Published on November 8, 2017
While business is more or less familiar with the imperatives of global market and government regulation for different industries, new options and trends appearing via technology revolution are “new boys in the town” and require a special attention. We can anticipate that more and more resources will become available to our business capabilities via means of information and automated linkage or invocation. We are not surprised anymore that when we travel without a preliminary plan, our smart-phones can re-connect to the local offers of services on the fly. Enthusiasts of the digital revolution are in the vision of similar connectivity or engagement of all types of businesses for businesses. This is a great, but we would say an idealistic and naïve idea for the business realm. The core problem here is not in the technology abilities, but in the business Risk and Trust.
A modern technology trend of invocing the outcomes of the capabilities owned by different vendors/business is based on such technologies as API, Microservices and Clouds. People talk about services with regard API, Microservices and Clouds while only the letter are real services; other technologies are only proximities to services. Briefly, API are programmatic interfaces to the Business Services, that represent business capabilities and results of their execution; Microservices are the same API, but accompanied by some descriptions of business functionality performed by Business Services hidden behind the interfaces. Cloud services may be aggregations of smaller Business Services or even Microservices that share the same ownership, however, Clouds appear as a single Business Service with potentially multiple interfaces (APIs). Clouds act as indepenedt business or business-owned antity and can invoke other Cloud based on the business contracts; Microservices or API do not have this quality though can be also owned by different independent business entities. Cloud services form a service-oriented ecosystem service providers and consumer while Microservices or API try to behave like ‘adults’, but they are younger 21 y.a. and should be prohibited from serving.
Here is nothing new for business in working with multiple partners, suppliers and consumers. This is a risky endeavour, but business has learnt over the centuries how to establish enough business trust with counterparts to mitigate or manage the risks. While Cloud providers, as real businesses, learn how to operate according to the business rules of engagement, the Cloud-consumer organisation will finally recognise that Clouds are outsourcing business, not their new IT departments, and require full-blown business contracts addressing all possible variants of relationships. Otherwise, Clouds can be dangerous for the Cloud-consumer’s business. The API and Microservices, by their definitions, are immature play the same tole with business guys.
For example, a provider creates a Web Site and offers API that deliver analytic information about businesses in a particular region. The cost of this information is much lower that for existing analogous services. A developer of your organisation works on a Dashboard for the company management and finds such cheap API. He or she invokes this API via the new code and places the delivered information in the Executive Dashboard. Management is happy.
Unfortunately, the developer does not know who and how provides the data returned by this cheap API, is the data reliable and even legal, will the data be provided tomorrow and what to do if the API stops working, what the API provider does with the information about your company obtained via the API requests and what business risks your company gains because of this “API engagement”. In short, a use of the API (and Microservices) across corporate boundaries creates no reasons and no basis for the business trust when working with that provider.
You invested in your business capability, which de facto utilises modern advanced technology-resource that brings you an additional unforeseen risk of exposure. Nice work!
On its Site, CAPCO states, “…the API economy forms an infrtastructure within banks that can access a whole network of outside specialist technology players.” In essence, this means that not any technology players can be accessed, but only those who are recognised as specialists by the banks, i.e. those who are properly (legally) contracted first and contacted second.
In other words, a provider of a capability that you try to hire in the market should be engaged on the traditional business trust grounds sufficient for establishing business trust. Just an invocation of someone via an API who claims it can do something is a bad and way too risky business, which enterprises have to govern and avoid.