APIs are the building blocks of Cloud Services
It is nearly impossible to find an enterprise where Cloud is not a topic of active discussion. Cloud has led to cost savings for organizations while improving time to market. However, Cloud has also presented challenges in terms of bringing it inline with existing security and compliance practices.
Cloud Computing is often bucketed into three categories:
Infrastructure as a Service (IAAS )
Platform as a Service ( PAAS )
Software as a Service ( SAAS )
Out of these, SaaS is most mature, followed by IAAS, and followed by PAAS. Not very surprisingly, all of these share a common ingredient often, which is heavy reliance on APIs. While there are some outdated SaaS applications that do not have published APIs, most modern and successful SaaS apps have APIs.
SaaS often tends to be a complete solution, but may require integration with some other components an enterprise may be using. For ex: you may need to integrate Salesforce with your on-premises SAP. This integration is typically done using APIs. ( whether developed by your developers or you buy a packaged integration). It is uncommon to see a SaaS vendor that does not have published APIs for integration.
IAAS offers infrastructure components such as compute, storage for enterprises. It is rare for an enterprise to be using 100% IAAS, however, the trends are pointing towards that. We also see several start ups and smaller companies that use 100% IAAS and only purchase laptops for their employees. For all practical purposes in the medium to large enterprises, IAAS usage still needs to co-exist with their on-prem infrastructure, due to leveraging existing investments or familiarity with the onprem infrastructure or enterprise specific issues. Because of this co-existence, enterprises would like to use deployment and orchestration tools that work across onprem and IAAS. Underlying enterprise consumption of IAAS is APIs. All leading IAAS vendors such as Amazon, Google and Microsoft offer APIs.
PAAS is an emerging market segment and is being increasingly adopted by development organizations within enterprise. Leading PAAS vendors are Salesforce with their SalesForce1 and Microsoft Azure. Oracle had just announced their own PAAS. IBM has efforts underway to develop their own PAAS solution. There are also several point vendors who provide packaged and hosted software. A common key building block of PAAS offerings tend to be APIs.
As discussed in the previous post, to gain visibility into Cloud usage, it is not sufficient just to look at SaaS usage — you also have to under IAAS usage and PAAS usage. The common building block for all of these tend to be APIs. By looking for API usage internally and going external, enterprises can start building a map of their Cloud usage.
Once a Cloud usage map is prepared, enterprises can then decide which Cloud usage needs to be made more secure and policies should be enforced.
I will discuss an example map of Cloud usage and typical patterns to look for when building a map of Cloud usage in next post.