Most organizations today have a governance strategy depending on their industry. Policies such as Sarbanes-Oxley, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act (HIPAA), or other acts influence a company’s governance strategy. However, these types of policies are often abstract and only provide mandates on “what” but not on “how” to govern an IT infrastructure and services. Organizations have recognized the need to enforce additional governance to derive uniformity, standards, best practices, and common operating procedures across teams. With this in mind, it’s imperative for vendors to provide guidance around their products that customers can use to meet their own governance standards.
MuleSoft offers products and caters to technology implementation involving APIs, integrations, and security. Thus, governance can be enforced in each of these technology areas. In this multipart blog series, we will explore how the MuleSoft platform can be used to provide practical governance around APIs, integrations, and security.
Governance is one of the most common topics discussed in our advisory engagements with customers. Organizations understand the importance of governance and typically have the following questions:
- How do I govern my APIs and integrations in MuleSoft?
- What are the governance capabilities in MuleSoft products and methodologies?
- How can we align API and integration governance with our corporate governance?
We will dive into these questions in this blog series. But to start, let’s go into the importance of IT governance, the difference between governance and a best practice, and the pillars of governance.
Why IT governance?
Governance is not a nice-to-have rather a must-have. Governance at different stages of API lifecycle provides the following benefits:
- Protection for organizations from security and compliance risks.
- Standardization on each aspect of the API and application life cycle.
- Optimization of shared tasks across different teams.
- Minimization of errors and an increase in efficiency in development, deployment, and release process.
- Acceleration of software delivery speed.
What is the difference between governance and a best practice?
The short answer: a best practice when enforced becomes governance.
A good example to illustrate the difference is strong password enforcement. In the early 2000’s most organizations recommended that employees choose strict passwords, but found that many employees were still using default passwords, despite best practice recommendations. This led to several unwanted security incidents. Today, password compliance is enforced by most organizations, where they are using technology to prevent access to sensitive resources unless you have a conforming password.
Pillars of governance
People, process, and technology form the three core pillars of governance. In the past, governance was a hodgepodge of disconnected processes across API Life Cycle (ALC), but with unified platforms like MuleSoft Anypoint Platform, governance can be tightly streamlined and enforced at each of ALC.
With industry best practices as a foundation, Anypoint Platform is built to enforce a certain degree of governance by default. It also provides options for customers to enforce governance at the plan, design, and run phases of APIs and applications. MuleSoft Outcome-Based Delivery (OBD) methodology provides best practices and how-to guides on enforcing governance at the process and people level.
Below is a matrix of governance-related activities by pillar at the different stages of an API and application lifecycle, and how governance is enforced at each stage.
This was just the overview in our multipart series. As you can see in the matrix above, governance covers the depth and breadth of different stages of ALC. Stay tuned for part two where we will begin to uncover governance details of the different stages.
To learn more, download the API lifecycle management eBook to discover how to set up your developers for success from API design to deprecation.