November 4, 2016 | Written by: Cesar Saavedra
Share this post:
In the digital economy, APIs have become the key enabler of digital transformation. More and more businesses are adopting API management as an integral component of their integration strategy. According to analyst firm IDC, “API management was the fastest-growing market across integration and orchestration middleware in 2015” worldwide at $331 million. Analysts at Forrester predict that “annual spend [of U.S. firms] will quadruple by the end of the decade, from $140 million in 2014 to $660 million in 2020.”
Top concerns companies have about implementing API Management relate to deployment options, performance and security. Performance is critical because your API management solution has to handle thousands of API requests coming from your consumers’ digital devices or third-party-developed apps. Depending on your industry, security breaches can have a major impact to your business, ranging from consumer dissatisfaction, decrease in revenues, government fines, devaluation of your brand, loss of customers and lawsuits. Security and performance needs directly involve a vital component of API management, the API gateway.
Deploy your API gateway where it fits best
Wouldn’t it be great if you could deploy your API gateway anywhere? Having the flexibility to deploy the API gateway to any environment gives you the freedom to exploit its capabilities everywhere across your organization.
Imagine having multiple cloud environments for development and testing, an on-premises virtual (such as VMware or XenServer) or Docker-based environment for quality assurance. You could also use your own data center with physical servers and hardware appliances for production.
Some API management vendors offer a single, combined runtime for gateway and integration execution. Running business logic or integration processes within the same runtime as the API gateway can negatively affect its performance. In most API management solutions in the market, this is why the API gateway is a standalone component.
You should consider the following: does the API gateway come in a physical form factor? Is it optimized to the underlying hardware? Or is it just a software application installed on your server’s operating system? Does it come with an embedded operating system and optimized application layer? Some API management vendors offer only a software-based API gateway for the server operating system without any kind of performance optimization on either end. Other vendors package their software on a Linux server and erroneously call it a hardware appliance.
Having an effective API gateway can help you prevent security breaches and protect your backend systems data when exposing them via APIs. For maximum security, your API gateway must support all major API management security protocols, and its image must be signed and encrypted. Optionally, it should support an embedded or networked hardware security module. These strong security capabilities will ensure that your exposed APIs are less vulnerable to hackers.
The best of all worlds
IBM API Connect Enterprise comes with an API gateway, an IBM DataPower gateway, that fulfills the security, performance and deployment needs described above, and more. IBM DataPower Gateway can be deployed anywhere because it supports Docker, cloud, virtual and hardware form factors so you can take advantage of its deployment flexibility and high performance.
It comes in a secure image and it supports a variety of security protocols, including the ones common in API management. Its features make it a great fit for managing API, mobile, cloud, integration and B2B enterprise deployments. And it’s a great fit for application development and DevOps activities.
Learn more about IBM API Connect and its API Gateway by clicking here.