This is a guest post for the Computer Weekly Developer Network blog ‘penned’ by Maurizio Canton in his role as CTO for EMEA at TIBCO Software.
Canton has been vocal on the ubiquity of Application Programming Interfaces (APIs) before now and argues that Google’s US$625 million acquisition of API management vendor Apigee is a significant validation of this technology’s importance.
Further here, Canton argues that the Google purchase is a move that reaffirms how security is a critical concern when exploring the undeniable potential that exists with API development.
TIBCO’s Canton writes as follows…
Harnessing the power of an API platform as a slick gateway to digital transformation can be a game changer in the delivery of a more personalised omni-channel engagement expected by today’s hyper-connected customers.
The traction isn’t sector-specific, but the airline industry serves as a good illustration as big name operators extract far greater value from the wealth of passenger data by sharing it with external developers who can incorporate the intelligence into their applications. This injection of innovation enhances the customer offering and brings more fluidity to a traditionally complex IT infrastructure to create new opportunities. Furthermore, enabling the business to tap into outside talent pools and reap the rewards of this external objectivity can enhance the offering in a relatively fast and inexpensive manner.
The impact on the customer experience is just one of many benefits but even here, the obvious potential can all too easily be tempered by the heightened security risk that comes with greater data exposure and accessibility. Quite simply the use of APIs have provided hackers with more options than ever before, with their activity no longer confined to just one application but spread across a plethora of services as access point swell thanks to more client devices from traditional desktops to mobile devices and even smart televisions.
It’s a threat compounded by the fact that for many software developers focused on creating compelling applications, the actual control of access and consumption of data is way down in the pecking order of priorities. Yet as APIs emerge as a chief enabler of interactions between objects connected to the Internet, control is critical to achieving data security and privacy in the digital enterprise to ensure that sensitive data is not leaked. Recent history is brimming with examples of big name operators that have fallen foul of the data vulnerabilities ripe for exploitation.
Car telematic apps created to access non-critical features such as climate control and battery charge management from anywhere across the internet are a notable example, routinely leaking much broader historic driving data that can provide a more detailed picture of a customer’s driving habits and in turn present serious privacy issues.
There’s no doubt that the market has been slow to embrace the necessary solutions that help on-board and manage in-house and third party developers and determine which apps, developers and can access which APIs and secure data in line with regulatory requirements. Broadly speaking, such solutions bring APIs under a centralised control to enable security and other policies to be applied in an ordered and systematic way.
For many, adopting the proper precautions when opening access to their internal data and business functionality demands a shift in mindset and approach in which security, control and scalability become an integral part of the API strategy rather than a nice-to-have add on or afterthought.
Lifting the lid
Access control becomes pivotal to any solution if the developer community is to be properly managed combined with the kind of sophisticated analytic capabilities that offer a focus, overview and insight to exactly what is happening. Lifting the lid on usage patterns provides a broader overview and understanding enabling a more intuitive and proactive management rather than simply reacting to issues once the horse has bolted and damage has already been done.
Furthermore, these are the kind of measures that offer the reassurance for those at the other end of the spectrum, who rather than being caught napping with insecure APIs, have been so risk adverse that it has deterred them from pursuing an API strategy altogether. With security products available in the cloud, on premise or hybrid, allowing you to scale, monitor and distribute your APIs, the new breed of solutions are flexible enough to suit all demands and situations.
So taking stock… there’s no reason why businesses can’t embrace the agility an API strategy affords without compromising on security, the two need not be mutually exclusive as long as the correct measures are in place. Striking this balance is an investment worth making to underpin the future of your digital enterprise.