Drinks company Diageo, whose brands include Guinness, Smirnoff and Johnny Walker, is contemplating introducing a lightweight middleware layer to better manage the APIs that govern the software services it uses.
Dragan Pendić, chief security architect at Diageo, explains how the change programme, which abuts on information security but goes beyond it, too, will underpin Diageo’s digital strategy for the next three to five years.
The company has a global business, operating in 180 countries, and sees future growth emanating from emerging economies such as Brazil and China. It is also is at the leading edge of digital marketing, a pioneer in exploiting social media and mobile technology.
Pendić is speaking at an Enterprise Architecture and its Application conference in London on 19 September about Good APIs: key to your enterprise service delivery strategy.
He describes the context of the kind of changes his own company is thinking through as one of “multi-platform development, multi-domain interactions, and the omnipresence of data and devices”.
He points to “operational challenges such as BYOD, increased mobility and cloud adoption, but also amplification of traditional issues regarding poor system performance, and ineffective security – DDoS [distributed denial of service], web app attacks, passwords breaches, and so on.
“[But] what all great mobile applications and cloud services have in common is a good set of APIs."
He says that from September 2012 he and others in a senior team have been developing an approach to managing the APIs of the services between Diageo, “which is fairly heavily outsourced” and its suppliers.
“We’ve been trying to get beyond the legacy way of [application] integration which is very point-to-point, and fairly laborious. Also, from a security point of view, the model of firewalls and intrusion detection systems is no longer applicable since there is limited visibility into the messaging level [to and from applications supplied as a service]."
For more on API management
- What is API management?
- Farquharson on API management: 'Focus on business-developer relationship'
- Dell Boomi and other integration providers jump on API management
And so, they are “looking to have a lightweight middleware layer that will manage the APIs”.
He confirms the project team has been in discussion with potential vendors, but that technology choice is for a future stage. He expects the changes to take effect in 2014.
He says that “this goes beyond information and security management. It is more of a holistic strategy for the organisation as a whole.
“Its impact will be cost-reduction in our relationships with our service providers.
“It's one component to support Diageo’s digital strategy, which is cutting edge in terms of digital marketing. So this approach to managing the APIs will be part of the platform for the company's digital marketing for three to five years to come."
He gives as an example of the company’s latest digital marketing efforts: context-aware smartphone vouchers for Guinness. These use near-field communication activated on Guinness founts in pubs. By tapping a smartphone on the harp insignia you could find yourself holding a free pint of stout.
Pendić argues for “an automation of the web services that we use today. The model is one-to-one at the moment. If you can move to one-to-many or many-to-many you could open up unforeseen processes. You can achieve much more elasticity and agility through automating business processes in this way."
“And, from a security point of view there are new threats coming to APIs that people aren't even aware of yet."