Layer 7 CSO Dimitri Sirota Talks API Management Frameworks and You: The Evolving World of DevOps Data


I recently had the change to speak with Dimitri Sirota, the Chief Strategy Officer ands co-founder of Layer 7—recently acquired by leading IT acceleration company CA Technologies—about the role of API management frameworks in the enterprise and DevOps spaces and here’s the takeaway: APIs are the new web, reflecting a trend in the enterprise culture where what was once warehoused solely within its own space needs to be opened up and driven to the public web, cloud, or mobile devices.

Five to six years ago, exchanging data happened to only be an inter-departmental concern for the enterprise; however, with the advent and explosion of mobile devices and the cloud, there has become a need to deliver data outside of the enterprise to developers and customers. Data has become a unit of value exchange with outside vendors, customers, and even faceless clients.

Due to this new environment the API rose up to become the interface that developers use to allow their applications to connect to and gather information from numerous sources. Much like a house has doors and windows, enterprise applications (and their underlying data warehouses such as databases and information stores) need portals through which that information can be accessed. However, just like nobody has a gaping open door on their house: enterprise silos don’t want a gaping hole into their data either.

And Sirota says: So enters API management.

Like the door on a house, API management provides a framework for adding policies, rules, roles, and security to API access. Via API management, providers (enterprises who have a service that collects, stores, and delivers data) can layer on different levels of accessibility to external or even internal sources. This enables them to provision out access rules for applications to use their data. Layers can be added to identify the application seeking access through credentials, to define how much and how often data can be accessed (i.e. prevent flooding), authenticate that the application or user has the clearance to see the data that’s being sent, and even layer on encryption to protect the data being exchanged with the application.

Sirota explains this is of utmost interest to developers because they interact with APIs all the time already. This is essentially

“Clearly developers are important for developing applications that span the cloud and enterprise and especially on mobility,” Sirota says when asked about how developers and API management would interface. “All of those apps you see on your device, they use APis to gather information; and when developers make apps they need access to that data [databases, underlying metadata, information, etc.] and externally exposed APIs enable companies to share that data with structure and allowing for particular access rules and roles.”

Numerous web-services provide APIs that must be managed—examples extend from Facebook and Twitter who allow for web pages to interface directly; to products such as PayPal, Fortumo, and others who want mobile devices to be able to call out to their services and connect customers.

Whenever data is transferred from within an enterprise framework outside to the web, cloud, or mobile an API management framework comes into play (even if it is simplistic and anemic) but with the increasing complexity of exposed APIs it’s becoming equally increasingly necessary to develop this gateway technology to protect and manage.

APIs are essentially the new programmatic web—a way for applications to interact with applications and deliver data, which isn’t that distant from the usual web (applications to people).

How does Layer 7 fit into the API management framework conception of the web?

Layer 7—and now through acquisition, CA Technologies—provides API management products for the enterprise who want to layer on those levels of access to their externally exposed APIs. As described above, Layer 7 products provide a framework to “manage” APIs by giving them a gatekeeper that enables a safer, easier method of delivering information to a multitude of external sources.

This product also allows enterprise clients to provide a unified front across multiple outlets–web, cloud, and mobile—and provides the tools to secure that unified API front.

Secondly, and equally importantly, Layer 7 has a product that focuses on the need for enterprise developers to know how to access their own data that is more often than not being exposed within the enterprise from other departments or applications. At any one time, a single enterprise might be working on dozens of different initiatives, all of which produce and store data and have a need to reuse components. To aid with this, Layer 7 provides a product that allows developers to index APIs to centralized registry of APIs in the company that allows other developers to visit this “API portal” to discover and learn how to access the APIs.

The first product is very important for exposing data to the public world to take advantage of the progress made across both mobility and the cloud. The second product still speaks to the inter-departmental needs of the enterprise that still exists for developers to deliver enterprise-specific application data.

It’s almost a metaphor looking the products together: one product firmly feet on the enterprise ground; other product with its head in the clouds (and mobile and web.)