Ecosystems How API-as-a-Service can Improve CX, Scalability, and Security with an Internal API Cloud Rob Whiteley, Vice President of NGINX (Part of F5)

1. How API-as-a-Service can
Improve CX, Scalability,
and Security with an
Internal API Cloud
Rob Whiteley, VP at NGINX (Part of F5)
October 8, 2020

2. | ©2020 F52 CONFIDENTIAL
Digital Transformation Poses Challenges
FOUR WAYS DIGITAL TRANSFORMATION IMPACTS YOUR APPLICATION INFRASTRUCTURE
COMPLEXITY
ATTACK
SURFACE
COLLABORATION SPEED

3. | ©2020 F53 CONFIDENTIAL
APIs Are Core to
Digital Transformation

4. | ©2020 F54
Developer
Productivity
Revenue
Growth
80%... of orgs
undergoing
digital xformation
CONFIDENTIAL
Why does API drive digital transformation?
Customer
Experience
83%
... of all
web traffic
is APIs.
Brand
Protection

5. | ©2019 F55

6. | ©2020 F56
Like digital
transformation, APIs
introduce complexity and
security challenges.
However, APIs add
significant life-cycle and
governance challenges
as millions or even
billions of calls are
generated each month.
CONFIDENTIAL
API Adoption Adds Governance Challenges

7. | ©2020 F57
What is “Secure API-as-a-Service”?

8. | ©2020 F58
Understand the Intersection of API and Microservices
API ManagementMicroservices
Implementing microservices:
Large enterprises undergoing digital
transformation, modernization, and
refactoring.
Deployed “Gen 1” API management:
Large enterprise with existing API
investments designed to monetize
external APIs.
Where Real-Time APIs Intersect:
Emerging focus on internal APIs.
Typically driven by DevOps, app teams,
or performance-driven API owners.

9. | ©2020 F59
{"policy": {
"name":"AppPolicy01",
"description":"AppV1.1 - DEMO FOR DECLARATIVE AND WEBHOOKS
CAPABILITIES",
"template":{ "name":"POLICY_TEMPLATE_RAPID_DEPLOYMENT" },
"enforcementMode":"blocking",
"server-technologies":[
{
"serverTechnologyName":"MySQL"
} ],
"signature-settings":{
"signatureStaging": false
},
"modifications": [{
"entityChanges": {
"type": "explicit"
},
"entity": {
"name": "log"
},
"entityKind": "tm:asm:policies:filetypes:filetypestate",
"action": "delete",
"description": "Delete Disallowed File Type"
} ] }
API Testing
API Implementation
API Definition
API Onboarding
API Deployment
Declarative
Vs.
Imperative
New Trends Are Emerging to Tackle API Challenges
Shifting API
Management “Left”

10. | ©2020 F510
Defining secure API-as-a-Service
Automates API
management with
CI/CD integration
Improves API
performance with
“real-time” processing
DELIVERING SELF-SERVICE API CLOUD INFRASTRUCTURE TO DEV AND DEVOPS TEAMS FOR INTERNAL AND EXTERNAL APIS
Connects and scales
microservices API
traffic across clouds

11. | ©2020 F511
How? Treat APIs as a Part of A Secure Cloud Architecture
API Testing
API
Implementation
API Definition API Onboarding
API
Deployment
API Runtime
Development OperationsSelf Service

12. | ©2020 F5 NETWORKS12
Join 2 NGINX sessions and
complete a survey at NGINX booth
to win a HK$50 Starbucks eGiftcard!
- Architect Stage -
Architecting APIs
- Workshops -
Technical Workshops
14:10 – 14:35 14:35 – 15:25
Art and Science of Rate Limits for APIs
Protecting API Workloads against OWASP Top 10 and
Programming Language CVE’s
What’s Next

13. | ©2018 F5 NETWORKS13
We may be isolated, but we are not alone.
We’re in this together.
Thank you!