02. Managing access control
When it comes to good governance, our respondents cited the need for an overarching strategy which adopts a common set of principles, patterns and frameworks.
Our respondents recommended starting with a standardised set of API specifications. From a strong base, API functionalities can be adjusted and extended to meet the specific requirements of departments or products in ways that are governable and allow for API security protocols to be uniformly implemented.
03. Governing microservices
Microservices architecture allows for the solution to be split into smaller pieces with dedicated purposes and this enables more personalised and agile delivery. While microservices offer more flexibility, our respondents told us that its distributed architecture can become complex and complicated to govern. For businesses with relatively small-scale operations, a monolithic or service-orientated architecture can still offer effective solutions.
For respondents who were pursuing a microservices architecture, we found that maintaining total visibility of their APIs was crucial to ensuring increased complexity didn’t lead to increased security vulnerabilities.
“The dilation of the design principles is key. How do we govern the identity and security of these APIs?”
NCS
04. Automating out vulnerabilities
Increasingly organisations are looking to automation to effectively govern APIs within complex microservices architectures.
We found that respondents are using automation to reduce or cut out completely the number of individuals involved in requesting and granting access to APIs.
As soon as a new API is created, an access control process is automatically applied to prevent unauthorised access, eliminating the need for this process to be repeatedly enacted manually. By reducing the number of individuals involved in the process, there is less chance of a security breach occurring.
Looking to the future, the technology leaders we spoke to are also aiming to develop automated processes that carry out testing in real-world conditions to support ambitions to create more open APIs that can be shared with customers and partners.
05. Simplifying complexity
As organisations think about how to implement governance models that enable automation, agility and security, they are increasingly seeing the value of an API management tool. An API management platform can mediate between code base, application and identity provider to simplify the governance process and guard against single points of failure.
This process effectively mediates a complex ecosystem to enable a holistic and robust approach to governance.
“The big challenge that we currently have is keeping APIs flexible for a changing set of customer needs and at the same time keeping them manageable and governable. We want to have a simpler governance model.”