The API is an essential enabler of digital transformation. APIs represent one of the key technologies helping smart organizations react quickly and effectively to the constant changes inherent in today’s application economy. Understandably, many companies that have not yet launched API programs are keen to do so as soon as possible. But launching an API program is not something to be rushed into. Opening the enterprise backend via APIs has serious security and performance implications that must be addressed in advance.
Recent research from Freeform Dynamics (sponsored by CA Technologies) shows organizations that invest the most in planning, preparation and infrastructure see the strongest benefits from their API programs. The fact is, enterprises that take a little time to put the right API infrastructure in place can actually be quicker to market with APIs that create real business benefits.
How Mature Are Enterprise API Programs?
The API is hardly a new technology. The genesis of the specific RESTful Web API style behind present-day enterprise API programs is usually traced back to the launch of Salesforce.com, more than 15 years ago—several lifetimes in the tech world. Since then, many enterprise IT teams have gained some experience of API-style integration through using Service Oriented Architecture and Web Services to connect and repurpose internal systems. These teams are relatively well-placed to deploy the kind of APIs that will enable mobile apps, Internet of Things (IoT) and so forth.
But it would be a mistake to assume the Web API is an inherently mature technology that can be safely and efficiently deployed within the context of a standard enterprise IT infrastructure. APIs require a specifically API-centric set of security and management practices. The evidence shows these practices cannot be treated as an afterthought and the companies that get most benefit from their APIs are those that base their programs on a solid foundation using API security and management.
The Freeform Dynamics report, APIs in the Digital Enterprise, uses responses from more than 1,400 business and IT professionals to look at the maturity of API programs. It finds that 51 percent of organizations with advanced API programs have put the correct tooling and infrastructure in place, compared to just 19 percent of those with limited programs. The report calls out security as a particular area of concern and notes that the most successful API programs implement strong, centralized security infrastructure from the beginning.
Building Everything On a Secure Foundation
I should note that I’m using the phrase “API security and management” as shorthand for an end-to-end process that goes beyond simply securing and managing the performance of APIs. It’s meant to encompass everything from interface design to developer enablement to lifecycle—an approach the API Academy calls “API360.” Every stage of this process should be based on a firm infrastructural foundation, but many enterprises still display signs of immaturity in regard to the practices and technologies required for end-to-end API management.
The research makes it clear it’s those organizations with a solid API infrastructure in place that are the most mature in terms of their API design, security and management practices. And it is also clear that these enterprises are seeing the best results from their API programs. Furthermore, it’s not always the organizations you would expect that are displaying the clearest signs of maturity—with public sector API programs emerging as perhaps-surprising leaders in this field.
So, don’t rush into an API program. Take the time to put the right infrastructure in place and you’ll ensure that, in the long term, your organization is set up to be quick to market with the secure, high-performance APIs it needs to meet the demands of a rapidly-changing and competitive environment.