If any more validation was needed of the ubiquity of application programming interfaces in driving digital transformation then look no further than Google’s $625 million acquisition of API manager vendor Apigee. As makers of software which enables developers to use APIs to securely share their data across applications and devices from third parties, it’s a move that also reaffirms how security is a critical concern when exploring the undeniable potential that exists with API development.
Inherently agile and equipped to extend the value of existing applications, when it comes to breathing new life into a proposition, APIs have become an integral and strategic option for businesses looking to gain that competitive edge.
Indeed, harnessing the power of an API platform as a slick gateway to digital transformation can be a game changer in the delivery of a more personalized omni-channel engagement expected by today’s hyperconnected customers.
The traction isn’t sector specific, but the airline industry serves as a good illustration as big-name operators extract far greater value from the wealth of passenger data by sharing it with external developers who can incorporate the intelligence into their applications. This injection of innovation enhances the customer offering and brings more fluidity to a traditionally complex IT infrastructure to create new opportunities. Furthermore, enabling the business to tap into outside talent pools and reap the rewards of this external objectivity can enhance the offering in a relatively fast and inexpensive manner.
The impact on the customer experience is just one of many benefits but even here, the obvious potential can all too easily be tempered by the heightened security risk that comes with greater data exposure and accessibility. Quite simply, the use of APIs have provided hackers with more options than ever before, with their activity no longer confined to just one application but spread across a plethora of services as access point swell thanks to more client devices from traditional desktops to mobile devices and even smart televisions.
It’s a threat compounded by the fact that for many software developers focused on creating compelling applications, the actual control of access and consumption of data is way down in the pecking order of priorities. Yet as APIs emerge as chief enablers of interactions between objects connected to the internet, control is critical to achieving data security and privacy in the digital enterprise to ensure that sensitive data is not leaked. Recent history is brimming with examples of big-name operators that have fallen foul of the data vulnerabilities ripe for exploitation.
Car telematic apps created to access non-critical features such as climate control and battery charge management from anywhere across the internet are a notable example, routinely leaking much broader historic driving data that can provide a more detailed picture of a customer’s driving habits and in turn present serious privacy issues.
There’s no doubt that the market has been slow to embrace the necessary solutions that help onboard and manage in-house and third-party developers and determine which apps developers can access which APIs and secure data in line with regulatory requirements. Broadly speaking, such solutions bring APIs under a centralized control to enable security and other policies to be applied in an ordered and systematic way.
For many, adopting the proper precautions when opening access to their internal data and business functionality demands a shift in mindset and approach in which security, control, and scalability become an integral part of the API strategy rather than a nice-to-have add on or afterthought.
Access control becomes pivotal to any solution if the developer community is to be properly managed combined with the kind of sophisticated analytic capabilities that offer a focus, overview, and insight to exactly what is happening. Lifting the lid on usage patterns provides a broader overview and understanding enabling a more intuitive and proactive management rather than simply reacting to issues once the horse has bolted and damage has already been done.
Furthermore, these are the kind of measures that offer the reassurance for those at the other end of the spectrum, who rather than being caught napping with insecure APIs, have been so risk adverse that it has deterred them from pursuing an API strategy altogether. With security products available in the cloud, on premise or hybrid, allowing you to scale, monitor, and distribute your APIs, the new breed of solutions are flexible enough to suit all demands and situations.
Indeed, there’s no reason why businesses can’t embrace the agility an API strategy affords without compromising on security, the two need not be mutually exclusive as long as the correct measures are in place. Striking this balance is an investment worth making to underpin the future of your digital enterprise.