Welcome!

Microservices Expo Authors: Pat Romanski, Elizabeth White, Kevin Jackson, Yeshim Deniz, Jason Bloomberg

Blog Feed Post

API Management as a Platform

Why should you think of API management as a platform? Because it’s becoming one of the most prodigious and important aspects of how Enterprises of all sizes participate in the digital economy.Keeping in line with the standard platform technology definition, an API management platform  supports the deployment of Enterprise APIs without the introduction and expense of a new process or technology. A platform allows the management of APIs as a first class citizen for the Enterprise.

API Management as a Platform

In J.K. Rowling’s novel “Harry Potter”, choosing the right platform makes all the difference.

To date, many of the discussions around API management from vendors and analysts alike have been very technology or implementation focused. This is understandable as APIs tend to appeal to a technical audience. The details are great but sometimes it is worthwhile to step back and look at general capabilities.

If we take the wider view, what sort of capabilities or functional modules should an API Management platform have?

Gartner’s Eric Knipp released new research last week that begins to define API management as a complete platform. The research is entitled Run and Evolve a Great Web API with API Management CapabilitiesNot everyone will have a Gartner subscription, but I think this research will be one of the most important for Enterprises looking to deploy API management due to the breadth of material it covers.

In this research note, Eric is one of the first analysts to describe a comprehensive set of capabilities for API Management.

API Management Platform Capabilities

He breaks the topic into four categories which he calls (i) enable developers, (ii) manage the API life cycle, (iii) communicate securely, reliably, and flexibly, and (iv) measure improve business value.

Enabling developers includes all aspects of managing API metadata, the API catalog, community management, and also includes interesting capabilities such as developer API customization which is an advanced concept that really puts the developer in control of the API. Here the developer can morph the interface to their liking, allowing the consumer to effectively participate in the interface design. It really puts the developer at the center of how data is accessed. Also, this category expands the discussion to include the notion of SDKs and sample code that developers can directly incorporate, moving one step beyond just providing interfaces definitions.

Managing the API Life cycle includes how APIs are published, how versioning is handled as well as changes and issue tracking. For example, an API management platform needs to have CRM capabilities and ticket tracking, truly treating the developers as customers.

Communicate Securely, Reliably, and Flexibly includes all aspects of surfacing APIs from legacy systems, scaling traffic, handling authentication, SLAs, building service orchestrations, and providing threat defense and data privacy. This is the largest category  in terms of the sheer number of capabilities and approximates the “runtime”or “traffic’ portions of moving data in and out of interfaces.

Measure and Improve Business Value includes all the capabilities needed to relate APIs to the business as well as measuring uptime, activity, user auditing, contracts and terms of service, and SLA monitoring. This generic set of capabilities answers the questions: Is my API providing value? Is it up and running? How are business relationships maintained?

One of the merits of this article is that it does a great job of outlining precise requirements without diving into  specific implementation choices. As with most things that involve software and technology, implementations can have different physical instantiations but still support a consistent set of common capabilities. Talking in capabilities allows decision makers to stay out of technology “rat holes” that can color  and bias business decisions.

Long Live APIs

This research note advances the discussion around API management by widening its scope and purpose, moving it from a technology discussion to a capability and platform discussion. Early in the article Eric widens the definition of APIs.

He explicitly covers messaging APIs, SOAP APIs and custom APIs in addition to RESTful APIs. I think this move is absolutely correct. Not only does it more closely approach the original definition of the term, but it matches well with the idea of subsuming the older SOA terminology to militate under a new banner of APIs, similar to a previously article I wrote on the subject, Long Live API Management.

We are only killing the name, not the act of service enablement. Eric’s article seems to represent APIs as big concept, including the full suite of programmatic access whether realized as REST, JSON, XMLSOAP, XML-RPC, Messsage-Oriented-Middleware (MOM), FTP and file protocols, as well as (correctly) broadening the definition to include software development kits and sample code. One can even go as far as to say any programmatic interface is an API – and voila,  APIs are regaining their original definition as a true application programming interface. The lesson here is to ditch the jargon and apply what works for the Enterprise.

Eric also makes some statements around APIs  a universal tunnel to the Enterprise and correctly describes them as follows: “As a programmatic channel into your enterprise, it is critical that you identify and address any attacks or misuse of your API”.

This critical point highlights the importance of APIs moving forward, if businesses like Expedia are doing 80% of their revenue through APIs,  it’s APIs that are the front door to your Enterprise, and by implication, apps that send and receive data over this channel, – not necessarily the website.

Attackers always look for the weakest link, and APIs are largely wide-open at this point. Many of the existing 30,000+ APIs in the wild have been optimized for rapid adoption and bolstering a developer ecosystem, not for protecting Enterprise assets.

This is why APIs need rock-solid, bulletproof API management for increased protection.

APIs and Data Protection

Eric also mentions encryption under the data privacy category and talks about both transport level security and message level security. To expand the discussion here we can also add things like JSON message level security, format preserving encryption and even the “ancient” WS-Security/XML Security protection mechanisms here. I was also excited to see the inclusion of data masking. Eric describes this as two-way, which I think is the correct approach though my terminology would be different as we use the term tokenization here, but the concept is the same. The distinctions we use in our product line include redaction (for one-way removal of sensitive information) and tokenization, to indicate a reversible mechanism for replacing plaintext with a surrogate.

I can’t reproduce Eric’s entire article here, but it’s definitely worth a read and matches what we are hearing from Enterprises today – it’s about understanding and supporting the breadth of capabilities.

If you’d like more information on Intel’s API Management products, please visit our website.

The post API Management as a Platform appeared first on Application Security.

Read the original blog entry...

More Stories By Application Security

This blog references our expert posts on application and web services security.

@MicroservicesExpo Stories
The reality of data ubiquity is here—data is buried in operational statistics, machine logs, stacks of overflowing tickets and customer details, among other things. How can any user get valuable information amid this rapid influx of data? Imagine a situation where your firm’s revenue takes a hit owing to an unexpected failure in some business process. It would be a nightmare for IT admins to sift through the interminable piles of data to deduce exactly why and where the problem occurred. To sav...
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
There's a lot to gain from cloud computing, but success requires a thoughtful and enterprise focused approach. Cloud computing decouples data and information from the infrastructure on which it lies. A process that is a LOT more involved than dragging some folders from your desktop to a shared drive. Cloud computing as a mission transformation activity, not a technological one. As an organization moves from local information hosting to the cloud, one of the most important challenges is addressi...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
In the decade following his article, cloud computing further cemented Carr’s perspective. Compute, storage, and network resources have become simple utilities, available at the proverbial turn of the faucet. The value they provide is immense, but the cloud playing field is amazingly level. Carr’s quote above presaged the cloud to a T. Today, however, we’re in the digital era. Mark Andreesen’s ‘software is eating the world’ prognostication is coming to pass, as enterprises realize they must be...
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
Hybrid IT is today’s reality, and while its implementation may seem daunting at times, more and more organizations are migrating to the cloud. In fact, according to SolarWinds 2017 IT Trends Index: Portrait of a Hybrid IT Organization 95 percent of organizations have migrated crucial applications to the cloud in the past year. As such, it’s in every IT professional’s best interest to know what to expect.
A common misconception about the cloud is that one size fits all. Companies expecting to run all of their operations using one cloud solution or service must realize that doing so is akin to forcing the totality of their business functionality into a straightjacket. Unlocking the full potential of the cloud means embracing the multi-cloud future where businesses use their own cloud, and/or clouds from different vendors, to support separate functions or product groups. There is no single cloud so...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...
Companies have always been concerned that traditional enterprise software is slow and complex to install, often disrupting critical and time-sensitive operations during roll-out. With the growing need to integrate new digital technologies into the enterprise to transform business processes, this concern has become even more pressing. A 2016 Panorama Consulting Solutions study revealed that enterprise resource planning (ERP) projects took an average of 21 months to install, with 57 percent of th...
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, Doug Vanderweide, an instructor at Linux Academy, discussed why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers wit...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Colocation is a central pillar of modern enterprise infrastructure planning because it provides greater control, insight, and performance than managed platforms. In spite of the inexorable rise of the cloud, most businesses with extensive IT hardware requirements choose to host their infrastructure in colocation data centers. According to a recent IDC survey, more than half of the businesses questioned use colocation services, and the number is even higher among established businesses and busine...
For most organizations, the move to hybrid cloud is now a question of when, not if. Fully 82% of enterprises plan to have a hybrid cloud strategy this year, according to Infoholic Research. The worldwide hybrid cloud computing market is expected to grow about 34% annually over the next five years, reaching $241.13 billion by 2022. Companies are embracing hybrid cloud because of the many advantages it offers compared to relying on a single provider for all of their cloud needs. Hybrid offers bala...
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.