Title: Enterprise API Best Practices (John) – ~15 slides – Talk for 25-30 minutes I. API Evolution – Where did they come from? (6-8 slides) a. APIs evolved from SOA as services b. Now they are pervasive – REST/JSON is king c. 2011 API growth was huge – what will 2012 look like? d. API business model slides – which types of businesses benefit the most from APIs? (Blake to help with this) e. Comparison to website – APIs are the new “website” II. Categories: Open APIs versus Private APIs (4 slides) a. Open APIs focus on developer on-boarding and platform enablement – name examples b. Private APIs (Enterprise APIs) focus on security, scalability, and availability – name examples of these (if you have some) c. For Enterprise APIs, developer on-boarding is less of an issue III. Hosted vs On-Premise (1-2 slides) a. What are the pros and cons of hosting an API through an enabler service (Mashery/APIgee) versus doing it yourself. b. Hosted – Good for open APIs, as the developer community is more important c. On-Premise – Good for private/enterprise grade APIs, as security and scalability are paramount (Blake) – 8 to 10 slides – Talk for 10-15 minutes III. Enterprise Use cases – Types of things an Enterprise wants to do (1-2 slides) IV. The value of the gateway pattern – abstraction (consuming APIs) and security (protecting APIs) – (2 slides) V. Security overview – threats, trust, anti-malware, data loss prevention (1 slide) VI. Intel Expressway Product Pitch (2 slides) VII. Customer Examples (2 slides)
When they haven't outsourced the task (most don't), companies have been managing their own traditional on-premises IT infrastructure for over 20 years. Until just a few years ago, the skills and technologies required have evolved based on two fundamental assumptions: that IT assets were discrete and on-premises. Public cloud consumption is proliferating. Companies will spend over $100 billion on cloud in 2012, and that IT spend will grow at nearly 20% over the next five years. Private cloud computing is a form of cloud computing that is used by only one organization. It is a natural evolution for enterprises that are heavily virtualized. From 2012 through 2014, setting up private cloud services will be a major trend. The consequences of these macro IT trends, stated simply, are that IT organizations — currently familiar with traditional on-premises IT — are about to be held accountable for radically different forms of IT consumption, on-premises and in the cloud. Will your IT organization be prepared for hybrid IT?
Findings: There are three primary roles for a CSB: aggregator, integrator and customizer. IT services providers, B2B providers and cloud specialists will adopt one or some combination of the three CSB roles when working with cloud services. In "Three Types of Cloud Brokerages Will Enhance Cloud Services" (G00164265), we examined a limited set of brokerage types that subsequently have been subsumed into a more refined and accurate description of the entire category. Subsequently, in taking intermediation to the next level, we can now formally define CSB as a form of cloud services intermediation: "A cloud services brokerage is a business model in which a company or other entity adds value to one or more (generally public or hybrid, but possibly private) cloud services on behalf of one or more consumers of those services." In an internal private cloud scenario, the internal IT organization takes on the role of broker. CSB does many of the same things that a traditional IT services provider does in a service aggregator role, but also addresses additional complexities. Some of the capabilities that a CSB needs in order to address these complexities are: Management of the proliferation of solution assets Proliferation of relationships and complex interdependencies of SLAs Rapid pace of change Intellectual property and compliance risk Security and risk
Finding: Aggregation is one of the most common types of CSB roles. Strategic Planning Assumption: By 2014, 60% of traditional IT distributors will become cloud aggregation brokerages servicing SMBs through VAR partners. Aggregation brokerage is the act of bringing multiple services together to deliver them to service consumers as a value-added reseller (VAR) or a solution provider, or to deliver them to other service providers (as a distributor) in some unified way — for example, by business process, industry or region. The aggregation may be for billing purposes, single sign-on (SSO), a service marketplace (where consumers are connected with the right services), or many forms of enrichment, such as SLA management and customer management. Aggregation is one of the most common types of brokerage functions. An aggregation brokerage is directly related to the role of aggregator in traditional IT services. Traditional aggregators bundle technologies or even solutions, sometimes acting like a system integrator (SI). However, within cloud services, the difference lies in the fact that an aggregation brokerage must aggregate cloud services. This can be an aggregation of multiple cloud services or cloud delivery with noncloud resources, such as applications and other technologies. This begs the question: "What is the difference between an aggregation brokerage in CSB and a traditional technology aggregator?" CSB does many of the same things that a traditional IT services provider does in a service aggregator role, but also addresses additional complexities and assumes a role of orchestrating outcomes and validating performance. This includes provisioning in cloud scale, managing heterogeneous cloud assets, centralized management of SLAs, policies, security, etc.
Strategic Planning Assumptions: Through 2015, the complexity of multienterprise integration will force companies to switch 20% of their internally managed B2B projects to external service providers. Through 2016, integration brokerage, on average, will comprise 10% to 30% of the cost of all CSB-enabled IT projects. Integration brokerage (IB) is an IT-managed service offering that delivers people, methodologies and technologies — the latter enabled by cloud-based integration, such as integration platform as a service (iPaaS) — for B2B e-commerce and cloud services integration projects. The "brokerage" in "integration brokerage" emphasizes IT services to help companies integrate B2B e-commerce and cloud services. Many IT services providers offer stand-alone IB, typically a form of supply chain integration — for example, automating orders and other B2B transactions related to direct materials procurement for customer and supplier integration. Such supply chain integration projects are widespread in manufacturing, automotive, retail/consumer packaged goods, high tech, and transportation and logistics markets. IB is also delivered in conjunction with other technology and services as part of a CSB offering to implement whatever integration capabilities are required to knit together cloud services (typically involving multiple providers), on-premises applications and data (of the CSB customers), and any required supply chain partners (for example, receiving orders directly into SaaS-based ERP). IT users should understand that traditional B2B e-commerce integration projects become more complex when you move certain business functionality, such as order management, into the cloud. The means, for example, that you must define different evaluation criteria for your particular combination of traditional e-commerce, internal application and cloud services integration when considering an IB offering, if you plan to outsource your integration project work.
Finding: You may benefit from CSB customization if your solution requires a cloud service coupled with some traditional IT services (e.g., consulting, SI, applications outsourcing or business process outsourcing). Strategic Planning Assumption: By 2016, six of the top 10 IT application and business process service providers will use an industry-leading BPMS in their CSBs. The customization of cloud services can be a tricky proposition. Because the implementation of a cloud service is not generally available to be changed by anyone other than the original cloud service provider, the act of customization is generally done around the edges of the service. A cloud customization brokerage is a managed service provider or enabler that alters or adds to the capabilities of a service to perform its function. This could mean adding a new look and feel to the service, or layering new data and process functions on top of it. In practice, customizing a cloud service is difficult to do without some form of aggregation and integration. The composition of multiple services, along with the changed look and functionality, can produce incremental improvement and value. You may benefit from CSB customization if your solution requires a cloud service coupled with some traditional IT services (e.g., consulting, SI, applications outsourcing or business process outsourcing). The modification capabilities in CSB customization will help you: Capture change requests to any of the services or components involved in your solution. Identify and communicate the potential impact of changes on the solution to user stakeholders and vendor representatives. Decide on whether to proceed with requested changes and whether renegotiation of contract is required. Manage and monitor the status of requested and/or approved changes. Measure the actual versus the expected cost and business impact of changes. Provide insight into how your organization can work better in the future with the multiple vendors involved in the CSB. Deal with people change, as well as system change. Establish and maintain a governance process for all consumers and providers involved in the solution.
Strategic Planning Assumptions: By 2014, 30% of midsize to large enterprise IT departments will become an internal CSB for cloud services consumed by their companies. By 2017, 60% of midsize to large enterprises will become an internal CSB. The role of the IT department has been undergoing significant changes during the past decade. As staffs have been asked to do more with less, it has become clear that IT departments must play multiple roles in coordinating IT-related activities. Cloud computing is now pushing that change to another level. Business units are purchasing SaaS solutions, and often forcing IT departments to react after the fact. More than 40% of business units are buying SaaS solutions from the cloud without the IT department's knowledge. As this happens, IT departments are discovering that they must support the introduction of the services into the business, as well as become involved with these services through customization or integration with on-premises systems, or through managing relationships with the service providers being used. This makes the IT department a broker of the cloud services used by its own company. IT organizations must integrate cloud services with data and applications running on-premises to provide a flow of information and process to and from the cloud. The IT organization will manage the relationships with cloud providers or even engage third-party brokerages that can customize, govern, integrate or aggregate the services for them. This expanded role — which requires a new discipline in CSB aggregation, integration and customization brokerage at the technology and commercial levels — will cause many IT organizations to become more prominent in their corporate strategies. By evolving from a cost center into a value center, the IT department will be sought after for advice about and protection from problems with cloud services.
Finding: Most traditional multisourcing integrator skills are applicable to CSB offerings, but significant new skills and technologies will be required to successfully manage more complex, cloud-centric projects. Evaluating service offerings that comprise multiparty vendor ecosystems has traditionally been addressed in multisourcing integrator research. The MSI role has evolved out of the need for complex service integration requirements across a smaller number of multiple vendors in large, but stable, processing requirements. We have published detailed MSI evaluation criteria for these three categories in "Essential Provider Selection Criteria When Outsourcing the Multisourcing Services Integrator Role," G00211704. The CSB role is evolving out of the more dynamic cloud environment, which might involve ESPs that are more diverse and that are likely to change frequently (see "Who's Who in Cloud Services Brokerage," G00217530). While many attributes of the emergence CSB role are similar in concept to the MSI role, there are many differences between the two roles. For example, while in both cases there is a need to track service provider outcome by tracking KPIs against agreed SLAs, this task is made substantially more challenging in the CSB role because it involves a larger, more dynamic and fine-grained ecosystem of providers that must be managed. The consequence of such differences is that providers doing CSB will need to automate more of the nontechnical aspects of service delivery, such as support and governance, in order to ensure consistent service delivery across a much more complex set of IT assets (see "Essential Provider Selection Criteria to Use When Outsourcing the CSB Role," G00230681).
Finding: Large enterprises can be successful and cost-effective with either an external or internal CSB; therefore, the sourcing choice should be driven mostly by commercial factors. As the adoption of cloud services grows, the need for IT departments to address their use will grow as well. These departments will often be forced to acquire services they don't control. Because IT organizations are likely to be unable to stop the flood of SaaS offerings being brought in by business users, these organizations will have to develop additional skills and oversight to consolidate buying power, reduce complexity and manage multiple cloud services providers. IT departments will need to become more skilled in working with providers in two key ways. First, they must adopt cloud-based platforms that will allow them to customize, integrate or build cloud solutions that are similar to the SaaS solutions bought by users. This pushes the IT organization to adopt cloud computing, perhaps before it's ready. Second, IT will need to engage cloud brokerages to provide aggregation, integration or customization of cloud services when it can't do the work itself. This will drive the growth of brokerages and enable IT organizations to use the cloud model without having to become experts at cloud integration, aggregation and customization . In cases where IT organizations take on an internal role of CSB, it is essential for these organizations to model sourcing best practices. This includes tracking KPIs that are tied to SLAs, with associated penalties if the SLAs can't be delivered. Recommendations: Train your IT staff in relationship management to make them more capable of managing cloud provider relationships and contracts. Establish a cloud decision framework and purchasing process that supports cloud adoption in compliance with corporate sourcing strategies, and that encourages business units to come to IT for advice. This will enable IT departments to track the services that business users are acquiring. Provide ongoing information about potential cloud services of interest to business units. This will establish IT as a source for positive information, rather than negative cynicism about cloud use.
Strategic Planning Assumption: By 2016, 50% of new integration projects (up from 10% today) will involve on-premises applications, e-commerce trading partners and cloud services. The impact of more agile application portfolio approaches, such as pace layering, combined with increased cloud adoption are profound: You cannot predict which or where future applications will be deployed, and these, regardless, will be changing as your portfolio evolves. This means you must have a strong core competency in application integration. In the past, different business and technical needs within organizations led to separate A2A and B2B and cloud projects, which different organizations within IT addressed. Typically, these different organizations selected the technology that best met their particular integration project needs, without worrying about other parts of the organization. This wasn't a problem because vendor offerings were strong in one area, such as A2A, but not in others. But things are changing. Organizations are much more aggressively seeking holistic solutions to integration. Vendors are working to strengthen their portfolios for project types where they are weak or where they seek to gain a competitive advantage. For example, Tibco Software acquired Foresight and Proginet; IBM acquired Cast Iron and Sterling Commerce. The result is a collection of vendors whose offerings contain features that enable organizations to use their offerings for all types of projects, including A2A, B2B and cloud-to-on-premises integration. The move to single sourcing is emerging because it appears to be a less-expensive alternative to using different technologies from different vendors for different project types. This move is occurring because organizations can now get well-regarded products that address A2A, B2B and cloud-to-on-premises integration requirements from a single vendor.
Messaging Technology: A platform that establishes an interoperability layer that supports interactions among components via a variety of protocols (HTTP/plain old XML [POX], SOAP, Internet Inter-ORB Protocol [IIOP], .NET remoting, message-oriented middleware [MOM] protocols, file transfer protocols and others) and interaction styles (request/reply, conversational, publish and subscribe, asynchronous messaging, and others). Reliable, once-only delivery of messages should be an available option. Adapters: Technology that combines design tools and runtime software to implement programs that act as "glue," transforming among protocols, connecting to databases and linking pre-SOA application programming interfaces (APIs) to the SOA backplane. To support B2B projects, adapters would also need to support SOA services using B2B protocols such as Applicability Statement 1 (AS1)/Applicability Statement 2 (AS2), RosettaNet and Electronic Data Interchange for Administration, Commerce and Transportation (EDIFACT). Translation: Syntactic conversion and semantic transformation, including ease of use and reuse, number of built-in functions, ease of extending the transformation function with custom-coded logic, and XML support (for example, schema or Extensible Stylesheet Language Transformations [XSLT]). Choreography: Technology that hosts the execution of process logic spanning multiple back-end services or applications — typically for short-term (seconds or minutes) processes that can occasionally also be long term (hours, days, weeks) — with the aim of implementing composite services or automated system-to-system processes. The state should be maintained for the duration of the logic (for example, a partner interface process for RosettaNet).
Tactical Imperative: Governance must begin with tracking, policy, metering and context. Brokerages can provide a needed place to capture this information. Governance provides essential functionality and several opportunities for extended services to CSBs. Users and service providers alike can benefit from considering how governance and the cloud can be combined. As applications increasingly use functionality outside the internal application infrastructure (frequently through the use of Web API), the need for governing functionality sourced outside the firewall becomes more important. Application services governance is made up of two streams: API management and SOA governance. Both streams share a great deal of policy management, especially during the operational life cycle stage of services/API. There will be more governance in cloud and B2B, and more cloud and B2B in governance. For example, Exostar and Covisint deliver e-commerce-oriented "app store"-like platforms that emphasize high levels of security and governance for the compliance-sensitive markets they serve (e.g., aerospace and healthcare). Partnerships between SOA governance and API management technology vendors, B2B integration service providers and cloud services providers will be increasingly common in the near future.
Lets drill into the broker platform a little deeper. Today off the shelf CSB technology enablement platforms exist to build host and deliver the broker service layer. This is typically a multi-tenant architecture that can service departmental needs. For the consuming department this may involve identity SSO or credential mapping for users to access SaaS provider apps, tokenizing or encrypting sensitive PII personal data to meet regulatory compliance concerns before pushing data and content to cloud provider platforms, proxing internal application API with enterprise class security before allowing consumption by partners, orchestration of VMs and services to deliver composite applications, or even to add value added services like moving large volumes of Big Data workloads for analytics. Its clear the cloud API plays an increasingly pivotal role in authentication, integration, security, and data integration for the CSB layer.
Rise of the Cloud Service Broker Role for IT 1
Today’s Agenda • Gartner Definitions • Applications for IT as a CSB • Blue Cross Blue Shield Deployment • Intel Technology-CSB Enablement Platform Agenda • Q&A Application Security and Identity Products 2
Are You Really Prepared for Hybrid IT? Cloud Provider 1Required Skills Cloud Provider 2 Public Cloud• Provisioning • Customization e.g., Sales Cloud Provider 3• Billing • Management Automation e.g., VMI/• Support • Backups E-commerce Cloud Provider 4• APIs • Security e.g., Contact Verification• Migration • DR• Integration • etc. e.g., HR Who will manage this? You manage this Can you manage this?TraditionalOn-Premises Private Cloud
Definition: Cloud Services Brokerage Aggregation Brokerage Distributor * 100% 75% 50% CustomizationDefinition: BrokerageCSB is composed of three 25%primary roles in which an ISV*intermediary adds value toone or more cloud serviceson behalf of consumers of Providers of CSB competethose services. on the relative strengths of Integration the three CSB roles Brokerage • Are a brokerage System You • Enable brokerage Integrator* Either • Leverage brokerage* = Alignment with traditional IT services terminology
Aggregation Brokerage• Definition - Delivering two or more (can be many) services to service consumers, or other service providers• Characteristics - Deliver cloud in scale to many customers - No net new services functionality, per se - No integration or customization of services - Many-to-one or one-to-many services delivery Example Providers IT Distributors, Resellers,• Capabilities etc. - Ability to support large-scale cloud provisioning •Ingram Micro •Insight - Normalized discovery, access, billing, support •Parallels - Centralized management, SLAs, security, etc. •Synnex •Tech Data• Typical Scenarios CSB Enablers - IT distribution •Avnet •AppDirect • e.g., distributors, resellers and VARs doing cloud provisioning •FullArmor - App Stores, marketplaces •Jamcracker • e.g., telcos, cloud providers, companies provisioning cloud •VerecloudSee "Cloud Services Brokerage Is Dominated by Three Primary Roles," G00226509
Integration Brokerage• Definition - Making independent designed services work together as a combined outcome for consumers• Characteristics - Can be IT stack or data/process integration - Substantial new value through integrated result - One-to-many, many-to-one, many-to-many - Increasingly implemented via some form of iPaaS• Capabilities Example Providers - Messaging, adapters, translation, orchestration Evolving B2B/EC Providers •GXS - Community management (think: LinkedIn for e-commerce) •HubSpan - Governance (e.g., policy and API management) •IBM (Sterling Commerce) - Shared services (e.g., management and security) •Liaison Technologies• Typical Scenarios •SAP (Crossgate) CSB Enablers - Cloud-to-cloud integration •Dell (Boomi) • e.g., synchronizing contacts between Gmail, salesforce.com •IBM (Cast Iron) - Cloud to on-premises integration •Informatica •Intel • e.g., synchronizing order-to-cash between NetSuite, Quickbooks •Jitterbit - Traditional supply chain integration •Seeburger • e.g., for large communities of suppliers, customers, 3PLs, etc.See "Cloud Services Brokerage Is Dominated by Three Primary Roles," G00226509
Customization Brokerage• Definition - Altering or adding to the capabilities of a service to change or improve its function• Characteristics - Net new functionality via new, modified services - Original cloud services can be modified, enhanced - One-to-many or many-to-one service delivery• Capabilities - Modifications (services combined, enhanced, etc.) Example Providers - Implementation (of new services, applications, BPS Providers •BlinkHR processes, user interfaces, master data, etc.) •E2open - Analytics (messages, services, processes, etc.) •eBuilder• Typical Scenarios •psHealth •Wipro - New and composite applications System Integrators • e.g., new custom reports on Force.com for salesforce.com CRM •Appirio - Process or data enhancement •Atlantic Technologies •Celigo • e.g., price comparing service for "less than truckload" booking •Infosys - Business process services •Tieto • Configurable processes (e.g., VMI, delivered on one-to-many basis)See "Cloud Services Brokerage Is Dominated by Three Primary Roles," G00226509
Hype Cycle for Cloud Services Brokerage Three primary CSB roles expectations Cloud Management Private Cloud leads Internal CSB role Platforms Integration PaaS CSB enabling technologies Private Cloud Computing Communications Service Providers as Cloud Services Brokerages Application PaaS Aggregation Brokerage Packaged Integration and Cloudstreams CSB Integrated Billing BPaaS CSB Single Sign-On Cloud Services Brokerage Application Service Governance Cloud-Based Security Services Cloud Access Security Brokers Multisourcing Service Integrator Cloud-Based Multienterprise Processes Customization Brokerage Pure-Play CSBs Software as a Service (SaaS) Integration IT Distributors as CSBs Brokerage Cloud-Based Data Identification and Enrichment Services Internal CSB Infrastructure as a Service (IaaS) Traditional IT Services IT Manufacturers as CSBs Providers as CSBs Federated Help Desk for CSBs As of July 2012 Peak of Technology Trough of Plateau of Inflated Slope of Enlightenment Trigger Disillusionment Productivity Expectations time Plateau will be reached in: obsolete less than 2 years 2 to 5 years 5 to 10 years more than 10 years before plateauSee " Hype Cycle for Cloud Services Brokerage, 2012," G00234256 9
Emergence of Internal CSB Role Attributes of Internal CSB • Alternative to third-party CSB role: - You are "prime contractor" - Think: cloud-enhanced traditional IT multisourcing Maximum Public Cloud • IT responsible for all CSB roles:Internal CSB - Aggregation Scope - Integration - Customization • Scope of internal CSB role: - Minimally applies only to private Private Cloud cloud - Can also apply to private and Minimum public (hybrid) cloudInternal CSB - Can include "broker of broker" Scope role, for cascaded brokerage - Can optionally also include Traditional IT traditional IT assets
How the Internal CSB Role Compares to Traditional IT Multisourcing Integrator Role Traditional IT Service Emerging MSI Role Attributes CSB Role• Smaller ecosystem • Larger ecosystem - Up to a dozen Ecosystem - Up to hundreds• Fewer larger services • More smaller services - More coarsely grained Granularity - More finely grained• Fewer SLAs, T&Cs • More SLAs, T&Cs - Fewer KPIs to track Outcome - More KPIs to track• Fewer, static providers • More, dynamic providers - Trust, experience lead Dynamics - Value, innovation lead• More centralized, simple • More federated, complex - Manual escalation OK Help Desk - Automated escalation• Limited use, manual • More usage, automated - Fewer policies to track Governance - More policies to track• More control of IT assets • Less control of IT assets - Assets in one DC Control - Assets across cloud See "Essential Provider Selection Criteria to Use When Outsourcing the CSB Role," G00230681
When to Consider Internal CSB RoleConsider internal CSB when: • You would prefer to fund the CSB with capex versus opex. • An internal CSB will reduce your risk of consuming services. • You have and/or desire the requisite CSB skills and technology. • An internal CSB can meet time-to-deployment requirements quickly. • An internal CSB better meets your internal constituents needs. • An internal CSB is mandated by management (e.g., for compliance). • No viable external CSB is available for your IT project requirements. • You have a strong desire for centralized, internal control of all IT. • Your full project life cycle TCO will be lower via an internal CSB. • Being a CSB is considered a required internal core competency.See "Predicts 2012: Cloud Services Brokerage Will Bring New Benefits and Planning Challenges," G00227370
Integration Brokerage “Basic” Capabilities:Intermediation Layer• Messaging Technology FTP/MFT AS2 FTP/MFT, MOM, HTTP, SOAP, Proprietary, … - For secure, reliable communications of SOAP, REST RosettaNet,… SOA services, EDI and very large files• Adapters - For "last mile" connectivity to apps, Wrapper Wrapper trading partners, cloud APIs, etc. App Cloud API• Transformation - To translate data and messages• Orchestration - To disposition messages, tasks and events within a process contextFor more information, see "SOA Infrastructure Selection Criteria, 2009," G00170722.
Integration Brokerage “Scale” Capabilities:Application Services Governance Application Services Governance = API Management + SOA GovernanceWhat cloud service policies are likely to be enforced?•Security - User/service/API authentication — Fine-grained/role authorization•Technical SLAs - Schema validation — service/API throughput, availability, failover•Business SLAs - Approve POs of more than $1,000; give "Gold" customers priority routing; archive invoices from France; encrypt personally identifiable data
Evidence CSB Role Increasingly Matters Est. Annual IT Spend on CSB by 2014 (1): Who will be responsible for end-to-end delivery of $100 billion cloud services? (3) Frequency of search for CSB on Gartner.com via “cloud” + “broker” terms (2) #respondents = 322 for those already using or planning to use cloud computing or cloud services within 12 months1 – See “Examining The Magnitude of the Cloud Services Brokerage Opportunity: Carpe Deim!," – research will publish in two weeks.2 – See “Search Analytics: Cloud Service Brokerage Enters the Search Scene," – research will publish in two weeks. 163 – See “Survey Analysis: Cloud Services Brokerage Playing a Larger Role in the Future of IT Services," G00228550
Recommendations Recognize that the "service" in CSB has both business and technical connotations, with the emphasis on "outcome." Interpret CSB role through primary three IT services roles: Aggregation brokerage Integration brokerage Customization brokerage Use Gartner evaluation criteria to help determine if you should deploy an internal CSB or use an external CSB. Leverage providers of CSB-enabling technology where appropriate to help enable your internal CSB role
Recommended Gartner Research Cloud Services Brokerage Is Dominated by Three Primary Roles Daryl Plummer, Benoit Lheureux, Michele Cantara (G00226509) Cool Vendors in Cloud Services Brokerages, 2012 Tiffani Bova, Daryl Plummer and others (G00231938) Predicts 2012: Cloud Services Brokerage Will Bring New Benefits and Planning Challenges Daryl Plummer, Benoit Lheureux and others (G00227370) Essential Provider Selection Criteria to Use When Outsourcing the CSB Role Benoit Lheureux, Jim Longwood (G00230681) The Role of CSB in the Cloud Services Value Chain Benoit Lheureux, Daryl Plummer, Tiffani Bova (G00218960)For more information, stop by Gartner Solution Central or e-mail us at email@example.com.
BCBSA Mediation Layer Architecture August 09, 2012 Presentation at Intel / Gartner Webcast Plamen Petrov Chief Enterprise Architect Blue Cross Blue Shield AssociationA presentation of the Blue Cross and Blue Shield Association. All rights reserved.
Blue Plans have been leading the industry for 83 years The Blue Cross and Blue Shield System consists of 38 independently operated Blue Cross and Blue Shield member companies , a Federal Employee Program® and an Association, which serves the collective needs of the Blue Cross and Blue Shield Plans.Cover 100M people – Blues serve1 in 3 Americans Nationwide access. Local support. 85% of Fortune 100 CompaniesBlue Plans contract with Blue Brand is #1 overall96% of U.S. hospitals and brand equity in the health91% of all physicians insurance industry Blues committed to serving local communities and national customers A presentation of the Blue Cross and Blue Shield Association. All rights reserved. 20 12-131-V
BCBS Plan Members Access Many Services and Data Stores Local Plan BCBS Plan Local Member Hospital Remote BCBS Plan BCBSA Remote Hospital Consumer Services Plan Member accesses services provided by different entities and data stored in many locations A presentation of the Blue Cross and Blue Shield Association. All rights reserved. 21 12-131-V
Service Brokering and Mediation Layer Services Clients Architecture Standards Governance Analytics Blue Plan BluesNet 3rd Party Vendor Cloud Services VPNs Cloud Services Internet Infrastructure Master Data Platform Services Services Services BCBSA Mediation Layer BCBSA PlanConnexion Cloud Services Cloud ServicesA presentation of the Blue Cross and Blue Shield Association. All rights reserved. 22 12-131-V
Mediation Services Platform Browser or M o b i l eAuthN /Info R e q u e s t Medical I n f o r m a t i o n Service Provider P o r t a l BCBSA Plan A Doctor I n f o r m a t i o n Peer Reviews, A w a r d s • Web S e r v e r • Mobile T i e r S e r v ic e s M e d ia tio n a n d Integration Broker SO A P JS O N X M L BCBS Plan B On-prem 3rd P a r t y Info P r o v i d e r s Partner A P I Flat F i l e Mgt A P I Security Brokerage Technology ED I • SSL Termi n ati o n • Data T r a n s f o r m • Web S e r v e r • Service M e t e r i ng/Monito r i n g • Protocol Mediati o n • ID trans l ati o n • Service Routi n g/Ver s i o n i ng • Mobile T i e r BCBS Plan C 3rd Party C l o u d Info P r o v i d e r s • Web S e r v e r • Mobile T i e r Service Mediation and Integration Brokerage A presentation of the Blue Cross and Blue Shield Association. All rights reserved. 23 12-131-V
Andy Thurai, Chief Architect, IntelIT CSB TECHNOLOGYENABLEMENTCONSIDERATIONS 24
Mobile and API Service Growth a Driver for IT CSBOther Internal CSB Deployments•Online University•Healthcare Claims Provider•SI Delivering Composite Apps•Telco Service Aggregator Extended Enterprise IT CSB PlatformPrivate & Public Developer & PartnerCloud Provider Consumers *Source ProgrammableWeb CSB Platforms offer way to automate & scale fine-grain service brokering for composite and mobile apps used by IT 25
IT’s CSB Platform Simplifies Service Consumption On-prem Service Service/API Providers Broker PaaS App ServicesEnterprise Departments/Developers Id & Security Broker HTTP, Service 1 REST Global Apps, IDM, Middleware SOAP, JMS, DB, App to Cloud FTP-any Calls Integration PII Data SaaS Applications Tokenization Service 2 HTTP REST JSON Departments 1-n Developers & API Mgt Service Admins Service 3 Partners Simplified, API Exposed Create Standardized Apps that invoke aggregated services HTTP, REST/SOAP/ Orchestrate JSON VM/Services Service 4 3rd Party CSBs & Sharing API Descriptions, Tools, Data Enrich Services Data Integration Dev Community Service 5 REST API Portal 26
Service Gateway Fast Path to Operating as a CSB Vendor Mgt- Contracts, SLA, Tracking Responsibilities Monitor Security Standards & Policies & Enablement Tools Dev Support & Disaster Recovery IT CSB Operator Value Added Custom “Glue” Code • Consistent policy enforcement for integration, COTs Core security, compliance across departments CSB Platform Monetization/Charge Back App Service Gov & Security, Access, Developer Community Integration Compliance • Meter usage • • Configuration not code API management • Edge threat protection • Throttle per SLAs • • Discovery of aggregated Policy creation & exe • Data Loss Protection services from IT • API Analytics • Legacy & SOA integration • Federated ID Brokering • Meta data • Orchestrate & transform • PCI PII Data Tokenization • Protocol translation Move from Line of Business to “Enterprise Controlled Consumption of Cloud Services 27
Security is Central for IT to Consume and Expose APIs Trust - API Access Control Threat - Perimeter Defense IdM • Denial of Service Protection: Via app security proxies and gateway capabilities• Authentication: Enabled through SSL/TLS, OAuth, SAML, Shared Secret • Code Injection: Via pattern-based Mechanisms, Custom API Keys, Digital scanning of SQL Injection, XSS, XML Signature/PKI processing, Database threats, XPath injection authentication rules • Malware Detection: Via heuristics that detect malware behavior• Authorization: Enabled through XACML, • A/V Scanning: Via signature based authorization decision points, coded in scanning of MIME attachments policies, custom built rules • Data Leak Prevention: Via network DLP scanning for API calls CSB platforms deliver these capabilities. Standards based and independently certified 28
More: www.cloudsecurity.intel.com White Paper Webinars CSB Research & Case Study On-demand • NIST & CSA CSB • API Management with ProgrammableWeb • API DLP Security • Meet Cloud API 29