Red Hat SummitBanking APIs are essential because they enable banking products to be brought together and distributed with consumers, businesses, and partners. They are the "connective tissue" for digital banks, and as such are intrinsically linked to their ability to support customer needs and respond to change more quickly. Cloud technology has improved how banks architect, develop, and operate APIs, so they can break free from the limitations of the past.
This is because previous generations of API technology were built around traditional architectures that were bound by the limitations of the underlying infrastructure. This approach meant that hosting arrangements were statically defined upfront, which led to the centralization of integration concerns. Eventually, this hampered the bank’s ability to quickly create and adjust APIs as needed.
As new architectures like microservices continue to evolve, so does the technology required to support them, putting even greater demand on API development and management. However, with the right cloud-native processes and tools, APIs and cloud technology can work together to reduce technology complexity and create new value for customers and partners. They can help banks move beyond the limitations of traditional approaches to APIs and gain new levels of nimbleness and efficiency.
More specifically, with cloud-native technology, banks can streamline the process of creating and managing APIs without the burden of managing the underlying infrastructure, while applying non-intrusive policy enforcement to the runtimes that support them.
How does the cloud protect my bank from API attacks?
The data flowing inside and outside of the bank has long been a target for criminals who wish to use it as part of their nefarious activities. APIs have become a popular attack vector for criminals to gain access and manipulate bank information.
The growing sophistication of attacks means that banks need much more than API access control as they think about API protection and API security. Traditional security approaches were based on a "castle-and-moat" model which has proven to be unsuitable against today’s criminals. Cloud platforms can help ease adoption of a zero trust model with a built in service mesh to provide API protection that assumes any communication from any source is untrusted by default.
By also including a Kubernetes-native approach to API management, the bank can take advantage of the underlying capabilities of the cloud platform to provide the strongest possible API security posture for its data in motion.
How does API design benefit from cloud technology?
APIs are fundamentally about exchanging data, and the goal is to make that exchange simple, secure, and reliable. Having a sound API design can ensure that the bank does this as efficiently as possible. Cloud platforms can enforce API best practices and API standards through rules applied within the deployment pipeline and enforced through a standard policy enforcement point. This enforcement helps to keep API definitions simple and consistent.
Cloud technology can also make your architecture more nimble by enforcing good API design principles when it comes to API granularity. Banks can use containers to adopt a microservice-based architecture so that they can break APIs into right-sized pieces that can evolve independently and provide the nimbleness that is expected from a cloud-native architecture while maintaining the security and reliability that is required for communication inside and outside of the bank.
How does cloud technology improve API development?
The ability to rapidly evolve APIs can provide an unprecedented advantage to banks. Many banks have adopted agile practices and principles to speed up development, but traditional distributed technology has limited the benefits. Cloud platforms can empower agile teams to evolve APIs without the need to request infrastructure or other supporting resources. This means that teams can spend more time focusing on creating value with API programming instead of raising tickets for resources. Cloud platforms also aid in API discovery and use among distributed developers who need their applications to integrate with existing services.
With a Kubernetes-native approach developers can streamline software delivery and get their new features to users faster. Developers have additional services within the cloud platform for API design and testing along with other technology to support full stack development that works in conjunction with deployment pipelines. This empowers teams to quickly adjust when they need to, while adhering to software delivery best practices.
How does cloud technology improve API operations?
API consumers have service-level expectations of the APIs provided by the bank. Poor performing APIs and outages can negatively impact the bank’s reputation but also can be costly to return to service. APIs have dependencies on other systems and components in order to function properly and meet service-level obligations.
The service mesh within the cloud platform goes well beyond traditional approaches to monitoring APIs. They can automatically detect slow downs and shut off communication until the impacted component can recover. Cloud platforms can extend the value of service meshes by automatically identifying when instances are unhealthy and can take corrective action to bring them into a healthy state. These cloud based capabilities not only improve availability, but also reduce the cost of running operations.
Cloud platforms also have built-in pipelines to support continuous delivery. This can take the pain out of cumbersome deployment practices when new versions of the API need to be released. It also enables banks to employ canary deployments so that traffic can gradually be migrated over to the new version of the API and ultimately reduce deployment risk.
