We were delighted to host our latest IDC Digital Leadership Think Tank on May 26. Digital leaders from around Europe joined the call to hear from IDC experts and digital leadership peers on the subject of the API enterprise, how organisations are exploiting APIs to expose their data and functionality to others, and how they themselves build services using the APIs provided by their ecosystem partners.
Chris Weston was joined by Massimiliano (Max) Claps from IDC’s Government Insights practice.
Today’s Realities Around Digital Connectedness
To start the session, Chris Weston described the “API economy” as he saw it as an advisor working with CIOs across Europe and from his own experience of leading teams delivering software based on interoperability and open data. He talked about the efficiencies that have been demanded of entire industries, and the way that many companies have provided data and functionality via APIs to their systems so that partners can be sure they are working to the latest information provided in a consistent manner.
Many companies have developer portals on their web pages, he said, and they contain the documentation and details for the services they have built. Chris introduced Max Claps, from the IDC Government Insights team, who described his view of the world in this regard. Max said the thing that is new about the API economy is not the technology but the ability to apply APIs for many more use cases.
In the government/public sphere, it’s possible to make data available from many sources like sensors or public services such as transport, so that people with specific requirements can build the data queries they and people in their industry or interest group need. These would very rarely be considered for inclusion in standard apps or reporting tools provided by councils or governments because of the low numbers of likely users.
Max also touched on the regulatory requirements in some industries to provide open data but also to protect it in the light of laws such as GDPR. He talked of practical examples such as the HMRC Making Tax Digital programme, which enables finance systems to make submissions directly to the government and connect with banking APIs to make seamless payments.
Another example was from the NHS response to COVID-19, where the National Health Service linked with the Department for Work and Pensions to identify carers of vulnerable people that needed the earliest access to vaccinations.
Practical Experiences from the Group
One of the CIOs attending the discussion explained how he was growing his API portfolio. Having always had interfaces of one kind or another to exchange data with suppliers, he said the number of ways that were now available made the possibilities quite exciting. He described how the potential of these services was providing new business models and processes once people are educated in the possibilities.
Another CIO told the group that in their industry there are many new and old methods of information exchange, including fax machines. The APIs being developed there reduce the amount of manual input and potential for error and open up the possibility of selling access to the APIs as a new revenue stream.
A participant from the manufacturing/white-goods industry talked about their open APIs that are built around their connected devices, this being a key selling point of the products and a way for users to get data from their devices via the company’s mobile apps. Being open APIs, they are available for developers to create any kind of interface, and more connectivity will be available in the future.
Managing Risk
No discussion of technology and data is complete without an examination of risk. One of the government CIOs on the call spoke of the importance of API governance. Organisations must understand what is being made available via APIs and who is the internal owner of the interface who maintains the documentation, communicates any changes and monitors the performance — especially if there are contractual obligations around the provision of these services.
Moving from the “walled garden” approach to an open API model was definitely seen as a step too far for several participants, and the recent Log4j security vulnerability (which affected millions of computers around the world) has made people far more reluctant to open services to everyone. It’s important to know who is responsible should there be a breach due to a poorly configured API, and proper checks should be made before any deployment or change.
However, as more than one of our contributors said, governance and API management is rarely in budget and is one of the first victims of cuts when times are hard. This adds to technical debt and increases the risk of unauthorised or inappropriate use.
Managing the API you provide in use is also key to reducing the risk to the people who rely on your service — in some cases their systems can fail if the API becomes unavailable or if there is a change to the format without proper notification of the change.
The conversation then turned to some practical measures for managing the proliferation of APIs across a business, whether that be via an integration layer or software from cloud providers.
Conclusions
We closed the discussion by asking if APIs were a conscious part of the technology strategy for our audience or if they were merely managed and provided as an ad hoc solution. The overwhelming majority of people responding said they were definitely strategic tools that are part of their road maps.
Whether these are internal APIs to enable loose coupling/integration of systems that can then be opened to other parties as and when required, or open APIs designed to boost commercial use of an organisation’s data or services, they were a very important tool in the box for our community.
The IDC CIO Advisory team would like to thank everyone who came to the call for their input. It’s always inspiring to hear from those making change in their business and taking the tough calls with their management colleagues. We hope this session was valuable and provided many takeaways for you.
This month, the subject of our discussion will be deciding between multicloud and on premises, and we will discuss the right mix of infrastructure to obtain the advantages and avoid the downsides. If you already receive invitations to our sessions, we hope to see you there. If you would like to join this community, please email Marc Dowd (mdowd@idc.com).