Red Hat and Oracle announced the general availability of Red Hat OpenShift on Oracle Cloud Infrastructure (OCI) Compute Virtual Machines (VMs).
Industry experts offer thoughtful, insightful, and often controversial predictions on how DevOps and related technologies will evolve and impact business in 2023. Part 6 covers APIs.
Start with: 2023 DevOps Predictions - Part 1
Start with: 2023 DevOps Predictions - Part 2
Start with: 2023 DevOps Predictions - Part 3
Start with: 2023 DevOps Predictions - Part 4
Start with: 2023 DevOps Predictions - Part 5
DEDICATED API TEAMS
Over the past year, APIs have become the dominant target for hackers looking to disrupt supply chains and steal or ransom data. A major reason for this has been the lack of an API strategy. In 2023, organizations will need to address these issues by having dedicated API teams, not just for security purposes but because APIs have become essential building blocks for software, from eliminating mundane tasks for developers like installing and upgrading applications to creating new ways for organizations to monetize their data.
Alessandro Chimera
Director, Digitalization Strategy, TIBCO
API TEST STRATEGY
More companies recognize APIs as the building blocks of modern software (State of API). The rise of serverless architecture, the growth of API management, and the growth of artificial intelligence and machine learning are just some of the trends driving the proliferation of APIs. Hence, creating a proper test strategy for APIs will be more critical than ever. A proper test strategy will include at least: designing API first, creating contract tests to ensure appropriate communication between services, utilizing technology and tools to be able to mock out 3rd party APIs, testing for performance and reliability, testing for security. Skilled engineers utilizing the appropriate methodologies and tools will be in massive demand.
Nikolay Advolodkin
Senior Solutions Architect, Sauce Labs
FASTER INTEGRATION
With the rise of APIs as products, we are stepping into this gray zone of API implementation which is far from being great. People are still spending days and weeks on learning and implementations. Companies will start to invest more and more in the form of no code, low code tools that will allow developers to integrate faster with those APIs.
Iddo Gino
Co-Founder and CEO, Rapid
POLYGLOT API
APIs > dashboards — it's like comparing a store that sells fresh produce to a flower shop. Sure flowers are pretty but produce is nourishing and can be mixed together in all kinds of ways. 2023 is the year of APIs that are polyglot — joining data across database, systems and clouds to make DevOps more powerful but with added complexity.
Chetan Venkatesh
CEO, Macrometa
API OFFERS OPERATIONAL EFFICIENCY
As the recession takes a toll on tech workplaces, APIs will continue to offer what every company is looking for — operational efficiency. With the help of APIs, teams can do more with less and in a much faster way. While APIs can't solve all problems, they can drastically increase workflow and enable automation to offer better experiences for employees across all industries.
Gleb Polyakov
CEO and Co-Founder, Nylas
BUSINESS SIDE USES API
As API-first companies continue to prevail, I firmly believe that business units such as HR and marketing will increasingly be testing and automating their essential business capabilities using APIs throughout 2023.
Kin Lane
Chief Evangelist, Postman
API REGULATIONS
The use of APIs has greatly expanded the ability for developers to innovate and reduced the time required to deliver new apps and features. But there is a well-understood dark side: a massive increase in points of potential vulnerability within complex enterprise code bases. 2023 will usher in regulatory activity intended to ensure API endpoints are known (a surprisingly large number are not) and controlled. This regulatory activity will increasingly have financial "teeth" (i.e., stiff fines for failure to comply) and will also be more prescriptive in terms of technology. Specifically, many will require systems able to continuously scan codebases in order to build and maintain accurate inventories of API endpoints. An example is the New York Department of Financial Services, which is amending its 2017 cybersecurity regs (23 NYCRR Part 500) to include the requirement to maintain a complete and up-to-date asset inventory, which most interpret to include APIs.
Eric Minick
VP Product, CodeLogic
API SECURITY IS CRITICAL
With the continued adoption and reliance in the industry of Microservices Architectures, API Security is a critical component of any organization out there in 2023 as an outage or targeted disruption of APIs leads to entire web applications unable to serve end-users. Ensuring that the right security mechanisms are in-place to protect against this phenomenon will be critical. Helpful guidelines such as the OWASP API Top 10 can help in reducing the attack surface and properly anticipate against common API attacks.
Mike Elissen
Senior Developer Advocate, Akamai
SHARED MODEL FOR API SECURITY
API sprawl and protection will be the biggest thing that development contends with in the coming year, and how security teams can start to shift left the right way, the prioritizing of development needs with security priorities. Additionally, next year, we'll start to see a shared model for API security that doesn't treat different stages of the pipeline as disconnected points. End-to-end API security platforms will start to recognize problems in development that are only discovered during runtime today.
Sanjay Nagaraj
Co-Founder and CTO, Traceable.ai
API MARKETPLACES
The external API marketplace will become a common enterprise offering — In 2023, we will see many companies start releasing external API marketplaces for both increased visibility and the monetization of APIs. Traditionally, these external marketplaces were only common for specific companies such as eBay and Salesforce, but this is quickly changing.
Iddo Gino
Co-Founder and CEO, Rapid
API MONETIZATION
With mounting economic pressures in 2023, companies will be trying harder than ever to make every asset of the organization profitable. Whether it's data, services, functionality or otherwise, APIs will be a go-to for monetization and creating new revenue streams quickly. Because of this, organizations will also continue to invest in top developer talent.
Iddo Gino
Co-Founder and CEO, Rapid
GATEWAYS WILL BECOME A COMMODITIZED SERVICE
Open source tools or cloud vendors are providing their gateways next to free. With that, we will begin to see a tumultuous time for legacy gateway vendors no longer able to rely on vendor lock-in driven by table stakes API management functionality. Separating the winners and the losers will really come down to who focuses on delivering a seamless developer experience that offers a path for utilizing multiple gateways.
Iddo Gino
Co-Founder and CEO, Rapid
Start with: 2023 DevOps Predictions - Part 7, covering automation.
Industry News
The Software Engineering Institute at Carnegie Mellon University announced the release of a tool to give a comprehensive visualization of the complete DevSecOps pipeline.
Synopsys has entered into a definitive agreement with Clearlake Capital Group, L.P. and Francisco Partners.
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
Nokod Security announced the general availability of the Nokod Security Platform.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.