A few months back, I wrote a blog post titled “Are Open APIs Too Open for Big Business?” That post was about the challenges large businesses face when adopting an open API mentality. In it, I described the fears of brand damage and lack of control that prevent enterprises from opening up their data stores and services to the world. I also reasoned that large organizations could provide a new type of stable, trusted and highly-available API in the marketplace. Not a lot has changed over the last three months – big businesses are still absorbing the idea of open APIs and are continuing to weigh accessibility against control before taking the plunge. As before, the good news is that their reservations around control are being addressed with solutions like Layer 7′s API Management Suite, which lets them create a developer experience that will bring in the hordes while still keeping the gates secure.

The reality is that many enterprises are already taking advantage of the API wave by using open API tools and philosophies to create and mange private APIs that, in turn, power their branded mobile and browser applications. This is a good thing as it allows businesses to reach their customers and to integrate easily with smaller mobile and device development shops. Plus, it fits well with a corporate culture of control. But organizations are missing a trick if they don’t consciously explore the benefits of opening these APIs up and joining the world of platforms, developers and communities that rely on open APIs to power their applications and projects.

These are big decisions with big consequences. The success of an enterprise open API program will likely be dependent on those at the very top of the organization providing the necessary leadership and investment required for big change to happen. That takes time. In the meantime, the projects won’t stop, the need for B2B integration will continue and the consumer demand for applications on every device will grow louder and louder. In this climate, there is an immediate need for enterprises to release APIs (be they private or public) as quickly and efficiently as possible while still addressing concerns over control.

Layer 7′s new APIfy service fits perfectly in this space as it allows small teams within the enterprise to get their private or public APIs out the door with a cloud-based API Management solution. They will get all the benefits of rate limiting, controlled access and the developer-friendly portal experience that are the hallmarks of a real Web API, in a SaaS platform. The fact that it is cloud-based means that smaller groups will be able to focus on delivering the solution without diving deep into hosting and implementation details.

Amidst all the decision making, strategizing and private API launches, the steady drum beat of progress towards open APIs in the enterprise has not stopped. The idea that information and services need to be shared in order to be valuable is taking root amongst thought leaders in the mainstream technology world and is, in turn, being heard within the enterprise. For example, Gartner has just published a research article claiming that financial institutions should be investing in APIs rather than applications (with API Management technology addressing the issues around control). Just as online banking started with private connections before it eventually landed on the public Web, the big banks could shift from private API adoption to public API adoption very quickly if the market demanded it. When banks open up their services for controlled consumption, there will be little doubt that the open API era has arrived for the enterprise.

It hasn’t gotten any easier to become an open API enterprise over the last three months but it certainly isn’t becoming less important. Hopefully, continued improvements in API Management technology will make that shift just a little bit easier.

As a San Diego resident, I always love it when friends or relatives come for a visit because it gives me an opportunity to show off the great attractions that America’s Finest City has to offer. From the beaches to the parks to the World Famous San Diego Zoo, there is a multitude of great sights to see.

Next week, IT professionals and enterprise decision makers will descend on San Diego for the Gartner Catalyst Conference. While I hope they have the opportunity to see something of the city, there will be plenty of sights at the Manchester Grand Hyatt from Monday to Wednesday. Discussion topics will include building out a mobile strategy, creating a hybrid cloud infrastructure and making use of “big data”. And Layer 7 will be there in force.

Stop by our booth (#K24), have a drink with us at the reception or visit our zoo-themed hospitality suite in the Oxford room, on Wednesday night. You’ll be able to see our SecureSpan Mobile Access Gateway and the latest version of our API Portal in action, including fun demos of functionality for OAuth and streaming Web protocols.

To hear about a real-world application of our technology, come listen to Thomas Nienhaus of Lilly present on the topic of “Secure Data Access Through a Mobility Gateway” (at 4pm on Tuesday). You could also schedule some time with one of our experts, who will review your technology needs, match them with a Layer 7 solution and provide a live look at our products. We can even give you some hot tips on where to find the best fish tacos in town.

Layer 7’s UK team will be talking mobile, open APIs and cloud this week at the Gartner Application, Architecture, Development & Integration Summit, in London. We are longstanding supporters of Gartner AADI in the UK, US and Australia because of the value it offers enterprise architects, development managers and integration leaders facing challenges around mobile, APIs and the cloud. As enterprises face more complex hybrid connectivity problems over the coming years, we expect conferences like this will play a central role in providing a gathering place for IT experts tasked with finding solutions.

If you’re attending this year’s London event, come by Layer 7′s booth to learn about our new mobile offerings or enjoy the company of the Queen herself during a special hospitality event, where we’ll be celebrating her Diamond Jubilee. Also, if you get the opportunity, don’t miss the chance to hear Rhys Jones from Royal Bank of Scotland (a Layer 7 customer) talking about his organization’s journey to the cloud.

Next week (June 11-14), Layer 7 will be exhibiting at the Gartner Security & Risk Management Summit near Washington, DC (in National Harbor, MD). Speakers will run the gamut from Michael Dell to the Cybersecurity Coordinator for the White House, because enterprises and governmental organizations share a serious interest in securing data and applications.

The combination of security and risk management is particularly interesting these days, as rapid migration to Cloud and Mobile has introduced a new set of risks. These new platforms raise issues around compliance, information security and identity management, which can only be addressed with a comprehensive approach to security, using proven technology.

If you’re at the show, stop by and visit Layer 7 at Booth 92. We’d love to demonstrate how our SOA Governance and API Management solutions can counteract the risks involved with adopting these new technologies. Our solutions – flexibly deployed on-premise or in the Cloud – provide control over data and applications being exposed to partners, Cloud and Mobile.

And our industry-leading technology has been certified at the highest levels for use in both corporate and governmental organizations – PCI-DSS compliance for retail, STIG vulnerability testing for the DoD, FIPS 140-2 for cryptographic functionality and Common Criteria certification for overall security.

Don’t let the risk outweigh the reward – come talk to us!

I delivered a talk all about API governance at last week’s Gartner Application Architecture, Development & Integration (AADI) summit in Las Vegas. I was the lunchtime entertainment on Wednesday. The session was packed—in fact, a large number of people were turned away because we ran out of place settings. Fortunately, a video of the session is now available, so if you were not able to attend, you can now watch it online.

In this talk, I explore how governance is changing in the API world. I even do a live OAuth demonstration using people, instead of computers. Unlike the classic “swim lane” diagrams that only show how OAuth works, this one also teaches you why the protocol operates as it does. (If you want to skip directly to the OAuth component, it begins at around 22 minutes