Just say no to slow

Reading Time: 4 minutes

In our recent survey of 800 tech leaders, one particular statistic jumped out: 66 percent of IT leaders surveyed say that change is needed in order to meet a “significant” or “drastic” increase in pressure to deliver IT services faster. That’s not surprising, says Ross Mason. He points out, “IT is now critical to a company’s ability to stay competitive in a rapidly changing business environment. The old IT operating mode is fractured. IT leaders are looking to an API strategy to reduce the complexity of their landscape, unlock assets and enable much greater agility through accessibility and reuse.”

What is surprising is that the pressure to innovate on businesses is so great that mere agility may not be enough to meet demand. ComputerWeekly ran a recent piece, based on research from CEB, a cross-industry group for business leaders, on the ways in which CIOs have historically tried to increase their IT clockspeed, and what they found was that the traditional ways of reducing friction – developing two-speed IT departments, standardizing on a single ERP system, and instituting agile software development – were not as effective as they needed to be to match the speed of the modern business environment.

What is needed is a radical rethink of how IT departments organize themselves. The research shows that IT departments can increase speed if they improve communications with the rest of the business, if CIOs delegate more decisions, and eliminating bureaucratic bottlenecks to fast IT delivery.

We have found this to be true as well. Our customers, like News Corporation, have found that when they have an API strategy that allows for reusability, they can deliver faster than they could before – in News Corp’s case, three times faster. We call this approach API-led connectivity – it allows technology to be developed anywhere in the business with standardized tools, and connected in a reusable, composable way.

Take a look at how API-led connectivity could help your business go faster. Also, if you’re just getting started with your API strategy, we have resources to help you.

IoT security is bad. What can developers do about it?

Reading Time: 4 minutes

Ars Technica had a scary article this week about an IoT search engine that allows users to search for webcams displaying anything, including marijuana plantations, bank back rooms, kitchens, bathrooms, and yes, sleeping babies. Webcams have easily exploitable security vulnerabilities, and those webcams are broadcasting video via API.

Part of the security problem is consumers. Because webcam manufacturers are working with very tight margins, and customers haven’t seen value in privacy and security, the manufacturers aren’t willing to pay extra to add extra security protection.

Consumers may not be willing to pay for security, but that doesn’t mean companies should be allowed to scrimp on security measures. “The bigger picture here is not just personal privacy, but the security of IoT devices,” says security expert Scott Erven. “As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a webcam peering into the baby’s crib.”

Therefore, say experts, manufacturers are going to have to be strong-armed into adding security protections to their IoT devices, and one forcing function could be governments. In fact, the FTC in the US has already started enforcing security standards for connected devices. Maneesha Mithal, associate director of the FTC’s division of privacy and identity protection says, “The message from our enforcement actions is that companies can’t rush to get their products to market at the expense of security. If you don’t have reasonable security then that could be a violation of the FTC Act.”

So what can developers do to make sure the connected devices and APIs they’re building have adequate security protections? We have a number of resources devoted to ensuring API security.

Also, take a look at our on-demand webinar addressing API security best practices and how they are addressed in Anypoint Platform.

It’s clear that business as usual when it comes to API security won’t be enough anymore, particularly as more connected devices come to market. It’s a good idea to make sure sure security is at the forefront of your mind when designing APIs.

Anypoint Platform January update: improved usability and policy management

Reading Time: 5 minutes

This week we’ve released a number of updates to Anypoint Platform, including new versions of API Manager, Anypoint Analytics, Anypoint API Gateway, Anypoint MQ and Anypoint Partner Manager. These updates provide improved usability for Anypoint Platform admins and owners.

API Manager 1.8.0

This release delivers a new admin user experience and improves policy management for API administrators with the following features:

API Administration

Based on user feedback, we’ve redesigned API Manager to give administrators more flexibility. A new summary panel now displays API proxy status, API version history, and rich version descriptions (e.g. owners, apps, policies, SLA tiers, etc.) — all without any expand/collapse clicking. Additionally, an API can now have multiple owners.

January update 1

Application Management

Organization owners now have a single place to access and manage all applications; you can easily find your apps for contract approval/revocation.

January update 2

Gateway Awareness & Policy Ordering

Users now have control over the sequence in which their API policies are enforced. Additionally, only policies supported by the Gateway tracking your API will be offered for configuration.

January update 3

Resources:

To further improve usability and policy management, we’re also announcing two other product releases:

Anypoint Analytics 1.10.1

Anypoint Analytics APIs now support OAuth tokens in addition to JSON Web Tokens (JWT) for calling the Anypoint Analytics Query and Reports API. Additionally, going to the analytics homepage directly without a validation token now redirects the user to the Anypoint Platform login page.

Resources:

Anypoint API Gateway 2.0

This release focuses on policies enhancements and support for the following features:

  • Custom policies support Dataweave and now any custom policy can be published to Anypoint Exchange,
  • Proxies now return the appropriate 504 error on timeout of implementation API
  • API Analytics now track a broader set of events (e.g. timeout errors) and not just policy violations.
  • Standby cloud API Gateway instances can be deployed rapidly with Fast Deploy (previously available only for cloud integration workers)
  • Global support for API Gateway 2.2.0 will be available on CloudHub in Feb 2016.

Resources

Finally, we’ve released two more product updates based on user feedback:

Anypoint MQ 1.0.1

Per user requests, we now support Anypoint MQ on IE11.

Anypoint Partner Manager

  • Adds Trading partner management capability to our Anypoint B2B solution. This capability is critical for customers to on-board their trading partners. Anypoint Partner Manager allows you to:
    • Add and manage trading partners
    • Centralize configuration for AS2, FTPS and EDI connectors
    • View B2B message transmissions with trading partners.
  • Documentation
  • Release notes

Stay tuned for further updates and releases!

types of apis

Ensure API security with Anypoint Platform

Reading Time: 2 minutes

API security breaches are expensive. How expensive? They can cost $400m or more. APIs are a strategic necessity for any business but it’s equally important to keep them safe.

Fortunately, there are lots of resources available to make sure that API security is baked into your APIs as you design and deploy them.

We have released a new whitepaper, Protect Your APIs, which goes into detail about the top security concerns around APIs and how Anypoint Platform addresses them.

Also, be sure to attend for our webinar, Best API Security Practices, for more information about how to keep your APIs safe.

API-led connectivity is the right approach to enterprise integration, but there’s no need to expose your company to undue risk. Take a look at these resources and make sure your business is protected.

Making smart choices in smart city investments

Reading Time: 3 minutes

The possibilities available to create a smart city seem endless. Technology allows innovations like smart infrastructure that can track public works projects to sensors that identify open parking spots to free public wifi. But how do municipal CIOs decide what’s worth investing in? And how can they ensure projects in process have the best chance of success?

Govtech.com has highlighted five cities that are trying to maximize their investments in smart technology to bring the greatest benefit to their citizens. Toronto’s CIO, Rob Meikle, is glad to have so many options coming out of the tech sector, but cautions,. “If you are not careful, you can be chasing a whole lot of things and not necessarily be getting the outcomes and the value you were hoping to achieve.”

The secret, say these five CIOs, is to maximize the tech assets you already have; then figure out the outcome you want to achieve and work from there. For New York City, that means closing the digital divide by offering free city WiFi. For Atlanta CIO Samir Saini, that means addressing ““urgent need[s]” as they bubble up from the citizenry and are expressed by the council and the mayor, which could be anything from replacing aging infrastructure to enhancing public city. Las Vegas is all about innovation. “No idea is a bad idea,” says CIO Joe Marcella. “Every one of them deserves to be vetted, and some of them deserve to be tried. We are not afraid to make those kinds of mistakes.”

In an era of tight public sector budgets, and citizens demanding more accessible public services, smart technology and integrated systems could be the way to do more with less. Take a look at our resources on how technology can be cleverly deployed in the public sector.

API Security Best Practices – upcoming webinar

Reading Time: 3 minutes

APIs have become a strategic necessity for your business. They facilitate agility and innovation. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400M or more, senior IT decision makers are right to be concerned about API security.

In an upcoming webinar, API Security Best Practices, MuleSoft Senior Solutions Consultant Nial Darbey will talk about the chief things you need to know about when implementing your API security strategy. He’ll also discuss how MuleSoft’s Anypoint Platform can keep your APIs secure.

Attendees will:

  • Explore in depth the main security concerns about developing and managing APIs.
  • Take a close look at how the IT industry has responded to those concerns.
  • Be introduced to solutions to managing and hosting APIs that are secure according to the highest industry standards.

Join us on Wednesday, January 27, at 10 AM Pacific.

Tim Prendergast, former Adobe Security Team Lead, says “there are far too many APIs being cranked out in such a short period of time… there is no way that they have all been properly secured and built.” Make sure your APIs are properly secured at the beginning of the development process – be sure to attend this webinar.

Choose your own adventure – Anypoint Platform for APIs

Reading Time: 2 minutes

Are you new to Anypoint Platform for APIs and want to figure out how it all works? Check out the interactive walkthrough for the Anypoint Platform for APIs.

The walkthrough lets you choose your own adventure by allowing you to pick a path that best matches your role in the example use case. At the top of each walkthrough page, under the title, is a blue label that indicates the permissions you need in the Anypoint Platform for APIs to perform the actions in the section. Depending on your focus, you could jump straight to a later point in the walkthrough that is relevant for your role.

Here’s a high-level overview of the walkthrough. We suggest you start with Create an API or Consume an API, but you can jump in wherever you like.

API_Walkthrough_Diagram (1)

If you’re ready to get started, head over to the Anypoint Platform walkthrough. Enjoy!

European IT decision makers under pressure to deliver faster than ever

Reading Time: 5 minutes

We recently surveyed 800 IT professionals across Europe to find out the pressures they are facing as well as how they’re using APIs to improve their businesses. The results were clear – moving faster and becoming more agile are the top priorities for IT execs in 2016.

Over three-quarters of IT professionals said the pressure to deliver IT services from across the organization had increased over the past 12 months. 66 percent said that change was needed in order to meet a “significant” or “drastic” increase in pressure. That pressure has traditionally come from mainly sales and marketing departments, but it’s now also coming from finance and operations, C-level executives, and research and development.

“IT is now critical to a company’s ability to stay competitive in a rapidly changing business environment,” said Ross Mason. “IT teams are facing growing pressure from the boardroom and from every corner of the organization. The old IT operating mode is fractured. IT leaders are looking to an API strategy to reduce the complexity of their landscape, unlock assets and enable much greater agility through accessibility and reuse.”

The majority of companies who had an API strategy in place said they are currently using APIs to free data, specifically link new software with existing systems and applications (72 percent) or unlock data silos (55 percent). 52 percent also indicated the need to increase agility and enable business teams to self-serve IT as a reason for having an API strategy.

Mason added, “We are seeing CIOs shift from traditional IT delivery models to delivering capabilities to their business, allowing the consumers of these capabilities to build their own applications and processes. This is the decentralisation of IT, where IT no longer owns the applications but are governors of the data. This contributes to the expanding partnership between business and IT. The key step will be decentralizing IT by opening up APIs to developers and lines-of-business, so they can gain access to reusable data to try out new products or explore new digital services.”

And finally, the need for increased agility was also shown to be behind much of the interest in microservices. 38 percent of respondents said they were currently using microservices. Of those that weren’t, 44 percent said they were planning to do so. 26 percent were planning to leverage microservices within the next six months.  Respondents using or thinking of using microservices identified the ability to add new features or capabilities without re-writing a whole application as most important.

Take a look at the full survey results. In addition, here’s more information on how MuleSoft’s Anypoint Platform can enable speed and agility in your business.

The future of healthcare innovation

Reading Time: 3 minutes

APIs are often considered the “invisible warriors of healthcare.” And as our founder Ross Mason points out in TechBeacon, there are lots of examples of how APIs are transforming healthcare. But could APIs push healthcare innovation even further?

Big strides have been made already. UCSF has rolled out the CareWeb Messenger engagement platform, which allows healthcare professionals and patients to securely communicate online and on mobile devices in real time through APIs. It helps caregivers improve care through a complete view of communications regarding the patient.

MuleSoft is one of Salesforce’s partners in the Salesforce Health Cloud, a new product that aims to build stronger patient relationships and use data to improve the patient experience.

But there’s still a long way to go to have a truly integrated healthcare experience. Ross notes, “we still require patients to fill out the same forms multiple times every time they visit, which is extremely error prone and creates a slew of downstream problems.Why isn’t this information synced across departments, with other healthcare providers, and with our personal devices that track health functions?”

APIs will enable the connections between the patient, data, and healthcare professionals, and will take healthcare further into the connected area to become truly-patient centered.

Take a look at more resources on how APIs are transforming the healthcare industry.

Extending Connectivity at CES

Reading Time: 4 minutes

CES 2016 was supposed to be the year of the connected device – companies of all sizes were unveiling the latest smart devices to make consumers’ lives better and easier. Is this the beginning of the IoT consumer revolution? The picture seems a bit mixed.

This year’s gadgets have been aimed at making sure your home knows what you want before you do. The connected devices that have been announced are all about making everyday tasks easier, simpler, and more convenient. For example, Samsung announced a refrigerator that will allow you to order directly from a screen on the door, and even let you see what’s inside while you’re out shopping. GreenPeak Technologies released a Family@Home app which recognizes established patterns of behavior and sends alerts when something happens out of the ordinary. It’s aimed at seniors, who are living longer at home.

Two trends are emerging in regards to smart devices. One is that consumers are wary of adopting smart home devices, because they’re afraid they won’t be able to get them to function properly. “Most people are scared or don’t understand smart homes because it’s been presented to them as: ‘Here’s a hub and a bunch of sensors, why don’t you try to turn on your lights,'” says NextMarket Insights analyst Michael Wolf.

The other trend is that companies are trying less and less to become the de facto connected platform for your home, and instead are working with established systems like Alphabet’s Nest and Samsung’s SmartThings. This is why APIs are so crucial to IoT development – the players understand that the success of their IoT efforts are going to live or die on whether their connectivity platforms are adopted by developers. In fact, Amazon has established an Alexa Fund to help developers use its platform, and the effort is paying off; devices using Alexa are everywhere at CES.

In his predictions for 2016, our founder Ross Mason suggested that connected devices themselves won’t make a big impact right now; what will make an impact is how these devices will be used to create value. Enterprises thinking about IoT can imagine value scenarios and have developers create APIs to make those scenarios happen.

If you’re interested how connected devices will affect your business, take a look at our resources on IoT.