If you are a business owner (CEO, CIO, or head of a business line) you continuously need to look for ways to innovate, out-think and out-maneuver your competition. In the sharing and collaborative economy we live in, you have an unprecedented opportunity to team up with others to make what you’re good at even better, even more compelling, or part of a larger value proposition. Never before in our history has it been simpler to do so.
The argument is this: there are capabilities that YOU offer and deliver better than anyone else. As a result, you want to make full use of previously isolated data sources and make your capabilities available to others. To do so, you need to plug yourself more into the fabric of the “API economy.”
The term API (for Application Programming Interface – a program calling another program through its API) has been around for a long time; however, over the past few years there’s been an increased interest in APIs, more specifically “Business APIs” or “Web APIs.” “Business APIs” are pretty simple to understand: they are interfaces focused on business assets – for example, a product, a client, an order.
The “API Economy” relates to the use of “Business APIs” to positively impact a business or a government agency. API initiatives focus mainly on business drivers related to:
- innovation
- faster time-to-market
- improved sharing of assets
- the creation of new revenue streams by connecting the physical world with the online world (omnichannel strategy), and by addressing new clients/industries/geographies/use cases
- improved client experiences
Increased employee engagement is also a focus area for many organizations.
Business APIs are making it easier to integrate and connect people, places, systems, services, data, products, things and algorithms. All industries, all verticals, and corporations of all sizes can extract value out of their data and connect with others – not only tech corporations. APIs now allow any business to embed itself into other folks’ business in an unprecedented way.
Random examples of the API Economy at play include:
- Google providing Google Maps, which a retailer or ride-sharing company can plug into its applications without having to build its own mapping system
- PayPal or Stripe payment systems integrated with B2C apps
- Using your Facebook account when you sign in various apps
- Brick-and-mortar retailers developing ecommerce channels and leveraging backend APIs to handle things like payments, shipping, etc.
- IoT technology-enabled pest control systems with automatic notifications of caught rodents in Wi-Fi connected snap traps.
The API Economy’s value is in the trillions of US$, per various industry estimates: https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/what-it-really-takes-to-capture-the-value-of-apis
In fact, an interesting industry survey suggests that more than a third (35%) of enterprises generate 25% or more of their topline sales from APIs: https://www.mulesoft.com/press-center/technology-trends-2018-connectivity-benchmark. An astonishing number!
But here is the downside: as we transition into an increasingly digital-first environment powered by the API Economy, fraud actors follow the data, simply because data (after human capital) is one of the most valuable assets a business has. And APIs are the key to that data.
If your API is insecure, if your workloads or your users’ online browsing or identities get compromised, you open up a threat vector into your business AND your ecosystem of partners.
Bottom line: When business leaders and developers connect disparate data together and core transactional systems are made available publicly, this increases the attack surface for malicious actors who can now infiltrate entire ecosystems through their supply chains.
How to mitigate your risks in the API Economy?
As a progressive business leader who is winning in the market by leveraging partners’ ecosystems, the last thing you want is for fraud actors to steal your confidential or regulated data or your financial assets.
As always in IT security, you must adopt a three-pronged strategy to minimize risks and boost your cyber security posture:
- People – continuous user education and awareness so that your employees truly become a “human firewall” and can spot a phishing email a mile away
- Processes – there are good practices aplenty around regular data backup, patching and incident response (beyond the scope of this blog post)
The best technologies will not secure your business from malicious actors if you deploy and configure them wrongly. The recent SingHealth breach in Singapore proves that no matter how advanced your security tools, if your people or processes “break,” you’re in for trouble and for receiving a lot of unwanted attention in ways that will impact your reputation or revenue or both. https://www.zdnet.com/google-amp/article/employees-sacked-ceo-fined-in-singhealth-security-breach/
- Technology.
If you intend to be an active part of the API Economy and provide your APIs to others, you will be the target of security breaches if you don’t properly think through versioning and deployment. Start by securing your APIs with an application services governance framework – which caters to the end-to-end governance for all types of network services. A good starting point for your research is the 2018 Magic Quadrant for Full Lifecycle API Management by global research and advisory firm Gartner.
Additionally and importantly, if not done already, you must secure your workloads (whether your applications or services reside on-premises in your traditional IT infrastructure, or off-premises in a public or private Cloud, or in a hybrid IT model), and your employees’ identities. Technologies from WatchGuard around network security and multi-factor authentication will certainly help you achieve this important aspect of securing the API Economy.
Sylvain Lejeune, RVP APJ WatchGuard Technologies
linkedin.com/in/sylvainlejeune