By Aaron Sandeen, Phil Manfredi, and Kiran Chinnagangannagari, Zuggand Co-founders
In part one of this series, we highlighted the initial steps to take when establishing and implementing an API-focused digital strategy. First, work with business leaders to clearly define the corporate objectives, assess business risks, prioritize transformational initiatives and implement an action plan. Next, establish the culture by ensuring top-down alignment, empowering your teams and constantly challenging the way the company has always run its business. Then, and only then, should you turn to technology.
Although API management was a key part of our overall digital strategy at the state of Arizona, we recognized that true digital enablement of the state required an enterprise platform approach. In this second part, we will go into more detail about building an API-driven digital platform using open-source technologies to enable an organization’s transformation.
We learned many lessons along the way, and we highlight a few of them below.
Consider open source
Traditionally, government entities shy away from open source solutions, primarily due to security concerns. At the same time, these entities often face budget and resource constraints. They are always being pushed to do more with less, and they struggle to maintain high levels of quality service delivery as a result. Although private enterprises appear to be less skeptical of open source in general, there are still many organizations that do not yet consider it an option.
However, there have been some major advancements in open source solutions over the past several years. Some large enterprises are doing millions of transactions daily on open source technology stacks. Leveraging open source technologies allows the organization to be more nimble. The flexibility offered with open source allows enterprise IT groups to experiment with different platform components and tailor them to meet their specific needs.
Like many government entities, we faced budget constraints at the State, so we began to research open-source enterprise platforms and solutions. We adopted Drupal with its advanced functionality as the content management system (CMS) for State websites. For a middle-tier, our research led us to the WSO2 enterprise middleware platform as a suitable fit for our needs, since the platform’s products were multi-tenant, cloud-enabled, and built to work together.
Together, the open source solutions allowed us to improve the quality and capacity of business services by making core enterprise capabilities accessible via a flexible and open platform. In addition, we avoided the traditional costs associated with licensing fees, ultimately driving down the overall costs of supporting the platform. We were very impressed with the capabilities and scalability of both Drupal and WSO2, which were critical to an organization of our size.
Start with identity management
Whether controlling access to APIs, web portals, mobile applications, or enterprise services, identity management is at the heart of ensuring the security of these assets. Therefore, as you begin to build out an enterprise digital platform, identity management, including the authentication, authorization and management of users, should be your highest priority.
More than likely, your enterprise has disparate identity management solutions deployed across its systems and services. This could be for a variety of reasons, such as the need to help bridge the gap from legacy technology to more modern services, or the completion of a merger or acquisition requiring heterogeneous technologies to be integrated to ensure the enterprise is secure. Regardless of the drivers, you need a comprehensive identity management solution that allows you to create a single profile for each user in the enterprise.
Using a single registry of user identities with a centralized management interface enables quick, easy provisioning and deactivation of users. Single sign-on (SSO) eliminates the need to enter a password each time users log in to a resource, which saves around 20 seconds and increases productivity. Additionally, SSO facilitates adoption, since it reduces the barriers to using resources and applications. Because SSO provides an easier way for users to authenticate their identities, there are fewer help desk calls for password resets, resulting in bottom-line savings. There is also an improvement in reporting and monitoring, and having a single repository for auditing and logging access to resources provides streamlined regulatory compliance.
While at the State of Arizona, we recognized that identity management was a digital capability many agencies were building from scratch. There were also other capabilities being built from scratch – content management, payment processing, and system integration just to name a few. The development and overhead costs required to build and support these siloed solutions were not insignificant. In order to reduce risk, the State needed to develop standard enterprise capabilities, including a centralized identity management solution, to ensure the long-term sustainability of providing those services.
Take an MVP approach
Digital platforms are the big ticket to innovative business models. They can decrease time-to-market for new products and services, reduce overall API development costs, increase security, remove the complexities of data sharing, and potentially allow organizations to monetize their digital assets. However, deploying an entire digital platform can be a daunting task, especially if not architected in a way that allows for adding capabilities over time.
The most effective way to begin transforming the business is by taking a “minimum viable product” (MVP) approach. In other words, do not try and build out the entire horizontal base of the technology pyramid. Instead, focus on building an end-to-end vertical “sliver” of the pyramid, ensuring you can show value all the way from the systems of record to the end user. It is absolutely critical to build an MVP version of the front end as well.
To accomplish this however, you need a modular platform that allows you to deploy capabilities as you require them. And by using a comprehensive platform, you eliminate many integration challenges caused by deploying disparate technology. This will result in faster deployment times and less demand on your developers.
Over several months, we deployed many of WSO2’s components and began to build out the cloud-based Arizona Enterprise Services Platform (AESP). The initial strategy was to leverage particular WSO2 products to show value in the enterprise platform approach, specifically the Identity Server, Data Services Server, Enterprise Service Bus, Business Rules Server, and the API Manager. In addition, we developed standard, mobile-ready themes and began to migrate legacy agency websites to the new platform to show value to leadership.
Employ API management as a digital enabler
We’ve looked at some of the business and technology strategies that feed into the organization harnessing APIs. Now let’s take a closer look at the management of those APIs.
API management is an enabler for process automation and digital workflows. What are normally manual processes can be streamlined by leveraging the digital assets from various parts of the organization. By standardizing on one system of record, and giving the enterprise access to those records via an API, you ensure faster and consistent delivery of that information to your customers, regardless of the delivery channel.
As an example, the Arizona Department of Environmental Quality (ADEQ) was performing manual verification of an entity’s corporation status. Through the integration between ADEQ and the Arizona Corporation Commission (ACC), ADEQ was able to leverage APIs from ACC to automate the validation process. The end result was the reduction of the overall processing timeline from several days to mere seconds.
API management also gives the enterprise the flexibility to “future-proof” the overall digital platform ecosystem. By providing a single interface to a particular service and masking the back end complexities, the service could be enhanced or replaced without impact to the front end applications. In addition, APIs can support any unanticipated future uses by making the service readily available as the enterprise’s needs change.
For instance, as part of our digital transformation initiative at the State, we had an immediate need to replace the legacy payment processing system. In doing so, we architected the solution so that agencies could leverage the new payment processor via a single API. If at any point in the future, the State determines the need to add more payment processing capabilities, or to replace it with another solution, there will be minimal impact to the applications.
Change or be changed
With the consumerization of IT, your customers are demanding access to your services anywhere, and at any time. External pressures, such as the explosion of platform-based competitors, are disrupting your industry and forcing you to change. And the business is frustrated because IT can’t move quickly enough to deliver the capabilities needed to provide quality services to its customers.
APIs have captured the imagination of enterprises as an agent of change. But the most important agent of change will be you as the CIO. Technology is important, but it truly is all about the customer experience. There is tremendous value in the data stored in your enterprise systems, but you need the right digital capabilities to extract the value from it. With a comprehensive digital transformation program established, and a digital platform capable of providing the flexibility the business needs, you can be successful.
Change is inevitable. Are you ready for a transformation?
Authors Aaron Sandeen, Phil Manfredi, and Kiran Chinnagangannagari, co-founded IT consulting firm Zuggand (http://www.zuggand.com) in 2015. Collectively, they bring more than 50 years of experience in IT strategy, management and transformation for private and public sector organizations. Most recently, they served as chief information officer, chief strategy officer, and chief technology officer, respectively, for the State of Arizona.