There’s no doubt the last two years have seen an accelerated push to move the majority of workloads to the cloud. You can’t talk about cloud migration without talking about how you manage your application programming interfaces (APIs.) Because APIs are how you build and connect your cloud-native applications.
Instead of properly breaking up and preparing workloads, many of these digital transformations have just been of the ‘lift and shift‘ variety — which only offers a fractional advantage. That’s because, whether self-dubbed cloud-native or truly legacy, many organizations have failed to initiate the organization-wide API management strategy necessary to break away from the monolith and unlock business agility.
Making the move to cloud-native takes a mindset shift toward business-first that drives future tech choices because you can’t have cloud migration without app modernization.
Why Make the Move to the Cloud?
In the time of the Great Resignation, the same old will not retain tech talent. Engineers are creative workers looking to build interesting things to solve interesting problems. They want to continue to develop, learn new tools, and release fast.
In order to stay competitive, business looks for new ways to move fast to respond to ever-changing user demands. Traditional, centralized architecture comes with its limitations, yielding a very top-down Waterfall release cycle that sees new cloud-native competitors soaring by.
The cloud-native architecture allows for auto-scaling and better capacity management, which is essential for both semi-predictable situations — like seasonal peaks for online retailers — and less-predictable situations — like video-conferencing tooling in March 2020.
The inherent centralization of legacy architecture lends itself to a false sense of security around API programs and applications. Sure, it does have a lot of bottlenecks slowing down releases, but most traditional organizations don’t have nearly as much command and control over their systems as they think.
The only way to do this effectively, securely, and stably is by moving most of your workloads to the cloud. That’s why 90% of organizations have accelerated their cloud usage in the last two years — some more successfully than others. You just need a plan.
Breaking Away From Lift and Shift
Not all applications are the same. This may sound logical, but when moving to the cloud, so many enterprise applications and functions are lumped in together. Instead of looking at your cloud migration as an opportunity for quality and differentiation, enterprises are in such a rush that they just try to lift whole systems to the cloud.
Before you even consider the move, bring all business, technological and risk management stakeholders to the table to understand their concerns and their priorities. And don’t forget to factor in key end users and strategic partners who may be more than a little disrupted by any change.
Together, it’s important to classify the different kinds of legacy applications you are dealing with:
Lift and shift – there will be some applications that, for now, you really do want to re-host as is, often the most complex or the longest running. These options have a minimal upfront cost but, if done across your legacy architecture, bring very little long-term payoff. Without optimization, operations costs soon spiral, and many organizations drift services back on-premise.
Minimal viable refactoring – You also may perform the bare minimum changes needed to re-platform. This is better than just re-hosting, but usually not enough to see a true impact of cloud migration.
Replacement – this is when some services are too expensive to maintain, and it’s simpler and cheaper to move to another version or product, whether built in-house or leveraging third-party providers.
Re-architecting – Usually the most costly part of any migration, but with the best ROI, this is when you strategically break up your monolith to increase scalability, performance, and reliability.
Starting fresh – Anything new you build with a cloud-native mindset and API-first design.
Retirement – Some applications simply don’t provide enough value for their cost to maintain or migrate. But you need to know their dependencies before you deprecate them.
Retain – Some data workloads, at least for the foreseeable future, make sense to stay right where they are, in the company’s private data center.
Already in the process? It’s time to hit pause before you invest a lot of money only to increase your technical debt and decrease security. Being cloud native means being more careful about your tech choices. This will pay off in the long run in operational efficiency.
As Tim Femister wrote in Forbes, “in a wide-scale migration, each application should undergo a basic analysis to consider if a rebuild, replacement or retirement strategy is appropriate.” So before you even consider your shift, really understand what you’re working with. This level of analysis, he wrote, is often referred to as “an application-based cloud assessment and migration plan to chart an optimal path to a cloud provider.”
But even the best-laid plans go awry.
Your Cloud-Native API Management
Most enterprises are pursuing a hybrid cloud and multi-cloud strategy — even leaving some applications on-premise — that allows them the flexibility and scalability they need without vendor lock-in. Cloud, on-premise, and edge. Microservices and Kubernetes. Service mesh and API gateways. This allows for a shift that may take longer but prioritizes quality and long-term business payoff.
While it means it doesn’t matter where you are building and hosting, it also increases the complexity. The cloud-native world has new levels of complexity that mandate centralized control. And they necessitate ways to abstract out that complexity so both technology and business gain visibility.
API management for cloud-native companies is centered on the design and the opportunity to automate and enforce policies without a need for bulky, old-school architecture. Proper API management is part of the success of your cloud migration as it gives you a full view of your API ecosystem, including who has access to what API and any external APIs you’re integrating with.
Better API management includes:
- Differential resource usage
- Security and compliance policy enforcement
- Consistency (like naming, endpoints, and error codes)
This allows for developer autonomy while still maintaining quality and security standards. If an API management platform has templates or other methods to encourage reusability, it speeds up the cost and time to build across an organization.
A decentralized approach to API management is necessary to evade vendor lock-in and enable the usage of different API gateways and service mesh. It also enables you to run in multi-cloud and hybrid cloud environments. The popularity and logic of event-driven architecture mean you need the flexibility to map and build around changing customer demands.
Manage Your Whole API Lifecycle
However, better API management offers a more centralized view of your entire API ecosystem — both those your organization is building and what it’s inevitably connecting with externally. This is often called API lifecycle management.
It’s essential to review your full pipeline and data capabilities in order to, as Garrett Alley put it, secure data in motion and at rest. Role-based access control and two-factor authentication are a must.
Continuous testing and monitoring are needed throughout your transformation and beyond to ensure not only security but quality, reliability, and availability.
An API lifecycle management strategy should be integrated within your continuous delivery pipeline, giving you a full view of not only the build and release but continuous quality, security, and integration testing. Cloud-native, more often than not, means Kubernetes. A good API management platform will also factor in:
- Workload management
API lifecycle management also enforces better design for consumption, so you waste less time and money on building APIs which can’t even be consumed. And, of course, it’s not just about what you’re building, but what happens when it’s out there. API observability is a must to make sure you can really trace every issue back to what went wrong, which release, who made the change, and more.
Finally, it’s time to update your Service Level Agreements (SLAs) for the cloud — hopefully promising better uptime for your cloud-native apps — and enforce them through your API management platform.
When all else fails, it’s important to remember a cloud migration is as much of a business transformation as it is a technical one. The more people you involve in your plan early on — and give insights via a centralized view — the more successful you will be. Good luck!