Security and Governance as a Competitive Advantage Case Study Tim Madewell Vice President Operations Chief Information Officer

Innotas Fast Facts San Francisco based. Venture backed. 100% On-Demand IT Governance Software Solution Triple digit growth in 2007 and 2008 Customer satisfaction: 94% renewal rate 10x customer growth & 50x user growth in 3 years

Virtualization, Scalability and Performance The cornerstone to security, scalability, and lower cost of Software as a Service (SaaS) Multi-tenant Application and Database One source code Hybrid Premise and Cloud Computing Infrastructure All components of the infrastructure architected to be standard, modular & redundant – high availability SAS 70 II Certified with primary co-lo and disaster recovery co-lo Standardized environment management protocols Published API (Internal & External)

The cornerstone to security, scalability, and lower cost of Software as a Service (SaaS)

Multi-tenant Application and Database

One source code

Hybrid Premise and Cloud Computing Infrastructure

All components of the infrastructure architected to be standard, modular & redundant – high availability

SAS 70 II Certified with primary co-lo and disaster recovery co-lo

Standardized environment management protocols

Published API (Internal & External)

Innotas Architecture Innotas © 2008 Multi-Tenant Database Standby Americas Asia / PAC EMEA Managed Standby Facility Standby Database Primary Co-Location Facility Data Web Virtualized Application Web Browser WS API Clients Offline Backup Web Service API

Governance Defined Operations is part of the service in a SaaS model Data Center Operations Availability & Performance SLA Management Security For Innotas, Governance is: Visibility Control Reliability Predictability Infrastructure/Systems End User API (Web Services)

Operations is part of the service in a SaaS model

Data Center Operations

Availability & Performance

SLA Management

Security

For Innotas, Governance is:

Visibility

Control

Reliability

Predictability

Growth & Governance Challenge Situation: 2008 Deployed v1 of our web-service based API Targeting large customers w/ requirements for enterprise integration Course-grain API strategy….expose the UI through the API Initial adoption with bulk updates and extracts Build it and they will come… Complication: By early 2009 adoption expanded to business processes spanning applications (SaaS-to-Premise, SaaS-to-SaaS) Exposed limited visibility and control of the back-end API Customer usage profiles and metrics changed Greater performance fluctuations

Situation: 2008 Deployed v1 of our web-service based API

Targeting large customers w/ requirements for enterprise integration

Course-grain API strategy….expose the UI through the API

Initial adoption with bulk updates and extracts

Build it and they will come…

Complication: By early 2009 adoption expanded to business processes spanning applications (SaaS-to-Premise, SaaS-to-SaaS)

Exposed limited visibility and control of the back-end API

Customer usage profiles and metrics changed

Greater performance fluctuations

Why API Management for Innotas Operations Effectiveness & Efficiency (Governance) Visibility Monitoring & Control Service Level Management Server load and performance management Customer/Usage profiling – analytics Impact assessment & capacity planning Differentiated Service Offering Customer facing usage reports Granular API control Monthly extract query vs. daily or real-time updates TOU control Scheduled API window

Operations Effectiveness & Efficiency (Governance)

Visibility

Monitoring & Control

Service Level Management

Server load and performance management

Customer/Usage profiling – analytics

Impact assessment & capacity planning

Differentiated Service Offering

Customer facing usage reports

Granular API control

Monthly extract query vs. daily or real-time updates

TOU control

Scheduled API window

API Management Solution Partner Sonoa ServiceNet Integrated with existing API and security model (login) Separated web-traffic from user interface Data and security maintained within Innotas Real-time Monitor and Analytics

Sonoa ServiceNet

Integrated with existing API and security model (login)

Separated web-traffic from user interface

Data and security maintained within Innotas

Real-time Monitor and Analytics

Results A single front-end to web service traffic Increased response time for API support Aggregate API usage trends and including in customer usage profiles (macro-level) Adjusted (Tuned) usage profile and server capacity model Indentified API performance and tuning areas (micro-level) Providing customer facing API usage and performance report Building standard API policy profiles and service levels Data export/reporting profile (weekly, monthly) Data synchronization profile (hourly, daily) Real-time integration profile (ad hoc) Create potential new or differentiated revenue opportunities

A single front-end to web service traffic

Increased response time for API support

Aggregate API usage trends and including in customer usage profiles (macro-level)

Adjusted (Tuned) usage profile and server capacity model

Indentified API performance and tuning areas (micro-level)

Providing customer facing API usage and performance report

Building standard API policy profiles and service levels

Data export/reporting profile (weekly, monthly)

Data synchronization profile (hourly, daily)

Real-time integration profile (ad hoc)

Create potential new or differentiated revenue opportunities

Q&A