SlideShare uma empresa Scribd logo

Deep-Dive: Rethinking Governance in an API-First World

Apigee | Google Cloud
Apigee | Google Cloud

To realize the true benefits of an “API-first” approach and the efficiencies that an API platform can bring, organizations should view governance from a fresh perspective. In this webcast, we will explore new approaches to API governance, including: - best practices to help organizations scale their API program - how governance can enable security and compliance - how to execute API governance throughout design, implementation, and runtime operations Listen to the podcast version here: http://bit.ly/1hjO74T Watch the full recording here: http://youtu.be/HKmw9gfMOxE

Tecnologia
1 de 28
Baixar para ler offline
Deep-Dive: Rethinking Governance in an API-First World Chris von See Subra Kumaraswamy
Slideshare slideshare.com/apigee Apigee Community https://community.apigee.com YouTube youtube.com/apigee 2
Subra Kumaraswamy @subrak Chris von See @apigee 3 Today’s presenters
Why do organizations have “governance”?
Why do organizations have “governance”? •  improved categorization and management via metadata, to support resource reuse, track API/service characteristics, support impact assessment, etc. •  verification that business value is being realized in a way that matches expectations •  verification of compliance with procedures and rules •  review and approval of changes that impact multiple teams or systems •  verification of conformance to software best practices •  compensation for past experiences in inflexible design or poor-quality delivered software •  contract and process compliance for outsourced development, operations •  make it easy to assess blame 5
Not all governance is “bad governance”, but… 6 One of the major issues of B2B integration and partner/community-based application development in the past was not only that we gave developers specific limited building blocks but also a set of very rigid interfaces. When combined with tight governance (GRC), security and unreasonable restrictions, essentially it gave the developer community a steel cage to build things inside. This used to allow no leeway, no room for imagination, and certainly thinking out of the box was verboten…. “ Source: http://www.wired.com/2013/12/how-apis-fuel-innovation/
Why “project-based funding” stifles innovation 7 !No experimentation. Image sources: http://ilcoccodimamma.com/products/big-58.jpg, http://musicconsultant.com/site/uploads/2011/01/plan.jpg, http://c8.alamy.com/comp/EEW664/cartoon-of-business-meeting-with-chart-showing-inconsistent-results-EEW664.jpg No planning. No consistency.
8 APIs are about “co-creating value”.
Can governance and innovation co-exist? 9
APIs and “systems of engagement” 10 http://blogs.forrester.com/ted_schadler/12-02-14-a_billion_smartphones_require_new_systems_of_engagement
Digital Value Chain Exposure / “Systems of Record”Consumption / “Systems of Engagement”
A framework for governance based on creating digital value Design for the developer Intuitive, functional interfaces that encourage exploration, innovation and delightful consumer experiences Build for the API Team Consistently repeatable processes that reinforce reusability, enhance reliability and validate business value Operate for the consumer Provide consistent, measurable “always on” performance in a secure environment
“Agile” governance •  Incremental assessment of business value and functional approach while the work is being done, not after •  Earlier course correction when APIs deviate from standards or regulatory requirements •  More rapid reaction to changing markets and requirements •  Testing during the development process helps to catch cross-system incompatibilities as APIs evolve 13 Image source: http://sdc.net.au/media/1189/agile_lifecycle_large.png
Design and prototyping at the API layer 14 or
Design and prototyping at the API layer 15 + + API definition Policies Mock back-end system Mock Data Store Data store Connections/ Social Users and Devices Location queries
Preventing “API sprawl” with discoverable interfaces •  Reuse at the API level is supported by clean, well structured documentation that allows someone to find out If a given function has already been implemented •  Reuse at the API component level is supported in the same way it is with any software system •  Metadata in documentation, combined with search, enables categorization that supports impact assessment •  API Product metadata also makes it easy to determine what’s internally consumable vs. externally consumable 16
Governance in the software development life cycle: It’s all about automation. 17 Source: https://upload.wikimedia.org/wikipedia/commons/e/e8/Gears.JPG
Everything is Available via a Management API •  250+ Management APIs to manage the entire platform •  Use DevOps tools to automate API activation, deactivation, promotion, etc.
Building the optimal API Program process Source: http://www.collab.net/solutions/devops
Operational governance is about… •  Security: Who has access to the API management system? How do I control service access? How can I protect my organization from threats? •  Measurement: How available are my services, and how well are they performing? How do outages or slowness affect my business? Am I getting the value I expected? •  Service management: How can I throttle usage if needed? How do I plan for future service requirements? •  Change management: What code is deployed now, and how do I evolve services as my needs change? •  Problem determination: How do I find and fix problems in a high-volume, high-availability production environment? 20
Security at All Points of Engagement 21 Backend P A I API TeamAPIsDevelopersAppsUsers Mutual TLS IP Access Control RBAC AD / LDAP Audit Logical Separation Quotas Spike Arrest Threat Protection Intrusion Detection Bot Detection DDoS Access Block Revoke SSO RBAC API key OAuth2 Mutual TLS OAuth2 MFA Federated Login IP Access Control
API Identity Governance Govern App Identity Prov/ Deprov Run-time Policies User Identity RBAC Audit Deploy/ Monitor/ Verify 22 App Identity Key and Distribution þ Security & Access Control Policies – Threat Protection, Authentication, Authorization, Transport level security þ User Identity for API services þ RBAC for Mgmt users and Developers þ Audit Mgmt activities þ Deploy and Monitor Access control policies þ
Visibility brings understanding, which drives action 23
Diagnosing problems in production •  Built-in trace gives you deep insights into each step in an API proxy: contextual variables, execution time, fault details, etc.
Take Aways… •  Governance can be beneficial for a variety of reasons. Excessive governance or project- based funding, however, can impact an organization’s ability to innovate and to stay competitive in the marketplace. •  To facilitate innovation and accelerate value creation, governance for “systems of innovation” should be treated differently than governance for “systems of record”. •  An agile approach leveraging prototyping and development at the “system of innovation” – the API layer - enables you to move rapidly to identify, validate and act on new initiatives, and to introduce heavier-weight governance only when absolutely needed. •  Building a software development life cycle around a highly automatable API platform can accelerate the pace of innovation by eliminating or replacing slower governance processes. •  Robust security, monitoring, management and problem determination features enable easy and effective operational governance. 25
Questions?
Thank you
Material and stuff to read •  http://www.programmableweb.com/news/governance-vs-innovation-do-they-have-to-be- enemies/2013/02/27 •  http://www.wired.com/2013/12/how-apis-fuel-innovation/ •  http://apievangelist.com/2013/02/27/what-is-a-better-word-for-governance-when-it- comes-to-apis/ •  http://blog.cobia.net/cobiacomm/2013/04/09/application-services-governance/ •  http://weareinnovation.org/2014/02/27/open-innovation-vs-governance-the-api-equation- to-business-agility/ •  http://servicetechmag.com/I86/0914-1 28

Recomendados

Protect your APIs from Cyber Threats
Protect your APIs from Cyber ThreatsProtect your APIs from Cyber Threats
Protect your APIs from Cyber Threats
Apigee | Google Cloud
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital Age
Apigee | Google Cloud
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
Apigee | Google Cloud
 
Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
Apigee | Google Cloud
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
Apigee | Google Cloud
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
Apigee | Google Cloud
 

Recomendados

Protect your APIs from Cyber Threats
Protect your APIs from Cyber ThreatsProtect your APIs from Cyber Threats
Protect your APIs from Cyber Threats
Apigee | Google Cloud
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital Age
Apigee | Google Cloud
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
Apigee | Google Cloud
 
Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
Apigee | Google Cloud
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
Apigee | Google Cloud
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
Apigee | Google Cloud
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
Apigee | Google Cloud
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
Apigee | Google Cloud
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
Apigee | Google Cloud
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
Apigee | Google Cloud
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
Apigee | Google Cloud
 
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
Apigee | Google Cloud
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
Apigee | Google Cloud
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
Apigee | Google Cloud
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
Apigee | Google Cloud
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
Apigee | Google Cloud
 
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
Apigee | Google Cloud
 
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
Apigee | Google Cloud
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
Apigee | Google Cloud
 
London adapt or-die opening keynote chet kapoor
London adapt or-die opening keynote chet kapoorLondon adapt or-die opening keynote chet kapoor
London adapt or-die opening keynote chet kapoor
Apigee | Google Cloud
 
London Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Opening Keynote with Chet KapoorLondon Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Opening Keynote with Chet Kapoor
Apigee | Google Cloud
 
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD StoryLondon Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
Apigee | Google Cloud
 
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!
Apigee | Google Cloud
 
London Adapt or Die: Five Things Enterprises Should Know About Serverless
London Adapt or Die: Five Things Enterprises Should Know About ServerlessLondon Adapt or Die: Five Things Enterprises Should Know About Serverless
London Adapt or Die: Five Things Enterprises Should Know About Serverless
Apigee | Google Cloud
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API Security
Apigee | Google Cloud
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
 

Mais conteúdo relacionado

Mais de Apigee | Google Cloud

Mais de Apigee | Google Cloud (20)

Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
 
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
 
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
 
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
 
London adapt or-die opening keynote chet kapoor
London adapt or-die opening keynote chet kapoorLondon adapt or-die opening keynote chet kapoor
London adapt or-die opening keynote chet kapoor
 
London Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Opening Keynote with Chet KapoorLondon Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Opening Keynote with Chet Kapoor
 
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD StoryLondon Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
 
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!
 
London Adapt or Die: Five Things Enterprises Should Know About Serverless
London Adapt or Die: Five Things Enterprises Should Know About ServerlessLondon Adapt or Die: Five Things Enterprises Should Know About Serverless
London Adapt or Die: Five Things Enterprises Should Know About Serverless
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API Security
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Deep-Dive: Rethinking Governance in an API-First World

  • 1. Deep-Dive: Rethinking Governance in an API-First World Chris von See Subra Kumaraswamy
  • 3. Subra Kumaraswamy @subrak Chris von See @apigee 3 Today’s presenters
  • 4. Why do organizations have “governance”?
  • 5. Why do organizations have “governance”? •  improved categorization and management via metadata, to support resource reuse, track API/service characteristics, support impact assessment, etc. •  verification that business value is being realized in a way that matches expectations •  verification of compliance with procedures and rules •  review and approval of changes that impact multiple teams or systems •  verification of conformance to software best practices •  compensation for past experiences in inflexible design or poor-quality delivered software •  contract and process compliance for outsourced development, operations •  make it easy to assess blame 5
  • 6. Not all governance is “bad governance”, but… 6 One of the major issues of B2B integration and partner/community-based application development in the past was not only that we gave developers specific limited building blocks but also a set of very rigid interfaces. When combined with tight governance (GRC), security and unreasonable restrictions, essentially it gave the developer community a steel cage to build things inside. This used to allow no leeway, no room for imagination, and certainly thinking out of the box was verboten…. “ Source: http://www.wired.com/2013/12/how-apis-fuel-innovation/
  • 7. Why “project-based funding” stifles innovation 7 !No experimentation. Image sources: http://ilcoccodimamma.com/products/big-58.jpg, http://musicconsultant.com/site/uploads/2011/01/plan.jpg, http://c8.alamy.com/comp/EEW664/cartoon-of-business-meeting-with-chart-showing-inconsistent-results-EEW664.jpg No planning. No consistency.
  • 8. 8 APIs are about “co-creating value”.
  • 9. Can governance and innovation co-exist? 9
  • 10. APIs and “systems of engagement” 10 http://blogs.forrester.com/ted_schadler/12-02-14-a_billion_smartphones_require_new_systems_of_engagement
  • 11. Digital Value Chain Exposure / “Systems of Record”Consumption / “Systems of Engagement”
  • 12. A framework for governance based on creating digital value Design for the developer Intuitive, functional interfaces that encourage exploration, innovation and delightful consumer experiences Build for the API Team Consistently repeatable processes that reinforce reusability, enhance reliability and validate business value Operate for the consumer Provide consistent, measurable “always on” performance in a secure environment
  • 13. “Agile” governance •  Incremental assessment of business value and functional approach while the work is being done, not after •  Earlier course correction when APIs deviate from standards or regulatory requirements •  More rapid reaction to changing markets and requirements •  Testing during the development process helps to catch cross-system incompatibilities as APIs evolve 13 Image source: http://sdc.net.au/media/1189/agile_lifecycle_large.png
  • 14. Design and prototyping at the API layer 14 or
  • 15. Design and prototyping at the API layer 15 + + API definition Policies Mock back-end system Mock Data Store Data store Connections/ Social Users and Devices Location queries
  • 16. Preventing “API sprawl” with discoverable interfaces •  Reuse at the API level is supported by clean, well structured documentation that allows someone to find out If a given function has already been implemented •  Reuse at the API component level is supported in the same way it is with any software system •  Metadata in documentation, combined with search, enables categorization that supports impact assessment •  API Product metadata also makes it easy to determine what’s internally consumable vs. externally consumable 16
  • 17. Governance in the software development life cycle: It’s all about automation. 17 Source: https://upload.wikimedia.org/wikipedia/commons/e/e8/Gears.JPG
  • 18. Everything is Available via a Management API •  250+ Management APIs to manage the entire platform •  Use DevOps tools to automate API activation, deactivation, promotion, etc.
  • 19. Building the optimal API Program process Source: http://www.collab.net/solutions/devops
  • 20. Operational governance is about… •  Security: Who has access to the API management system? How do I control service access? How can I protect my organization from threats? •  Measurement: How available are my services, and how well are they performing? How do outages or slowness affect my business? Am I getting the value I expected? •  Service management: How can I throttle usage if needed? How do I plan for future service requirements? •  Change management: What code is deployed now, and how do I evolve services as my needs change? •  Problem determination: How do I find and fix problems in a high-volume, high-availability production environment? 20
  • 21. Security at All Points of Engagement 21 Backend P A I API TeamAPIsDevelopersAppsUsers Mutual TLS IP Access Control RBAC AD / LDAP Audit Logical Separation Quotas Spike Arrest Threat Protection Intrusion Detection Bot Detection DDoS Access Block Revoke SSO RBAC API key OAuth2 Mutual TLS OAuth2 MFA Federated Login IP Access Control
  • 22. API Identity Governance Govern App Identity Prov/ Deprov Run-time Policies User Identity RBAC Audit Deploy/ Monitor/ Verify 22 App Identity Key and Distribution þ Security & Access Control Policies – Threat Protection, Authentication, Authorization, Transport level security þ User Identity for API services þ RBAC for Mgmt users and Developers þ Audit Mgmt activities þ Deploy and Monitor Access control policies þ
  • 23. Visibility brings understanding, which drives action 23
  • 24. Diagnosing problems in production •  Built-in trace gives you deep insights into each step in an API proxy: contextual variables, execution time, fault details, etc.
  • 25. Take Aways… •  Governance can be beneficial for a variety of reasons. Excessive governance or project- based funding, however, can impact an organization’s ability to innovate and to stay competitive in the marketplace. •  To facilitate innovation and accelerate value creation, governance for “systems of innovation” should be treated differently than governance for “systems of record”. •  An agile approach leveraging prototyping and development at the “system of innovation” – the API layer - enables you to move rapidly to identify, validate and act on new initiatives, and to introduce heavier-weight governance only when absolutely needed. •  Building a software development life cycle around a highly automatable API platform can accelerate the pace of innovation by eliminating or replacing slower governance processes. •  Robust security, monitoring, management and problem determination features enable easy and effective operational governance. 25
  • 28. Material and stuff to read •  http://www.programmableweb.com/news/governance-vs-innovation-do-they-have-to-be- enemies/2013/02/27 •  http://www.wired.com/2013/12/how-apis-fuel-innovation/ •  http://apievangelist.com/2013/02/27/what-is-a-better-word-for-governance-when-it- comes-to-apis/ •  http://blog.cobia.net/cobiacomm/2013/04/09/application-services-governance/ •  http://weareinnovation.org/2014/02/27/open-innovation-vs-governance-the-api-equation- to-business-agility/ •  http://servicetechmag.com/I86/0914-1 28