, ,

How to Avoid API Lock-In

How to Avoid API Lock-In

Written by David Linthicum for Nelson Hilliard

Those moving to the cloud understand that application programming interfaces (APIs) drive clouds.  These are typically RESTful web services that provide infrastructure services, such as storage and compute.  Or, they can be application services, such as business analytics services such as performing a credit check. 

Of course, as more enterprises become dependent upon these APIs, the fear is that the enterprise will become locked into these services.  Processes and applications will become tightly coupled to these APIs, and thus will become functionally dependent, which will lead to lock-in. 

The fears are well-founded.  Indeed, this is the fundamental mechanism behind cloud lock-in; building applications around cloud native services/APIs.  So, why do we use cloud native services?

First, they allow us to take advantage of advanced capabilities for applications, such as auto-provisioning and auto-scaling.  Or, application level functions, such as cloud database access, that are native to the provider. 

Second, performance is much better.  Cloud native interfaces don’t have to run through abstraction layers or translate platform-specific calls, such as accessing storage and compute services.

Finally, they provide native security, governance, and management services that are a part of the cloud services.  In this case, we’re buying into the way the cloud provider furnishes these services, which may not mesh with existing enterprise services, or services provided by other cloud brands. 

So, it’s easy to see why developers want to leverage these cloud-native services, despite the potential for locking the application into a specific cloud provider.  What steps can you take to avoid lock-in altogether, or, at least mitigate the risks?  Here are your options:

Leverage a cloud services governance system.  A cloud services or API governance approach focuses on automation and governance at the cloud-services layer. Cloud-services governance is a general term that refers to the process of applying specific policies or principles to the use of cloud computing services or APIs. 

The objective of cloud-services governance, as well as tools that provide support for this concept, is to approach governance by placing an abstraction layer between the services and those who manage the services.  Examples of this technology include Apigee and Mashery.  This abstraction layer can be leveraged by the applications as well, and thus you should be able to leverage other cloud services using the same service governance layer. 

Leverage a cloud resource governance system.  Resources need to be governed as well, and for that, we have resource governance.  Businesses can manage these intricate interfaces through the use of resource governance tools that are also known as CMPs (cloud-management platforms).

Although CMPs are also governance technology and methodologies, CMPs take a different approach than services governance.  CMPs focus on the cloud resources themselves, such as storage, compute, and database services, versus just the interfaces into the resources, such as services or APIs.  Examples of this technology include Service-mesh (now owned by CSC), and RightScale. 

Once again, abstraction layers are abstract APIs, placed between the native cloud resources and the interface.  Thus, you can leverage the same tools and interfaces for several brands of clouds.  This abstraction layer can lead to better portability, or the ability to manage several brands of cloud using a single-pane-of-glass, or single set of APIs. 

Leverage an open cloud standard.  While there are no free lunches with standards such as OpenStack, the APIs are going to be consistent from distribution to distribution.  Thus, the APIs are likely to be compatible and lock-in becomes a non-issue.

In the real world, we’re going to see some lock-in.  We can certainly avoid it using any of the suggestions above.  However, they will cost time and money, which enterprises may not be willing to invest at this point.  Just being aware that the issue exists, as well as managing it as best you can, is where the real value lies. 

Remember to Subscribe to our Youtube Channel for the Latest Cloud Computing Tech Jobs, News, and Cloud Shows.


David S. Linthicum is a managing director and chief cloud strategy officer. David is internationally recognized as the worlds No.1 cloud computing industry expert, pundit and thought-leader.

(Disclosure: David Linthicum’s views in the blogs, video shows and podcasts are his OWN and are NOT financially sponsored by Nelson Hilliard)

Connect with David on LinkedIn and Twitter

At Nelson Hilliard we specialise in cloud technologies, sourcing the top 20% of cloud professionals inspired to work for you through our specialised marketing and profiling. If you are interested in having a quick talk to me regarding your employment needs please feel free to reach out.

You can also check my availability and book your 15 minute discovery call here.

Brad Nelson