About MaaS and PaaS of the future

Are you ready for the new API management tools?


The new API economy is changing the way businesses collaborate and compete. APIs have become the de facto standard for cloud and mobile applications. They give you the ability to unlock and break free from your legacy systems and transform your business into an open and agile platform.

Recently, Forrester released a report that sized and projected annual spending on API management solutions. In the US alone, they predict companies will spend nearly $3 billion on API management over the next five years. They also predict that annual spend will quadruple by the end of the decade, from $140 million in 2014 to $660 million in 2020.

Your applications are shackled inside legacy systems, customization, and complex integration and you think this may not be for you. If you ask your IT, they will tell you that you have already invested into the SOA architecture and use web-services, to integrate applications. Web services are just one way of doing SOA.

In IT, people build careers on technologies. The younger people don't want to hear about Web services. They want to do REST. REST, however, also limits the complexity of interactions. API management tools may help bridge this gap. API management is the process of publishing, promoting, and overseeing application-programming interfaces (APIs) in a secure, scalable environment. It also includes the creation of end user support resources that define and document the API.

To survey your readiness, I have listed 28 questions divided into 4 sections. You can respond to more than 1 question in each section.

Section 1:

  • Have you simplified integration to and from cloud services (SaaS) such as Salesforce.com?
  • Do you manage APIs to control connected devices and access real-time information?
  • Can you easily convert between SOAP-based web-services, XML messages, and REST APIs?
  • Can you protect against malicious attacks, including Denial of Service (DoS), code injection, etc.?
  • Have you simplified API access control?
  • Have you designed and deployed REST or SOAP APIs for B2B, cloud, mobile, and Internet of Things initiatives?
  • Have you extended or replaced an existing SOA or XML gateway

Section 2:

  • Have you enabled SSO and fine-grained access control across cloud and on premise applications?
  • Can you protect connected devices from unauthorized consumers and external threats?
  • Do you use integrated web-services, APIs, and other technologies using a lightweight, API-centric alternative to traditional ESBs?
  • Can you enforce fine-grained access control across developers and organizations for messaging, APIs, and web-services?
  • Are you mediating identities and security tokens across common identity and access management systems?
  • Do you have the ability to give your developers and departments’ self-service “on boarding,” API discovery, testing and integration?
  • Do you leverage cloud-based infrastructure, rather than being confined to “on premise” deployment models?

Section 3:

  • Can you protect sensitive data as it travels to and from the cloud?
  • Are you able to scale to support millions of consumers and petabytes of data?
  • Do you manage and monitor web-services and REST APIs to prevent unauthorized usage, data access, or external attacks?
  • Have you implemented encryption, authentication, authorization, SLA and other policies using rules and a configure-not-code approach?
  • Are you leveraging “Social Login” for your applications?
  • Do you manage end-to-end API lifecycles, including developer Service Level Agreements (SLAs)?
  • Have you built and managed APIs more easily with a graphical configure-not-code approach and pre-built, reusable components?

Section 4:

  • Do you monitor Service Level Agreements (SLAs) for the cloud services your business depends on?
  • Do you audit, monitor, log and report API usage to meet stringent compliance mandates?
  • Do you govern the lifecycle of web-services and APIs?
  • Do you provide end-to-end audit trails without coding through configuration and pre-built analytics?
  • Can you extend web access management to APIs
  • Are you able to provide API providers and developers with complete visibility and auditability on API usage?
  • Are you able to gain fast and efficient support for mobile-specific types, including REST, JSON and OAuth?

Now mark a box in each section that corresponds to the number of questions you responded to in each section. If you find that you have responded to more than one question in each section, you will select the section that has the most responses. If you have sections with the same number of responses, you will select A, B, C, or D from the lowest numbered section.


In his book, The Digital Enterprise, Karl-Heinz Streibich says, “Every business must become a digital business, regardless which industry it operates in.” So, irrespective of where you fall in the matrix, you are already on the path to adoption.

Twitter @bigdatabeat

Copyright © 2015 IDG Communications, Inc.