Shevat, sums up micro apps very well: “they must do one thing really well.”

Micro flows

Business Process Management (BPM) tools help organizations implement top-down automation of business processes. They are typically very expensive and take a long time to deploy. BPM tools manage long-lived workflows requiring a combination of human interaction and machine-to-machine transfers.

The first foray into micro flows were by companies like IFTTT and Zapier, which move data from one machine to another — for example, moving a Salesforce closed deal to Zendesk. While these services are popular, they have hit an upper bound in traction and revenue. New companies such as Workato are extending machine-to-machine workflows between SaaS systems, but they are very similar in complexity to BPM solutions, with a domain-specific language suited for programmers.

A micro flow in Slack

The new potential for micro flows is in the arena of human-to-machine interaction. Now that messenger platforms like Slack and Skype provide rich, interactive HTML that lets users interact with back-end systems, there is an opportunity to reinvent how users interact with enterprise software.

With micro flows, users can bypass complex and unwieldy legacy systems to perform simple actions, such as approvals. One of the biggest complaints of modern workers, particularly younger workers, is the difficulty interacting with legacy IT systems that have not been upgraded in years. Much like Generation X workers wondering why there were so many typewriters around, millennials are perplexed by the unnecessarily complicated and antiquated systems at most Global 2000 companies.

Even executives and managers can benefit from micro flows for the multitude of approvals that generally require logging into systems they only occasionally use. Many companies have multiple systems for functions such as expenses. Although IT may have a long-term plan to consolidate systems, micro flows allow executives to interact easily with multiple systems through a single interface.

Because micro flows typically require some type of interaction with a user, they can leverage notification features in mobile devices and messengers. Such simple, easy-to-use micro flows make it easy to fully integrate contributors into a more macro workflow.

Onward to a “micro wave” future

The combination of micro services, micro apps and micro flows build on each other to deliver a new paradigm for delivering the next generation of apps. Hopefully we can learn from the lessons of the past and not try to “grow up” the micro revolution.