Oktane19: Adapting with the Times: Building an App Marketplace

Keith Casey: I'm Keith Casey, I'm the API problem solver. One of the things that I do at Okta is I try to work with our customers to do things better, to do things smarter, to make sure that the API's that they're building are secure, that they're reliable, that they're scalable. And one of the things that comes along with that is how people fundamentally think about API's, and how they come about in the organization.

Keith Casey: So we sort of think about API's from beginning to what's next. And so this is the process that we've seen over and over again. The vast majority of API's are not driven by C-level execs. As much as they like to think that digital transformation drives the organization, we know digital transformation means anything you want it to mean. Which as the lady on stage earlier today said, when digital transformation means everything, it means nothing.

Keith Casey: So the way the vast majority of API's come about is they start as private API's, they start as one individual team has a same problem over and over and over again. And after they build the same thing five or six times, they finally say, well wait a second, if we build an API we can stop building this thing. And so they reuse it, they reuse it over and over again. And the people that use that API are the five people sitting in the room with them.

Keith Casey: And that's great. Well success breeds success, so eventually hall hears about their API and says, well wait a second, that makes your life easier, that would make our life easier. We have similar requirements, can we use your API? And at this point usually an architect gets involved, we start thinking about API gateways and versioning, standardization, those sorts of things.

Keith Casey: So we move from five people to five teams. And this is great, this is what we want, right? API's are about reusing business logic. Well at that point somebody else gets involved, and this person usually is a director, a VP, and they say, well wait a second, if our internal teams down the hall can use it, a lot of our partner use cases look like our internal use cases. So can we plug partners into this? And we love this, we love people reusing our API's so we say, absolutely. Let's plug those partners into it.

Keith Casey: And then eventually some C-level executive gets the idea of digital transformation going. And they say, well wait a second, if our partners are using this, can't our customers use this? Because our top customers look a lot like partners. So instead of just creating an API as an internal tool, we start treating it as an external product. And we sort of make this leap.

Keith Casey: Now something important happens here though, we don't end up with just launching an API, at this point the C-level executive goes to our security team and they say, hey security team, we're launching this API next month, it's part of our digital transformation effort, we need a security assessment of this, we need to understand how this is working, if vulnerabilities that go along with this. But don't worry, there probably aren't, we've been using this for a year.

Keith Casey: All the security team hears is, we've been using this for a year. Because they know that anything that they discover at this point has actually existed the entire time. And what's really important to understand here is that our security posture that started over on the left at phase zero, when there were five people using our API, the five people in the room using our API is not the same as where we are now.

Keith Casey: Because when you can look around the room and name the people using your API, you're probably lax in your security. You're probably not thinking about security. Because you know, you know them by name. But something happened in between here. We went from five people to five teams, to five organizations, to everybody. And we never stopped to reevaluate how things are going on. And how things are shared, how things are reused.

Keith Casey: And that comes down to a simple reason, it's because we have three groups that are always at odds with each other. Sometimes they're openly at war with each other. We have the group on the right, the backend developers. These are the people that are building the API. They're quite often, us. They're trying to make sure that the nouns and verbs line up, they're trying to make sure that the response codes are right, all that sort of thing.

Keith Casey: Then we have the group on the left, the front end developers. The people that are integrating those API's to build useful apps for our customers. And these two groups have something unique, they have two goals in life. Build something useful, where being useful is, it gets more usage, it satisfies customer needs, it drives revenue. And their second goal in life is to go home. That's it. If you do anything that gets in their way of either one of those things, they'll be very angry, right?

Keith Casey: Now if you could do anything that accelerates those things, that's great. That's what we should do. So the easier, the faster, the better we can build things so that they don't get calls at 2 a.m. for issues. So that they can actually go home on time and go catch that movie, and spend the evening with the family and kids and stuff like that, that's great. The problem is that group in the middle.

Keith Casey: That group in the middle is our security architects, they have one goal in life, and that's to say no. Now actually that's not fair, security architects they have one goal in life and that's to protect the organization. That's their entire goal because when Equifax has a hack, when British Airways has a hack, nobody goes to their developers and say, what do you do? They go to security team and they go, why are you working here? Why do we hire you people? You didn't protect our organization.

Keith Casey: So we end up in this really bad, awkward position. So we really kind of need to rethink how we're building API's and how we're doing these things because if we don't do this well, the consequences are getting bigger, more catastrophic, and they're only gonna get more painful over time. And so with that I wanna introduce Ken Bryant to the stage because one of the things that we've seen in the last few years is Pitney Bowes has done this. They've rethought how they're building it and designing API's from the ground up.

Keith Casey: To be able to take that from that individual team building API's to enable partners, to enable well, what's next?

Ken Bryant: Exactly.

Keith Casey: And that's actually what they're gonna share with us now.

Ken Bryant: Thank you Keith.

Keith Casey: Ken, take it away.

Ken Bryant: Appreciate it. All right before we get started, I'll tell you a little bit about Pitney Bowes. I think the theme of this Oktane, this hundred year old company is because I think we've heard that like five times every day. Pitney Bowes is another hundred year old company, right? It started back in the 1920s with the postage meter enabling commerce at locations, sending mail, getting mail sent out. And over the next 85 years, we evolved our meters and sending postage. And then something happened, the mailing industry began to decline.

Ken Bryant: So we had to look at where is the industry going? The industry went to shipping. Shipping anything and everything, so we began to venture our way into the shipping business from a software perspective. How do you do that, right? So how do we do that? We started, again, we have this concept in Pitney Bowes called, up and to the right. Up and to the right. And if you look at this graph, this graph starts low and to the left with physical software, hardware, on premise.

Ken Bryant: And as you begin to move up and to the right, you begin to see that now we're about business outcomes, and our customers being able to consume our business outcomes. And how do they do that? They do that through the Pitney Bowes commerce cloud. We began to move our key resources and enablers into the cloud, into the web. So our customers can consume our products, services through a cloud-based way. How do we do that? We identified three key enablers.

Ken Bryant: One is design. We looked at Pitney Bowes and we defined how we were gonna design how all of our products were gonna look, feel. How customers are gonna interact with them, and we identified a common experience for all applications. Whether they were on a web, whether they were on a device, whether they were on a mobile phone. The next thing, and we talked a lot about this at Oktane this year, is data.

Ken Bryant: Data is powerful. We collect data, we perform analytics. We grow ourselves. We give our customers better outcomes, better deliverables through analytics and data. And finally cloud enable. Cloud enabled is all those foundational technologies that allow us to build those applications rapidly, it's what Keith was talking about. About being able to give your developers the ability to bring their services to the edge and to our customers faster, stronger, better.

Ken Bryant: There's a whole lot of things that are involved in cloud enabled that I'm responsible for that I'm not gonna talk about. What I am gonna talk about is part of that is our security. Our authentication. And that's where Okta comes into play. When we looked at security three years ago when we started with Okta we looked at it in three distinct phases. Phase one was users. We secured all our users, SSO, SAML, OIDC, all of those things. And we bullet proofed our users being able to access our assets.

Ken Bryant: Our second phase was our services. Our services, where Keith was talking about now we begin to look at our API economy. Our services are our API's. How do we secure our API's? We worked closely with the Okta team, and we enabled O-op flows and we connected our API's to Okta to allow for that strong security.

Ken Bryant: Our final rung of our security was Stings. So how do we secure our things? And this term things mean, our meters. How do we bring those into the ecosystem with our services and with our users? So I'm gonna talk a little bit about that today and how we did that.

Ken Bryant: Our meters are now termed connected sending devices, why? Because they are connected to that commerce cloud ecosystem that we talked about. We built an authentication service, put it on those connected sending devices, went with an operating system that could support that in android. We then connected that to Okta. So now we know the CSD, and it's security. We know the users that log into that CSD. And our authentication service manages and controls all of that access when they're on, when they're logged off, when they need to refresh.

Ken Bryant: So now we have our CSD at locations all around the world, connected to us via Okta, and totally secured. This is great, right? We now we have our users, we have our services, we have our things all secured by Okta. So how do we take that to the next level?

Ken Bryant: One of the ways we looked at taking that to the next level is Keith talked a little bit about API's. You start off with API's internally, you move to a couple of teams. And then you move outside of your organizations to customers. Well in Pitney Bowes we have exactly that model. We have in the nature of 600, 700 API's. Some are internalized only, some our externalized. But they all go through the same process. They're all documented the same way. They're all exposed the same way. And they're all secured the same way.

Ken Bryant: So we have our developer portal, depending on your access level as a partner you can access a certain set of API's. As an external developer you can access a certain set of API's. As an internal developer you can access a certain set of API's. And those developers now have the ability to take those underlying services that we offer, some of them business services, authentication, authorization, provisioning, billing, payments. And build those into those apps, they don't have to worry about building those services, we provide them as common services.

Ken Bryant: We also have value added services in there, shipping, tracking, rates, location intelligence. All of these exist in our API store, and they're externalized for our developers and partners to work with and build applications for us. Now we take that even further, or to the next stage of our evolution. We now put those applications of give access to those applications that were being developed via our connected sending device.

Ken Bryant: So now not only does our device do mailing, does shipping, it can do tracking. You can have calendar apps. The possibilities now become endless and what you can connect through to through this device, or on the web. And application, once you develop it, doesn't matter whether it's deployed on a device, or whether it's deployed on the web. All of this is still fully secured by our Okta. All of our users, services and things now all working together along with our API management platform where we service all of our API's to our public, to our internal developers.

Ken Bryant: And if you notice, I didn't put a whole bunch of lines on this slide, I try to keep it simple. It's really about managing the users and the things access to our backend services through managing our tokens and security through Okta. Okta is foundational in securing this entire ecosystem that is now global in accessing resources within Pitney Bowes.

Ken Bryant: So how to productize this? This is all the technology side. It's a fabulous road getting to this point, but how do you actually turn this into revenue? That's what we're all in the business for, right? We're all in the business for making money. So who I'm gonna bring to the stage to follow me is our SMB chief architect, Zahid Amed, and he is gonna explain to everyone, how do we turn this into a product?

Ken Bryant: Zahid?

Ken Bryant: Here you go sir.

Zahid Amed: Thank you. Hi everybody. So yeah, Ken and Keith gave us a very good introduction to how to secure API based services. And I'm gonna go through how are we gonna monetize these services and apps in some detail here. At Pitney Bowes we are developing an app marketplace. And this app marketplace will have apps from partners, from Pitney Bowes developers. These apps would be web apps, cloud apps, mobile apps. Also CSD apps. Of course CSD is our flagship device, and it's android platform based device.

Zahid Amed: And there's a lot of financial capabilities within CSD itself towards our customers. Who are our customers? SMB's. And these SMB's could be retail oriented SMB's, they could be auto part suppliers, they could be legal law firms, they could be dentist office, they could be other types of small SMB businesses. So we have over 100,000 to maybe a quarter million SMB's using our services and our devices in different maturity levels. This is our modern platform based on android.

Zahid Amed: And so around the android platform our goal is to develop this app marketplace. It's gonna be Google app marketplace powered using Google. And it's gonna also be using Play Store for android apps distribution, but Enterprise version of Play Store. And we are gonna be using Okta for identity services towards SMB's as well as seamless partner web app, as well as partner android app access.

Zahid Amed: So as Ken was talking earlier, we have our service enablers in the connected sending device that inter operates with the Okta IEDP, and that gives us ability to have application specific tokens for android apps, but also it gives us federated access to partner apps on the web. And so this really opens up the platform, and it's a very critical piece in extending our SMB ecosystems towards digital apps and services, towards a relatively very old fashioned SMB customer segment that is now that modernized yet.

Zahid Amed: But they need to have access to these modern digital applications to better do their business, better connect with their customers. So it's gonna be an NT cloud service marketplace that essentially is a buzz word that we will have partner apps from other ecosystems. So partner apps from Google cloud marketplace. Partner apps from other SMB marketplaces. We are gonna be curating those apps, and have seamless access through single click access on those apps. And integrate with our PB.com, Your Account portal which is already SSO enabled with our Okta IDP.

Zahid Amed: Unified user experience that's really around branding in many ways. We wanna have a consistent experience for across the whole PB cloud ecosystem, the Your Account, the Okta login, the app marketplace. And we wanna open up the app marketplace for towards also lending services so PB has, Pitney Bowes has global financial services, a revolving accounts for SMB's backed by a banking infrastructure. I know recently you guys might have heard about Apple having a lending service. We've had a lending service for 20+ years towards SMB's.

Zahid Amed: So we're gonna open up that through the app marketplace as well eventually and there'll be more details around that. Moving on, this is our high level architecture. And as this kind of shows high level, the name of the game is to drive more partner and PB develop app though this app marketplace that are relevant and valuable towards SMB's. Many of them will be free applications, many will be try and buy applications. Some would be subscribable applications. You know, monthly subscriptions or quarterly subscriptions.

Zahid Amed: But they all will go through the Okta IVP in terms of access. So the SMB's are gonna come to the PB portal through the Your Account, they'll have single sign on access through Your Account to PB marketplace. Federated access to PB marketplace running in Google cloud. And android apps, web apps being available there. And then they can use those apps through either the web channel or through the android CSD channel, or other mobile hand-held devices. Initially it's gonna be mostly android tablets, but we'll have to see how we open up for iOS applications well down the road.

Zahid Amed: So that gives you a quick overview on the architecture stack. And it is using the API platforms in the backend, the commerce cloud services, so all the API securities are the box available to the marketplace and the service ecosystem towards SMB's. And let's go through the demo quickly. The app marketplace is going to be a pre-beta launch later this month. We're gonna go and buy a docu-sign app, docu-sign is a very well known SMB cloud services application.

Zahid Amed: This user hasn't signed in to the marketplace, he was interested in buying the docu-sign app, so at purchase time he went ahead and logged in. We had a PB login page powered by Okta IDP. And now he's going ahead and checking out the docu-sign application at $40 per month per user, subscription license fee. He went to his email inbox and as you can see there's no email acknowledging yet, and the purchase was made, and that's because he hasn't checked out yet. So he's going back there and now he's going to go ahead and make a checkout with a credit card on file.

Zahid Amed: And then it's gonna be a yearly cost $480 a year for one user. These are relatively expensive applications. And then the purchase is completed there. And then he's gonna go ahead and look at the purchase statuses in the app store. And of course the purchase has been completed there. And then he's gonna look in the invoices and there is an invoice for this particular transaction in the app store as well.

Zahid Amed: And after the invoice has been confirmed by the user he can go ahead and look at his email again and see if he got any confirmation from the PB app marketplace. Typical user experience that you would see an any app store. This is an example of a cloud application, but this could have been an android app as well, and it would have gone through the Enterprise Play Store. And now he's going ahead and activating his docu-sign application. He had a docu-sign email as well sent to him as a confirmation. And there he went ahead and set up a docu-sign account from the email confirmation from docu-sign.

Zahid Amed: And once he activated his account on docu-sign, then he's now a licensed customer to use docu-sign after purchasing it from PB app marketplace. Now of course he created an account on docu-sign site. Some partners you don't need to create an account, there's full single sign on experience. Here he had to create an account, there's different security considerations by different partners. I wouldn't consider that as a maturity issue as more of a security choice that docu-sign made based on talking with the docu-sign folks.

Zahid Amed: But once he did have the one-time access through a docu-sign login, then after he comes back to the docu-sign application from the app store he can click on more info and then basically have single sign on access to the app after that. So there is an activation step here on this particular partner, but there are other partners where that activation is 100% seamless access. You know, the activation is done as part of the same single sign on click through. So that gives you a good sense of exploring apps on the app store, buying an app, and then having single sign on access to partner apps from the PB SMB ecosystem.

Zahid Amed: So I think we are on the Q&A now, that went through a bit fast, but if you have questions, happy to answer any question from the audience here.

Keith Casey: So quick question, when does this actually launch for Pit Bowes?

Zahid Amed: So it's gonna be the pre-date it's gonna be launching in the April 23rd I believe you know.

Keith Casey: A couple weeks.

Zahid Amed: And with about four partners and six Pitney Bowes developed apps. And the Pitney Bowes developed apps are gonna be all the connective sending device application running on the android platform.

Keith Casey: Nice. So we went from internal API's to teams, to partners, to customers, and now an entire app ecosystem. What's next?

Ken Bryant: That's the perfect question 'cause I'm trying to figure out what I can present next year. I think we continue to build out this app ecosystem. We have, like I said, we have external developer portals, we have internal developer portals. So we're building a wave to encourage our developers as well as external developers to kinda get on this bandwagon and to begin to build out this ecosystem. Like I said, if you can imagine, you think about our connected sending devices, there's over a million of these devices around the globe.

Ken Bryant: So if you really begin to think about the ability to touch a million customers with your technology, or your app, or your value proposition for an SMB, right? There's a huge huge opportunity for anyone. So for us on our side where I do the infrastructure side, I wanna continue building and making this simpler. We have an SDK coming out where if you're building an app, just like Zahid, you don't need your own authentication. You can wrap that using our SDK and utilize our authentication to now enable that application that is third party, but it will all go through our ecosystem.

Ken Bryant: So our goal now is to continue to improve this ecosystem to allow more and more applications to be built and serviced within Pitney Bowes. And just continue, just like your goal at Okta is more integrations, more integrations.

Keith Casey: Infinite integration.

Ken Bryant: It's that ecosystem, right? Our ecosystem is we have insight to all of these SMB's. If you remember what I talked about, about our platform, we also collect data. So we can give you insight into what all these medias are doing, what people are shipping, what people are sending. Right? And now that ecosystem for us has reached these SMB's through us. We will help you do that as partners.

Keith Casey: Nice. So, Zahid, on the technical side, can you share maybe one technical dead end that you hit? That you can encourage people to avoid?

Zahid Amed: Yeah, I think the SMB onboarding part is very very critical. So in retrospect we should've spent more time on the customer onboarding part, and I think it's not as much the technology there. Again, the technology was already pretty mature-

Keith Casey: So it's the enablement around it?

Zahid Amed: It's the experience part. The experience and the branding part. So I think because we are trying to get a Google cloud-based marketplace, a PB SMB ecosystem in Okta IDP all inter operating, it's all about that experience that it needs to be, the branding part needs to be consistent. So we're still in the maturity curve there. And it's gonna be the lifecycle management around SMB's. The lifecycle management around partners. The lifecycle management around apps. Web apps and android apps.

Zahid Amed: So this is a maturity curve we need to go through on partners and developers, the enablers you know. You guys are way ahead in that maturity towards your partners, but now we're hoping that you guys can help us mature ourself toward our partners.

Keith Casey: Excellent.

Zahid Amed: So this is a dog food type situation, you know we're eating our own dog food here.

Keith Casey: Excellent. I think we've got a question out there.

Speaker 4: Thanks so much. I'm wondering if you can share anymore about how you think about pricing models?

Zahid Amed: Yeah, so on the pricing models, as I said, there's a subscription model that could be monthly, quarterly, annually. There's a try and buy model. There's in terms of payment methods we have credit cards right now. We're very soon gonna also make available a Pitney Bowes developed financial service capability that's also manifested as a credit card.

Keith Casey: Is there a per transaction pricing model?

Zahid Amed: We're selling apps so that the apps are purchased as transactions, so yeah in that sense there is. But I think the question behind the question is that as an app, if there is a pay per use type model, yes we are thinking about the pay per use model. So that really connects the services economy very closely. Services and API economy. So yeah, there are some partners who want that pay per use pricing model. And we're gonna have that maybe in about 3-6 months depending on the partner.

Ken Bryant: I wanna add to that our ecosystem supports that.

Keith Casey: Okay.

Ken Bryant: Subscription model, usage models. All of the above.

Keith Casey: Fantastic, so you can do a consumption based model, subscription based?

Ken Bryant: Absolutely.

Keith Casey: Fantastic. Not seeing any other questions. I wanna thank Ken and Zahid for coming today. And for the presentation this week. Thank you.

Zahid Amed: Thank you, Keith.