As waves of
digital disruption wash through all industry sectors, organisations are facing
two key challenges. They need to increase the clockspeed of their businesses
while at the same time ensuring their IT infrastructures remain secure.
A recent survey conducted by MuleSoft of 800 IT professionals points to a wider problem: Almost 80 percent of IT budgets are spent on simply maintaining existing infrastructures rather than on transformative initiatives to drive innovation. At the same time, research shows 60 percent of businesses will suffer a major service failure due to an inability of the IT security team to manage digital risk in new technology and use cases.
As a result, improving agility and security can seem at odds, but they don’t have to be. It is possible to create a corporate culture of continuous innovation while weaving security principles into the design of every application and data access point. Organisations can create a framework for faster innovation and build in security by design through the creation of application networks, which are networks of applications, data and devices connected with APIs to make them pluggable and to create reusable services.
The challenge of connectivity
To get the most value from IT systems, organisations find they must increasingly connect these systems and it's tempting to do this in a one-off fashion. As a new system is added, a new integration connection is added as well.
This type of point-to-point integration is extremely common and can appear to work well at first. The IT team assesses the integration needs, quickly writes some custom code to solve it and congratulates itself on dealing with the problem on time and on budget.
However, over time, an organisation can end up with a complex mess of connections that actually inhibits it from moving forward. When everything is hardwired to everything, nothing can move without breaking everything else.
In order for systems to work together properly, connectivity must become a strategic business discipline and not be driven on a project-by-project basis.
Looming shadow IT
Some organisations compound this connectivity problem through “shadow IT.” Under this scenario, departments within an organisation source IT resources directly rather than through the central IT department.
While this method helps departments secure access to the resources they require, it can also put the organisation and its sensitive data at risk. Too often, IT and security teams end up fire fighting problems that arise from the use of shadow IT. They become so busy putting out fires that they don't have time to build frameworks for best practice and build partnerships with the rest of the business.
A strategic integration discipline, like API-led connectivity, can harness the impulses behind the creation of shadow IT and turn them into business assets.
Achieving agility and security through API-led connectivity
Juggling agility and security requires a fresh take on application development and data sharing. Rather than a traditional monolithic approach undertaken by a central IT department, well-defined and well-fortified nodes can be created using an API-led approach.
Each of these nodes, designed and built by the teams that need them, will have security best practices baked in at the point of design. These nodes are then connected through APIs, which are standardised, well-defined entry points that are easy to visualise and secure.
As more systems are connected, there is no need to create new connections. Instead, the organisation can reuse those already in place and managed by the IT security team. This approach, therefore, allows an organisation to move faster while at the same time allowing the IT team to maintain control.
What emerges is an application network, organised around well-defined building blocks linked using APIs. Security is built in because each API effectively becomes a secured doorway. IT teams can maintain security of these doorways in a number of ways. They can determine who has permission to enter, what authentication is required to enter, what each user has access to and what alarms should ring if anything goes wrong.
Another advantage of adopting an application network is that it creates secure boxes in which people can operate. Developers don’t have to be security experts, identity experts, or even domain experts as each of those functions can be handled centrally. By creating new assets from reusable components, developers can continually reduce their area of attack as they are not introducing additional, unchecked access to data or systems.
Implementing an application network
There are defined steps IT teams can take to boost agility while improving security through deployment of an application network. They include:
1. Meet with business leaders: Discover what projects the business is planning, what data they currently have access to, what data they are trying to expose and the ways in which they want to use it. Proactively helping to solve problems for the wider business as opposed to just being the endpoint will put valuable assets in the hands of development teams to drive innovation and differentiation.
2. Develop APIs: Once the goals of the business are defined, work to create well-defined and well-structured APIs that allow others to expose or access the data. This, in turn, will reduce the business’ exposed surface area because all entrance and exit points will be identified.
3. Create visibility: Visibility is great for security as well as the business. It allows the business to make data-driven decisions and allows the IT team to understand what applications access which nodes and backend systems.
In an application network, any digital asset can be quickly and securely discovered and reused by the broader organisation. From the very first project, the nodes of the network are built with all the intrinsic qualities of the network in them -- secure, easy to change, discoverable, self-served, ready for reuse, modular and composable. As a result, the speed with which every subsequent project is delivered begins to accelerate, and the businesses clockspeed begins to quicken.
About the author
Brad Drysdale is APAC CTO for MuleSoft. Prior to MuleSoft, Brad held technical leadership roles at Kaazing, Azul Systems and BEA Systems.