Boomi this week launched a control plane for application programming interfaces (APIs) to enable organizations to centrally manage and govern them regardless of how they are created or what platform they are running on.
Jamie Ryan, vice president of product management for Boomi, said the Boomi API Control Plane enables IT teams to discover APIs, including previously shadow and rogue APIs that were previously unknown. That’s critical because the number of unmanaged APIs within most organizations still far exceeds the number of APIs that are managed, he added.
Based on a platform Boomi acquired from APIIDA earlier this year, the overall goal is to via a set of gateway agents to provide the ability to discover APIs and then centralize management without requiring organizations to migrate away from any platform where they already have been deployed, said Ryan.
That federated approach will make it simpler for IT teams to manage API sprawl in an era where they are being more rapidly created than ever, he added. As application environments become more distributed it becomes less likely organizations will want to standardize on an API management platform that is optimized for a specific IT environment when there is a control plane that integrates with all of them, noted Ryan.
It also enables IT teams to better surface insights into how APIs are consumed, noted Ryan. Too many have been created that are not being used for their intended purpose, he added. Unless those APIs are retired, they create another attack surface that cybercriminals are becoming more adept at exploiting, said Ryan.
Exactly who within an IT organization is tasked with managing APIs varies widely. In some cases, developers are managing APIs. In other cases, it’s the responsibility of a DevOps or platform engineering team. Alternatively, a product management team may be responsible for managing APIs. The Boomi API Control Plane provides teams with a single dashboard through which each team member can participate in the management of the organization’s API portfolio, noted Ryan.
That’s especially critical as more artificial intelligence (AI) models and platforms that expose additional APIs become integrated with existing IT environments, he added.
Regardless of who within an organization is responsible, lifecycle management of APIs remains challenging. Many developers, for example, will create APIs for an internally facing application only to find out that API is now being accessed by applications that are externally facing. The challenge is the level of security controls for an internal API is not always the same as an external one. Without anyone realizing it, an internal API can suddenly become accessible to cybercriminals that have recently become a lot for adept at using them to exfiltrate data and manipulate business logic for their own nefarious ends. Boomi addresses this issue by allowing organizations to score the relative security controls applied to their APIs.
It’s not clear to what degree the management of APIs and the tools required to secure them are converging but in general IT teams are moving toward centralizing the management of IT and security operations. The issue now is determining how best to achieve that goal in a way that includes APIs.
