Over the last 12-18 months something has become very clear to us – managing the API lifecycle is utterly critical to organizations of all sizes. And in confirming this fact, two trends have emerged.
The first trend is a reliance on what we have called “passive monitoring.” Passive monitoring is observing the traffic to draw conclusions. A lot of DevOps tools and existing API observability platforms focus on this, but as we’ve explored before, this leaves some potential gaps that can be critical.
The second trend is a focus on “left-shifting” towards the design side, with the idea being if you design away problems then you will not have to worry so much about the runtime.
As we discussed these issues with 42Crunch from a security design perspective, we both realized that there are gaps emerging in the lifecycle and as part of our evolution into being the next generation of run API governance platform, APImetrics and 42Crunch will be partnering to close the loop on design and runtimes.
Designing for quality and security is essential. But as Stoplight, the API design management provider found, while 90% of companies had authentication services in place, only 31% had any confidence in the system that was set up. By combining our solutions, APImetrics and 42Crunch are determined to close this gap.
Securing APIs needs to be a continuous process.
Something that lives in different silos within the organization, with different teams looking at elements of the security process, things will get missed. You may even find, like Australian carrier Optus, that the security “hack” wasn’t a hack at all but something that was perfectly possible to do.
As 42Crunch CEO, Jacques Declas puts it, “Our API security platform uniquely combines ‘shift-left’ methodologies with runtime API security policy enforcement that complements APImetrics.”
APImetrics was designed from the ground up to make it easy and secure to monitor critical scenarios in the runtime. This includes understanding the end-to-end API supply chain (the cloud services, CDNs and other infrastructure in the path), and allowing for continuous positive and negative checks against the runtime environment to provide constant assurance that everything is working as expected.
Moving forward, APImetrics plans to capitalize on its privileged view across runtime environments to extend its shift-right validation capabilities to ensure that API-native authentication and authorization policies are in force and behaving as expected.
“No other solution combines our core strengths of API-native runtime visibility, validation, and assurance,” said Andrew Brown, Chief Product Officer at APImetrics. “In the coming quarters, our plan is to extend these capabilities deeper into the API ecosystem by integrating with API design-time and application development lifecycle solutions.”
The endgame is to provide API product managers and stakeholders across the organization with a comprehensive platform that helps them achieve their business-driven API goals, without getting bogged down by outages, performance issues, security breaches, and compliance reporting.
APIs should be designed for quality from the ground up, but ultimately quality is defined by the end-user experience of the system and the quality designed into the system should be tested in the production runtime by somebody or something not actively involved in the delivery of the solution itself.
API lifecycle governance must be continuous and end-to-end, and this partnership is one of the first pieces in bring these strands together in a way to meaningfully validate your designs in your operational production environment.
If you have any questions or would like to set up a POC of the combined solution, please do not hesitate to reach out to us, and keep an eye out for more announcements on API lifecycle governance. It’s time to close the loop!