Insight Category: Digital Integration & API Management

Complex ecosystems of applications and business processes now define the modern enterprise. On a positive note, several technology platforms and solutions are available to address this complexity and improve business efficiency. As an example, mid-market insurance organizations typically use four to five technology platforms, twenty to twenty-five applications, and more than thirty business processes to conduct their business. This includes a combination of custom-built applications, Software as a Service (SaaS) applications, and processes managed using Microsoft Office productivity tools where all of these have evolved over time as the business grows organically or through acquisitions.  At Exavalu, with our deep domain knowledge in multiple industries, we help clients formulate and implement a well-architected integration strategy.  This helps them break the silos, focus on key business processes, and access specialized technology solutions at a competitive price point. 

Exavalu utilizes the WSO2 integration platform to provide a comprehensive suite of tools, a well-architected framework for system integration, and open-source products that the community continuously updates to address modern integration needs.  A leader in API Management Software WSO2 offers enterprise-quality platform support, a rich developer community, and a partner network to satisfy a wide range of integration challenges cost-competitively. WSO2 has become the largest open-source integration vendor, by size of revenue and number of customers. 

Let us explore how Exavalu utilizes WSO2 integration platform to build solutions for typical integration challenges. 

The Common Integration Challenges 

Applications support business functionality, encapsulating business logic and data to produce business outcomes in the most efficient manner. This business functionality can be made available to internal or external customers either via a user interface and/or an API (Application Programming Interface). Older applications, such as mainframe applications, follow a monolithic architecture pattern and provide only a user interface. Modern applications follow a disaggregated architecture pattern and provide API-based connectivity that lets developers compose user interfaces and business functions suitable for the business workflow. Integration challenges stem from the application architecture and how applications:

1) expose functionality and data to the external world;

2) manage access securely;

3) interoperate with the platforms that host them; and

4) adapt to load conditions.  

With the introduction of containers and microservices, the application architecture has shifted drastically from monolithic to disaggregated architecture patterns where smaller, composable pieces of functionality have become packaged for maximum efficiency during development, deployment, and run time. Three main integration categories – Application integration, data integration, low-code integration as a platform along with the major players in that space are represented in the diagram below:

Businesses invest $30+ billion (about $92 per person in the U.S.) annually on integration technology ecosystems. Demand for integration accelerates as users expect ease of use and convenience when shopping online or completing transactions. Offering multiple payment options for shopping-carts (banks, credit card vendors, PayPal, others) has become a table stakes expectation from a modern consumer!  

To support user experience expectations, integration has evolved from only data movement between systems to application integration. The right functional units (typically micro-services) are weaved together using APIs, composable architectures creating a seamless user experience. The user expects a responsive UI, with security, privacy, and connectivity all table stakes. 

Exavalu helps enterprises innovate their products with services comprised of cloud, data, AI (Artificial Intelligence), and cybersecurity technologies. Integrating these services to provide seamless user experiences has become the main challenge.       

How WSO2 Helps Solve Modern Integration Challenges 

Established in 2005, WSO2 has evolved into a prominent player in the middleware market, offering a robust suite of tools designed to help organizations efficiently build, deploy, and manage their applications and services. 

 Open-source software providers like WSO2 update their services (communication protocols, data formats, and the specifications to use their services) frequently to meet market demands and security concerns. A community evaluates problems and solves them quickly. Proprietary software, on the other hand, relies on developers who must wait for software development specifications and then prioritize these in their backlogs, hampering the speed of making necessary changes.  

The three main pillars comprise WSO2’s integration platform include – API Manager, Enterprise Integrator, and Identity Server. 

API Manager provides full API lifecycle management, monetization, and policy enforcement, with the main components grouped intuitively into a management plane, a data plane, and a control plane for API design, creation, reuse, governance, and analytics. 

Enterprise Integrator includes two main components – micro integration and streaming integration, with both open-source, cloud-native, and distributed. 

Identity Server is an identity and access management (IAM) product. It includes capabilities for identity federation, customer authentication, adaptive access control, and API security.  

The Unique Features of the WSO2 Platform

WSO2 can significantly streamline integration processes, improve ROI, and support various deployment scenarios. WSO2’s comprehensive feature set and adaptability make it an asset for organizations seeking to enhance their integration strategies and drive operational efficiencies at lower price points. WSO2’s advantages listed below often make it a preferred integration platform choice: 

Open Source 

WSO2’s open-source model provides flexibility, customization, and extensibility of the platform, with support from WSO2.  

Real-time, Batch, Event-driven 

Supports a variety of integration styles including real-time, batch, and event-driven processing to meet different operational requirements. 

Staged, Event Driven Architecture (SEDA) 

Uses SEDA to manage workloads efficiently, ensuring scalability and performance under varying loads. 

Better ROI and Reduced Total Cost of Ownership (TCO) 

Offers a cost-effective solution with a reduced TCO, helping to optimize IT budgets. WSO2 uses an open-source licensing model where clients pay for support only, with no vendor lock-in. 

Support for Modern Digital Protocols 

Includes support for modern protocols like gRPC, GraphQL, and WebSocket, as well as traditional alternatives like REST and SOAP. 

Comprehensive Platform 

Provides a unified platform with integrated capabilities for integration, API management, and identity and access management (IAM). 

Reusable API Modernization 

Combines API management (APIM) and an enterprise service bus (ESB) for simplified technology stacks and improved return on investment (ROI). 

Good Enterprise-Level Product Support 

Delivers robust support and service options suited for enterprise environments. 

Advanced API Security with AI 

Incorporates advanced security features powered by AI, enhancing protection against potential threats. 

Modern Development with Design-First Capabilities 

Facilitates modern development practices with a design-first approach, improving the efficiency of integration projects. 

Support for Various Deployment Models 

Accommodates diverse deployment options, including on-premise, cloud, hybrid, and iPaaS, with support for Docker and Kubernetes flexibilities. 

Conclusion  

Exavalu implements the WSO2 integration platform for our clients to meet the challenges and opportunities of a fast-changing integration landscape. The WSO2 integration platform offers flexibility, scalability, and a comprehensive range of integration capabilities, making it an excellent choice to connect diverse systems, services, and data sources. With a robust suite of products, including enterprise integration, API management, identity management, access management, and data analytics, WSO2 enables businesses to manage and secure their integration processes effectively. 

Exavalu helps our clients to define and achieve their digital transformation journeys. Given the escalating importance of digital transformation, WSO2’s support for hybrid and multi-cloud environments, microservices architectures, and real-time analytics makes it a natural choice for integrations. Its commitment to open standards and community-driven development ensures adaptability and responsiveness to emerging trends and technologies. 

Overall, Exavalu harnesses WSO2’s strengths in providing cohesive, flexible integration solutions at attractive price points.  This allows organizations to increase their operational agility and innovation more easily in a complex digital world. 

APIs (Application Programming Interfaces) have become the de facto standard for building and connecting modern applications. They provide the integration vehicle for connecting digital ecosystems and play a key role in powering modern, microservices-based application architectures.

Digital transformation requires organizations to be more agile and innovative, to be able to unlock new digital business models and quickly adapt as new opportunities or market conditions dictate. API’s are at the heart of the modern digital enterprise and a key enabler of most digital transformation initiatives.

There are numerous challenges to implementing an API led strategy and some of the most important include: how to migrate from existing legacy integration technologies to APIs, and how to holistically manage a new eco-system of API’s that stretch from company-owned to 3rd party systems across a combination of on-prem, cloud and hybrid architectures.

This paper examines the evolution of integration technologies leading to modern API platforms and how Exavalu, with its conversion tools and methodology, can help to quickly baseline existing technology environments and accelerate migration to a modern API platform.

API led architecture: Moving beyond SOA and ESB

At the dawn of the internet age, in the early 2000s, the dominant enterprise integration architectures were SOA (Service-oriented architecture) and the ESB (Enterprise Service Bus).

These architectures are now being replaced by API-led connectivity and microservices architecture which are better suited to the interconnectivity needs of a modern digital ecosystem. APIs have become the most popular, and in many cases, the only integration style offered by modern public cloud platforms and SaaS applications and are required for the integration of mobile devices.

As organizations continue to develop distributed application ecosystems, ESB’s are being replaced by API gateways for mediating messages between different API services. The challenge of monitoring and managing a plethora of APIs, some internally developed, and others that are owned and managed by external SaaS app vendors has led to the evolution of API management platforms.

What is an API Management Platform?

An API management platform is a tool used to access, distribute, control, and analyze APIs used by developers in an enterprise setting. API management platforms benefit organizations by centralizing control over their API integrations while ensuring they continuously meet high performance and security standards. They allow for quick testing, deployment, management, and monitoring of their API connections from one centralized platform.

API management solutions generally include the following capabilities to help a business make the most out of their API program: an API developer portal, API lifecycle management, an API Policy manager, API analytics capabilities, and an API gateway:

Leading API Management Platforms

MuleSoft and IBM compare closely in iPaaS capabilities. But IBM’s fragmented offering compared to MuleSoft’s single Platform, complicates IBM adoption by customers. This is causing the IBM integration platform a slower growth compared to the market expansion.

MuleSoft has built a variety of connectors for SaaS applications. A strong community of MuleSoft developers creates a collaborative platform for the exchange of ideas, problems and ultimately leading to faster adoption of this modern integration platform.

There are customers who are making decisions to migrate from the IBM platform to a more modern platform like the Mule AnyPoint platform due to the above factors.

Migrating to a modern API platform – Strategies and Considerations

However, once a strategic decision is taken to move to a modern API platform, ground realities come up as a hindrance in the migration. Lack of documentation, ownership of API makes an enterprise wary of rocking the boat. Business sponsorship in terms of Time and Money becomes a further challenge because new features are not created out of the migration project.

This leads to the co-existence of ESB/SOA APIs, non-standard services, and modern API platforms all running in the enterprise. Running multiple integration tools leads to:

• Multiple run times – increases the complexity of run time environments, making it harder for troubleshooting. Besides, it has the cost in terms of hardware and licenses. 
• Multiple development tools and methodologies – constrains the development resources. 
• Multiple management tools – leads to inconsistent visibility and security. 
• Siloed best practices – slow down the innovation. 

Option	Pros	Cons
Status Quo – Leave legacy APIs where they are, build new APIs in the modern platform	Minimal disruption to the business as existing services ais not touched.	Increased licensing and support costs Different support models and different experiences across businesses depending on what APIs they are leveraging.
Redesign/Rearchitect all the APIs using API Lead connectivity approach	Opportunity for a fresh start to design everything using the best practices. Ability to optimize the APIs.	Can be very expensive and time taking.
Rapid migration of the services (like for like) onto the modern platform and optimize later	A more prudent approach to consolidate platforms and reduce support costs with minimal risk.	Does not follow the API lead approach to design the APIs

The challenges in migrating APIs from legacy to modern platforms are:

• Lack of documentation and subject matter expertise for the legacy services. 
• Not knowing dependencies and the impact or disruption they could cause. 
• Not being able to decide on the approach – doing the change incrementally or as a big bang. 
• Integration is often looked at as an ‘IT’ solution and does not often get the attention and resources to take on a migration project. 
• Fear that the migration can be very expensive and takes too long. 
• The continuous shifting baseline. While the migration is on, the existing setup will not remain static. Existing APIs gets modified and new APIs gets added to cater to business demands 
• Quality Assurance or Testing. With the lack of documentation and access to source and target systems, it becomes difficult to certify that the migration is complete 

How Exavalu can help with your Legacy to Modern API Migration

At Exavalu, we have designed a methodology and a tool to quickly baseline the environment and accelerate the rapid migration of the APIs from IBM SOA webservices into the Mulesoft API Manager/Anypoint platform.

The tool analyses and documents key components of the legacy services including:

• Message Flows
• Subflows
• Library references and dependencies
• List all the nodes in the flows along with their properties
• Queueing dependencies
• Flow complexities
• Complexity distribution
• Backend system details
• Distribution of node types (connectors, transformations, external references, etc.)

This report serves as a specification document to understand the legacy APIs and as the guide for the conversion of the flows to MuleSoft. Most of the time, the line Managers do not have any documentation on the complexity of the integration platform. Merely documenting the components, complexities and interdependencies can be an exercise spread across months. The Analysis that can normally take months of effort can be reduced to hours.

The tool then jump-starts the conversion by automatically converts IBM Flows to Mule for all but the complex compute/transformation logic, resulting in additional savings and improved consistency in the conversion process. With the tool, the analysis effort is reduced by 80-90% and the conversion effort by 40 – 50%.

The conversion ratio varies based on the complexity of the existing logic in IIB. 100% conversion is not possible using a tool. The construct of the two languages is different. They do not map one to one.

With the continuous shifting baseline, the analysis work needs to be repeated which is a costly exercise. This is where the tool brings in the value. The tool with its automation can do rapid analysis and can be repeated multiple times across the project duration.

With a factory-based approach for the conversion, leveraging standard practices and the tool, design best practices for common functions like logging, security, and automated testing are included in the conversion process. It increases the overall quality of the output and reduced the risk of the conversion.

Sample Output from the tool

Conclusion

Enterprises frequently undergo changes due to mergers & acquisitions and joint ventures. As a result, the technology architecture, specifically the integration architecture can become very complex. It leads to silos, increasing the licensing and maintenance costs, limiting the ability to innovate.

Those organizations that realize and embrace the power of API platforms for connecting their systems internally and with their customers will uncover more growth opportunities. At the same time, legacy integration technologies don’t need to hold them back. They can use the techniques like the one mentioned in this article to migrate from legacy technologies with minimal investment and reap the benefits offered in the modern platforms.

 

The amount of data produced this year was more than all of the data created in the history of the world. The numbers are not expected to slow down any time soon. If we think we have a problem today, tomorrow the problem will be even bigger. Therefore, there are some very difficult questions companies need to ask themselves on data privacy.
Initially, the answers may not be encouraging, but staying on the right path and dealing with the compliance issues will avoid costly legal hurdles down the line. While the public policy and social responsibilities are evolving, data privacy regulations in the US and around the world are increasing everyday as the potential risks and non-compliance penalties. This white paper articulates on some of the key questions.

Do the products and systems we are building incorporate the ready made privacy capabilities for current regulatory requirements?

Many companies are still lagging behind on becoming compliant to CCPA and GDPR. There are still questions out there whether these laws apply to them and whether there will be enough budget appropriated to enable organizations to comply with these laws.

CCPA 2.0 have recently clarified some of the shortcomings in the initial bill.The attorney general of California also started laying the ground work for initial penalties by articulating on what makes a non- compliance crime punishable with financial remedies. This is coming on the heels of GDPR recently assessing hefty penalties. Now companies face much bigger fines with GDPR than what they’d previously faced. Recently, several companies are hit with fines ranging up to $200 million each. While we believe that some of these fines will be con-tested, but majority of the fines will be paid. Otherwise, there is a strong risk that companies may not take the financial penalties seriously.

Other countries are quickly catching up with Europe and US. For example, Brazil passed its own version of the data privacy law called Lei Geral de Proteção de Dados (LGPD). Given that there are many global businesses operating out of Brazil, LGPD will quickly become another strong data privacy law that will have recognizable impact on companies doing business in Brazil.

In short, these data privacy laws will not go away. Many of the requirements will have to be embedded in the products and services they have as well as their internal process in order to protect their consumers’ data privacy right.

It is clear that once what was considered as a strategy advantage [collection of any data] is now a critical liability and possibly exposed to cyber breaches. So how is this data being protected and what is the operating cost of protecting it to the company?

Now comes the task of sorting out what is critical and possibly discard the remaining data. It is also critically and equally important that the personally-identifiable data collection going forward must have a clear and recognizable advantage to the company. This will require controls on what consumer data need to be collected and how it needs to be communicated to consumers, so that, the proper disclosures can be communicated to consumers. This needs to be done, not just respecting consumers’ desires, but to protect the brand equity of the company. Knowing full well that companies that fail this exercise will be subject to repeat litigation’s, which will only increase the cost of non-compliance.

Hence, companies need to start discussing and incorporating their data compliance requirements into their annual budget plans, but also understand how the new capabilities being implemented can be designed data-privacy compliant on day #1.

How do we incorporate data privacy enabled technologies into new products?

We have all been sensitized to building “green” products or those with a smaller impact on the carbon footprint. This is because it makes sense for all of us. Then what if we ask the same question the degree of data privacy compliance on the products and services we are building. What if we go step forward and in-form the consumers that, not only we build good products and services, but they are already compliant to the way in which consumers want to engage with us?

Undoubtedly this approach will build a better trust with consumers. Recently the US Government has convinced the consumers in US and in other countries politically connected with US that the products produced by Huawei lack the data privacy controls. This escalated to a point were Huawei cannot even buy foreign-made technology products to make its products.

The senior executives in the company must ask the question to their respective areas of responsibility on how they plan on adopting new data privacy capabilities to say aligned with the company’s data strategy. More importantly, how do they assess the level of risks and communicate with their Board on future products and services direction.

What are the risk levels inherently embedded in the Contracts and New Deals?

As most companies are now familiar with the Business Associate Agreements (BAA’s) they have to sign if they want to do business with a covered healthcare entity. This is a key requirement for companies to com-ply with the HIPAA regulation. There can be civil and financial liabilities that can go far beyond the cost of engagements or sale of products. This is currently not even a footnote on many financial statements made available to the public. However, risk certainly exists.

In order to protect against data privacy issues, companies must have a robust mechanism to detect and measure the level of risk against lack of data privacy. Many organizations started taking this into account when they are looking at their internal processes and understand the level of data privacy compliance they need to ad-here to as part of their contractual obligations.

On the flip side of it is the vendor relationships and qualification before deciding on procuring products and services. Many large companies now have a VRM (Vendor Relationship Management) process in place that addresses these concerns. However, they need to be focused on the level of data privacy risk in addition to getting the best price and the quality.

Some will argue that the regulations like CCPA and GDPR weaponize consumers and introduce additional cost structures. However,a few are concerned with what happens to consumers after a breach or many phone calls received from sources unknown any logic person coming from phone numbers that are not even valid.

Personally identifiable data does get out and usually ends up in the wrong hands. Companies that collect personally identifiable data have a fiduciary responsibility to protect it or if they cannot, they need to comply with consumers’ desire to get rid of it. This will not go away.

Companies that harvest and protect consumer’s private data legally and correctly will have a critical and indispensable advantage against their competition. More importantly, as AI applications become more prevalent, the amount of personally identifiable data available to BOTs will be critical to its success.

Besides the key benefits, there are also legal requirements for qualified companies to comply with CCPR and GDPR—such as consumer request management, reporting back to the consumer on request to get access to his/her personally identifiable data, deletion/obfuscation of personal data, tracking request for opt-outs on personal data sales, etc.

In the absence of these required capabilities, possible legal actions and penalties will be unavoidable.

 

About the Author:

Refik Ongun leads the Data Privacy & Regulatory Compliance Practice at Exavalu. He has worked with many companies on their data privacy requirements and has enabled them with solution design approach with concentrations in GDPR, CCPA, HIPAA, GLBA, APP, PEPIDA and LGPD among others. He has an in-depth understanding the regulations and has worked effectively with inside and outside counsels to minimize non-compliance risk.

Exavalu is your strategic partner on high impact Digital transformation relevant for your Industry. We’re a unique Business Advisory & Technology Consulting firm run by seasoned Industry veterans that are former executives, CIOs, CXOs, and Consulting Principals. We deliver meaningful change and sustained value aligned with your desired business outcomes leveraging our Industry experience and Solutions capability.

This publication contains general information only and Exavalu is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Exavalu shall not be responsible for any loss sustained by any person who relies on this publication.