API series - MuleSoft: Why API governance should be an innovation & transformation driver

This is a guest post for the Computer Weekly Developer Network’s API universe series written in full by Matt McLarty in his role as global field CTO & VP, digital transformation Office (DTO), MuleSoft – 

MuleSoft’s core technology proposition hinges around a promise to take the ‘mule-work’ (or donkey, or grunt)  out of cloud-based software integration with specific competancies in API management and automation intelligence.

Mulesoft is known for its Anypoint Platform with unified functions that centralise around integration, API management and automation – but today (after an acquisition that was completed in 2018), the company is also now known for its now-expansive integration with the Salesforce platform.

McLarty writes as follows…

We all know that IT governance has historically had a bad reputation.

Too often it’s viewed as a handbrake on innovation – a lead weight that slows down the speed of business efficiency. Part of this problem correlates to the strong ties between governance, security and compliance. Yet when done right, governance can be a driver of innovation and transformation, by providing clear direction and empowering different parts of the business to work independently.

Organisations can best enable this by building a multi-layered API governance programme/initiative that covers both operational stability and security, while meeting strategic business goals. In a world of spiralling complexity, this can only be done effectively by taking a universal API management approach.

Building on strong foundations

API governance is a big issue and it’s time for us all to look at the facts.

Today we can say that governance is absolutely critical to ensuring API projects are successfully and securely implemented. This is increasingly important as many organisations are now empowering business teams to create APIs and connected experiences using no/low-code tooling. However, research shows that security and governance is seen as the biggest challenge to integrating user experiences. Gartner also predicts that by 2025, “Less than 50% of enterprise APIs will be [well] managed, as explosive growth in APIs surpasses the capabilities of API management tools.” If that came true, it would turn every unmanaged API into a potential ground zero for a serious security breach.

On the other hand, APIs are also fundamental business tools that deliver direct business benefits.

MuleSoft’s McLarty: think about API governance in four distinct categories.

Organisations that have embraced API-led connectivity have improved visibility into operations, increased customer engagement, driven innovation, improved ROI and increased adoption of automation. In this context, API governance can help organisations accelerate delivery, increase productivity and even inform their overall digital strategy.

Broadly speaking, the goal of API governance is to ensure that enterprise APIs deliver their intended value.

But frequently, enterprise goals are so diverse that they may result in conflict. Security versus productivity is a classic example. It is therefore helpful to think about API governance in four distinct categories. By taking this approach, organisations can build a governance model with clear ownership and objectives.

Four categories for API governance

API program governance sits at the top of the pile, coordinated by a “Center for Enablement” (C4E) or similar function sitting within the organisation. It should focus not just on technology issues/changes but also wider themes including business alignment, delivery methodologies, team structures and potentially corporate culture.

API product governance as the name suggests, is about managing the lifecycle of each individual API product – which should be treated as a standalone entity with its own strategy and business model to measure against. This will be the job of the API product manager, who will look at both the security/compliance risks that need to be managed and areas such as alignment between product vision and design, business model, market strategy, roadmap and operating model.

API portfolio governance is overseeing larger sets of API products within the enterprise. It can help to reduce the risk of duplicated effort, drive consistencies around design and policy, merge similar API products and deprecate any unused ones.

API platform governance is what happens automatically in an organisation’s runtime API interactions. It provides metrics and helps enforce policies for the other three categories of API governance. In addition, it leverages automation and digital capabilities to ensure stability, security and resilience within the API operational environment.

A universal control plane

Considering API governance in this way will help organisations develop a more coherent approach. However, organisations must also consider that API environments are heterogeneous and complex.

Today’s organisations use more than 900 individual applications on average, with the majority drawing on a mixture of public and private APIs. Considering that many IT environments today span multiple clouds, organisations can quickly face visibility and control challenges.

The scale, complexity and distributed nature of these environments requires a single, unified control plane to manage API governance. By centralising governance rules and applying them to any API at scale, organisations can accelerate innovations and time to market without sacrificing trust.