We recently visited with Kurt Collins, Director of Technology Evangelism and Partnerships at Built.io, about the impact the Internet of APIs (IoA) will have in 2016.
ADM: We’ve all heard the term the “Internet of Things (IoT),” but how will this evolve in 2016 and how so?
Collins: The year 2015 was a breakout year for the Internet of Things. The Apple Watch was released and in the second quarter alone shipped an estimated 3.6m units; they then followed that with 3.9 million units shipped in Q3. That’s a huge bump for the smartwatch market when you realize that Pebble only sold 1m of their smartwatches over the last three years and Google’s effort (Android Wear) had sold a total of 800k watches through the end of last year; and that’s just smartwatches. Amazon has jumped into the IoT fray with the Echo. According to IDC, the wearables market has seen a 197.6% growth in Q3 2015.
And it’s not just devices that had a breakout year, but platforms, as well. Cisco launched their IoT System platform in July; Amazon Web Services launched their IoT Platform in October; Verizon launched their IoT platform, ThingSpace, in November; and the list goes on.
With all of that action in 2015, what can we expect from 2016? We can expect significant growth in larger connected devices and systems. Tesla has already started their connected car initiative and they plan to expand it significantly over the next year. Cisco is working hard to build a connected city experience for the city of Dubai. And that’s just the beginning.
ADM: You said the Internet of APIs (IoA) will come front and center in 2016, why?
Collins: As an industry, we’ve spent the last several years building connected devices. But devices or “things” without an API just don’t make sense anymore. For most of those devices, APIs have been built to allow consumers and developers to easily integrate them into their daily lives. But the enterprise isn’t far behind. Cisco’s routers and switches, for example, already come with APIs and the company is busy following suit across the breadth of its product portfolio, having just unveiled its APIs for Cisco Spark last week.
APIs are the key to unlocking value and the only way to make sense of all the functionality, data and efficiency new connected devices bring to our lives is by truly embracing the Internet of APIs.
ADM: Can you elaborate on how IoA and iPaaS work together?
Collins: At its core, iPaaS is about connecting different systems. Whether those systems are enterprise mainframes or cloud-based SaaS platforms is immaterial. The Internet of APIs is a massive collection of devices, apps and services. An iPaaS can streamline the process of connecting all of these systems together to unlock value.
ADM: What should enterprises do to prepare for IoA?
Collins: IT needs to raise its gaze from trying to implement, to directing implementations across the entire organization and establish rules, processes and tools for business owners to drive IoA use cases.
If said business unit has a compelling use case that combines Salesforce and a Plantronics headset (both of which have APIs), let them build it . Simply make sure that IT policies are upheld.
Practically, this also means that enterprise organizations will need to prepare for utilizing and sharing data across discrete systems. They will need to ensure privacy is upheld and most likely beef up their security and control infrastructure. In addition, they’ll need to put systems in place to manage that distributed data in an efficient manner. Consider implementing an API gateway or caching system on your internal network.
ADM: How will IoA address security concerns that enterprises have with IoT?
Collins: Securing your data, whether that’s data on your internal network or data coming from your external APIs, is the same process. The basic principles of securing your own internal network will translate to IoT. Basically: only trust information when you know exactly where it’s coming from. If data you get back doesn’t come as expected, then verify its origin and intent. “Trust but verify” works in IoT just as well as it does in traditional enterprise security.
ADM: How does the explosion of conversation surrounding micro services change or improve the development process for API-driven (e.g. mobile) apps?
Collins: The conversation surrounding microservices is not a new one. It’s a variation on an old theme: service oriented architecture. In fact, integration gurus who have been in the integration space for a while refer to “microservices” as “SOA done right”. The benefits that come from microservice-focused development are myriad. However, they’re nothing extraordinarily new.
One major advantage now, however, is that software development collaboration tools (such as git and svn) have finally caught up to the thought process surrounding microservices. This makes it a lot easier to develop discrete modules (called microservices) that all work well together. Also, the industry today has plenty of technology options around integration that don’t involve the need to deploy clunky Enterprise Services Bus (ESB) infrastructure.
ADM: With IoA becoming a reality and APIs becoming ubiquitous, how can organizations manage this flood of APIs and integrations that need to happen to keep things in order?
Collins: There are multiple ways to deal with integrating APIs. The least efficient and most arduous path is doing it by hand: Get a few software developers to manually write an integration between the systems you’re interested in. This route tends to be the most time-consuming and costly one and is only recommended for the most sensitive and complex integrations.
An increasingly popular alternative to dealing with integrating APIs is to use an iPaaS. Often times the efficiency of using an iPaaS allows you to not only build an integration much more quickly, but manage and upgrade that integration over time with significantly less hassle. As with everything, choose the right tools for the job. However, if your project involves mobile or cloud-based components, iPaaS is often the cheapest and easiest way forward.
ADM: Now that organizations have their data spread across disparate systems (in this case, all accessible via API), how should they adjust their processes and procedures to maintain compliance and security?
Collins: First and foremost, before putting your data on any external system you should have an excellent understanding of exactly what is happening with your data, how it’s stored and transferred, and who has access to it – in transit and at rest. Without that basic knowledge don’t go down the path of using any external system for your enterprise data.
After that, while existing legal procedures may need to be updated, a fair amount of enterprise API providers have SLAs (Service Level Agreements) that can be utilized to hold them accountable. Look very hard at putting one of these in place.