The Department of Defense (DoD) — the federal government’s largest agency and the country’s largest employer — collects a nearly incalculable amount of data.
There’s business analytics and decision support data, acquisitions, logistics and financial transaction data, and operational data ranging from reimbursement rates associated with Army Ground vehicles to data for Joint All Domain Operations designed to give troops an advantage on the battlefield.
However, despite all these rich data sources, defense agencies haven’t been able to fully harness data as a core strategic asset. Part of the challenge is that many of the systems defense agencies use don’t have interoperable capabilities, but even when agencies modernize their systems and employ cloud-based applications, they must confront challenges with data complexity and an ever-growing volume of structured and unstructured data sources that must be cleaned up, properly formatted, and managed.
With the announcement of the DoD’s new data strategy last year, the agency is taking steps to evolve into a more data-driven organization. An essential part of its strategy is to make data more accessible, specifically to improve data access, sharing, and control through reusable application programming interface (APIs). To support greater system interoperability and digital modernization, defense agencies will need to consider an API-led approach to unlocking data within the DoD. Leveraging APIs can help defense agencies realize the DoD’s new vision for data.
However, before your organization exposes its APIs, here are four key questions you need to consider first.
1. What critical challenges do we need to solve and how will exposing our APIs address them?
Defense agencies face a variety of data management and business process challenges. Data silos tend to be the norm. There’s not a common nomenclature for data across the enterprise, and it isn’t readily accessible or available in a timely manner to allow officials and defense personnel to make informed decisions that further each agency’s mission.
APIs effectively address all these challenges because they create an abstraction layer, so data consumers and data owners within and outside your organization can easily and securely access this information and connect it to other systems, applications, and data sources to access richer insights and achieve greater operational efficiency.
Before your agency considers an API-led integration strategy, you need to identify your core challenges and mission needs. For example, your agency may need access to real-time analytics to curb fraud, waste and abuse within your supply chain or may want to eliminate data sharing barriers with inter-agency partners.
Similar to any other technology procurement, your organization needs to map out its most critical priorities, assess the key benefits APIs offer — and understand what life cycle management of these technologies entail — to evaluate whether the operational benefits you’ll reap from opening up your data is worth the trade-off.
2. How do we deal with data complexity?
Traditional approaches to data clean-up and preparation are onerous, manual, and time-consuming, so your agency will benefit most from solutions that automate this process and that allow you to easily access structured and unstructured data stored in legacy systems like mainframes.
An API hybrid integration platform with mapping and transformation capabilities can help you tackle data complexity without introducing more risks or costs within your operations. You can use it to convert data across applications and systems into common formats to resolve issues with data accessibility. This is critical to translate data into insights you can use to gain more visibility into your operations and make forward-looking decisions.
3. Who should have access to our APIs —partners, fellow agencies, or even citizen developers?
Your organization should have clear use cases and governance policies around when to expose APIs and to whom.
Different users come with different risks. There might be more of a necessity to expose APIs to your partners and fellow agencies because these entities may need this data for various missions, such as a defense contractor who supports combat operations or commanders in the Air Force and Army who are coordinating a strike.
However, exposing your APIs to external developers often comes with more considerations. An API portal that consolidates identity and access management and creates a single endpoint through which third-party developers can access your data may be the most effective and secure way to expose your data. Working with a platform integration provider can give you access to this resource and will enhance API security because a provider will typically use API keys and OAuth2 protocols to authenticate and authorize users.
By leveraging a portal to expose your APIs in a controlled, secure manner, your organization also can achieve a holistic view of your API ecosystem, monitor who has access to your data and how they’re using it, and take advantage of these technologies to improve efficiency, analytics-driven decision-making and data sharing with the public and across agencies and partners.
4. How are we going to manage the full API lifecycle and secure our APIs?
Many organizations rely on custom point-to-point integrations for APIs, which makes it harder to establish an enterprise system of record. This approach also adds complexity and doesn’t provide a truly holistic view of all the data, apps, and devices associated with APIs.
This is why adopting a hybrid API integration platform is so crucial – it brings integration and lifecycle management capabilities together under one umbrella. This platform offers capabilities that drive the planning, design, and implementation of APIs all the way through to the testing, publishing, maintenance, versioning and decommissioning of these software technologies.
A hybrid API integration platform also has distinct advantages from a security perspective. According to Gartner, exposed APIs make up 40% of an organization’s attack surface. An integration platform has gateways that provide robust runtime security, user access controls, traffic monitoring and auditing capabilities, along with built-in threat detection policies and the ability to enact dynamic security policies tailored to your organization’s governance requirements.
With these capabilities, a hybrid integration platform will allow your organization to enhance API security without disrupting the underlying infrastructure users rely on for timely access to data for mission-critical operations.
Bringing Data-Driven Operations to the DoD
As the DoD’s new strategy illustrates, data has become integral to strengthening national security.
APIs can help defense agencies maximize existing and new data sources to drive efficiency, innovation, and better decision-making. As your organization considers exposing its APIs, keep the four previously mentioned considerations in mind. Doing so will help your organization reap more value from its data without compromising security.
Visit Software AG Government Solutions’ resource hub focused on addressing the needs of the Department of Defense to implement a Data Strategy in a secure API-Led Approach here.
 Primary source – Gate Gartner Report: https://www.gartner.com/en/documents/3956746/api-security-what-you-need-to-do-to-protect-your-apis