BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Cloud API management is one of the most important tasks for IT pros who oversee enterprise cloud deployment. At the end of the day, clouds are really nothing more than collections of APIs and services. Infrastructure-based APIs perform functions such as placing data into storage, while application-based APIs handle other tasks, such as calculating an interest rate for a bank, for example. The list goes on and on.
There are basic repository and API tracking technologies that allow you to place policies around, and control access to, cloud APIs. These policies are small procedural programs that allow you to define limitations. For example, organizations could limit API access to a specific time of day, or limit access based on users' roles. Cloud API management tools are extensible, and provide their own set of APIs.
Vendor options for cloud API management
There are a number of vendors that provide a wide range of capabilities for cloud API management. They all do things differently, and offer different solutions to enterprise problems. However, this makes it difficult for enterprises to do an apples-to-apples comparison of these vendors. Organizations should be careful about defining requirements and mapping those requirements to cloud API management systems that match their criteria.
One vendor in the cloud API management space is Layer 7 Technologies, now owned by CA Technologies, which offers a security-oriented API management system. Other players in the API management and governance space include Apigee, Mashery, IBM, WSO2, Microsoft, Axway and Cloud Elements.
Best practices for cloud API management
To ensure effective cloud API management, keep these best practices and challenges in mind:
- As you continue on with cloud, you'll most likely end up with a complex multicloud environment. As a result, both your API management strategy, and the management tools you pick, should be heterogeneous. It's typically risky to choose an API management tool that comes from a single public cloud provider.
- Be sure to tightly integrate your cloud API management tools with your cloud security tools. These two sets of tools and systems need to share data to properly secure your cloud APIs, which are often targeted in outside attacks.
- API directories and discovery are very important. Application developers need to be able to find the right API in a service catalog, and reuse it. If APIs are written for a single use case, they do not provide the value that they need to.
It's an API economy, and APIs are becoming a critical piece of enterprise IT -- whether they exist on a cloud, or within traditional enterprise systems. The widespread use of APIs means we can finally achieve reusable APIs -- something that has eluded us for years. While we learn to use public cloud-based APIs for infrastructure services, we will quickly learn to use the same mechanisms to carry out purpose-built services within our businesses.
Why API strategies are no longer just for developers
How to mitigate cloud API security risks
Prepare for your cloud provider's API update