Accelerate cost savings with API management
foreign [Music] thank you everyone Thanks for uh thanks for joining us for the session today uh on accelerated cost savings with API management um hopefully everyone's had lunch and caffeine although it is an exciting topic um you know I'm grateful for everyone who's joined us here live in in San Francisco um so today I'll I'll talk to you briefly about not just accelerated cost Satan but also an increase in Innovation that increasing speed of innovation that comes with looking at apis more as products than as an individual technology itself um my name is Neil Swartz I run outbound product management for apogee here at Google and and my path to API started Way Way Back on network infrastructure then went to Security application security finding holes in various places in infrastructure and apis and ultimately led me here to to apogee here at Google and in today's session we'll also talk about business so not just purely the technical underneath it but the lives and the technology at the top um there's one question my timer's not running which means I can hold you here longer I guess they're doing it cool I snuck in a few extra minutes um so on the business side I think what we hear our customers talk about a lot is that ideally the fastest path that they can think of we would help them with and that is to get their ideas and their company value as quickly in the hands of customers as possible and ideally that's a straight line it's a straight line into a product and from there directly in the hands of customers but as we all know it's not quite that simple and certainly not when uh customers are are changing how they want to buy from you what they want to buy from you how much they want to pay for it Etc now it's within within that context of getting value as quickly as possible to customers as we'll see in the presentation apis play a very important role but to start off first like why is that role so important is because the reality of working towards this goal of getting your services and products and value to customers digitally that they're faced with a multitude of not so straight lines it's a very easy path to to get from idea to you know to another idea but how do you get to execution and specifically this digital Journey for organizations that aren't the size of Google or that aren't the size of you know 500 a thousand ten thousand people um those organizations tend to uh to run into a couple of challenges and this is just but one small piece of it so firstly in order to develop any of these digital Solutions there's the actual development cost itself like what do you or how many developers do you have and what is it they spend most of their time on so there's a challenge on optimizing the velocity for Developers on the other side there's the risk of now you've developed something customers show up and start using it in massive quantities there's the hockey stick effect that might happen in other words now there's attention you have to spend on not just setting up the infrastructure once but supporting it throughout this peak of usage or even the reverse and that is cost optimized for those cases where you're not using it all the way through to how do we secure this plethora of decisions that led to you creating a product and delivering it to customers maybe not just within your region but making your business available to elsewhere in the world and then lastly but certainly not the least at the end of the day you're using technology and building apis to get to this outcome let's get the value from the customer transformed into margin and revenue monetization for you so the starting point of this presentation is like look there's a plethora of um challenges along the way to get to this digital uh digital means of communicating with your customers and some of these patterns have repeated itself and that's led us to create a set of helpful technologies that ultimately aim to solve some of these problems how do we get customers value from your organization faster and three of the top questions that come into mind with customers is is not just sort of how much new technology are we using how much of Google's keynote are you using in your infrastructure but do I know that I I have the best infrastructure for my purpose am I using the right things out of all the possibilities that we have are we spending like enough are we spending too much could we optimize our costs could we lower our our monthly bill um or could we utilize and swap out entire Technologies so that certain developers no longer have to focus on infrastructure no longer have to focus on repeating themselves and instead focus on business Logic on top and then lastly across all of this security is often seen as a tax that is applied at the end but we're looking at this as look it's not just security for Security's sake it's how do we make sure the data of your customers and your intellectual property is kept safe but also the systems so that you don't inadvertently spend tons of money on for instance API calls that end up nowhere so while these questions are not unique to apis it is a big challenge for mid-sized organizations and above to solve for some of this and I'm here to say as an advocate for apis that the good news too is that apis themselves offer a way for you to get all those outcomes that is to say apis power the majority of the digital interactions that are out there today and have done so for decades but they're also a key area for further optimization and one of the biggest things that mid-size organizations or even earlier stage companies have is not can you build something but are you building the right thing for your end customer a large chunk probably more than two-thirds of the Silicon Valley Investments that go into companies end up in awesome products but no one's using them so investing the right way but also the right ideas and iterating fast is one part of where we want to go and we've seen that companies that start utilizing an approach that favors looking at an API as a product we see that they're getting better results both on optimizing but also finding the right product to build and in general over the course of about 12 months measured these companies that have taken a strategic approach to apis end up generating more of them which you know self-serving is obviously beneficial to to us but for apis in particular and all of the ideas that you can help unlock there are sets of other strategies at play too and we've captured all of those um those strategies and all those capabilities in a set of a set of services that no longer is just available to the largest companies out there but it's available from whatever usage you have from the first API call you have up to the billions that you have um and this is sort of the area of API management you've heard of it as API management or full lifecycle API management but the case in point is that an API represents a contract it's the contract it's delineation between your group and the organization that builds sets of business logic and a partner or a business unit or you know an ecosystem developer that ends up wanting to use your infrastructure and I I'd call it a contract for a very specific reason it's an agreement between you and the other party to not change that portion of your functionality if you've done so you can iterate more quickly on the back end faster using Technologies such as the ones we're talking about here it's important to note that it's for for any use case um quite literally it could start off with simple integration use cases all the way through to developer ecosystems that end up in multiple digital portals of various kinds where new modes of communication are taken care of at the end of the day they're all API calls and they all represent similar value but also similar challenges and it's this any scale that we mentioned in particular in the current economic climates to say look you shouldn't just have to lock yourself into massively long contracts but utilize exactly what you need and know more and spin down as you no longer needed the other side of this from a cost optimization perspective is that oftentimes when you pick a technology or you decide a strategy around apis as products all of a sudden additional constraint constraints and concerns show up from a security perspective this is not just the basic you know am I authenticating the right person or the right system am I authorizing them the right thing but also what type of attacks do I need to defend against what do I not know yet from a tax perspective what is all this new technology like gen AI going to do with the consumption of these apis so there's an entire class of problems in the security space that tended to mean you have to have a separate set of tools or a separate department for it but we believe that that's not necessarily the case you shouldn't have to do that and then lastly for every developer we we strongly believe that some of this technology should be available not just to a specific size company for all of them but also enable the use of these apis for any type of developer whether or not you're sort of a hardcore directly into the weeds developer or someone who prefers sort of more visual tools more Loco tools so for us apis we're not just part of how we got to where we are but we also think it's a fundamental enabler this contract to this product for new technology in the future and there are a couple different areas for further maximizing value of these apis like how do we do more with it it's great that there's technology but at the end we want to get as much value out of it as possible as possible there's sort of three different categories that we look at here including some interesting announcements so one part of this is at the end of the day you could stand on the shoulders of someone else when you utilize someone's API so how do you get your ideas faster to life faster to your end customers or the potential end customers and standardize that access and reduce the need for specialized skills for them to take and make use of this back backend service the middle section of this do more with less I run part of product management and I'm always told by our engineering team like that's great you want 100 things done but in reality we're only going to fund 10 of those how would you apply that same prioritization mechanism to your own business by just carefully selecting where you invest and where you reuse and then lastly we talked a little bit about the security side there's much to be said on that topic we have some separate sessions for that that are recorded and made available just to look at how we bring more security capabilities in the hands of the people who want to build apis but aren't necessarily Security Experts how do you not burden your teams with security overhead so with that in mind let's start with the build faster how do we get um how do we get your ideas encapsulated into reality Faster by utilizing apis so one part um of what we've announced and we're announcing here at Google next is is this notion of helping people go from from a let's call it a novice API idea to something that is an expertly crafted API specification that could almost instantaneously be utilized as an api's product and what I'm showing to you here on screen is is duet AI cooperating with apogee to help craft API specifications and ultimately deploy this inside of apogee again the goal here is to help those developers that want to focus most of their attention on something else but have to make sure that this service is made reusable for others made discoverable and part of what we're doing here is enabling an IDE experience where certain prompts are put in like accept purchase orders for specialized coffee beans through a web API the very first part of this is that we take you know General understanding of what API specifications are and help suggest the specialized statements that go in there now at certain scale once you started using this what becomes interesting is that these specifications that are offered um will start to be made better based on other specifications that it has access to specifically for mid-size organizations assume that you have a catalog of all apis that becomes input to train this case the model to help your teams be more effective get to API specifications that are built with this idea of product first in mind and get to ideas faster what we're announcing later here in next two is that there's a trusted tester program that you can you can apply for at the end of the slides but this is one of many places where we think that we can accelerate the development of those ideas into value to your customers by making use of Technology again not technology for Technology's sake but for an end goal another part of this too is to make the technology fit into more of the use cases that you might have and without draining the entire slide at the end of the day an API gets processed somewhere before it's fed to multiple different back-ends part of this is what we call the runtime that takes care of all the functions that we briefly spoke about and one of the developments in this area is to make it possible to load a set of policies across all the apis you have we'll call that standard API proxy and that could be used as a starting point to just put up a facade in front of a new service that a team has been building without really bothering too much about what the ecosystem is that you're building around it and then contrasting that with what we call an extensible API proxy which is essentially Soup To Nuts everything that everyone knows about API management detailed policies authentication authorization Transformations ecosystem management developer management Etc now the reason I just even touched this here is that the the tooling that is now available allows your organization to move fast while already standardizing on on the technology that will be helpful to Monitor and ultimately monetize these apis uh in the protection of course as well and on that note another part of um of the overall offering that we think is really relevant for mid-sized companies and above and even smaller companies is this notion of being able to start off with an API again generated for instance with duet Ai and then fast iteration in the back end using what we call application integration the notion here is that humans by definition want to optimize for their own time and we agree we want to do the same thing and what we've noticed is that workflows and Integrations typically tend to follow a number of fixed patterns that always start off with a trigger on the left hand side most of the time as an API call set of data Transformations a set of conditions that are brought in and ultimately a set of connectors to either drop in or fetch additional data that entire sort of Suite of functionality is being Rewritten hundreds of thousands of times and instead of doing so what we're suggesting here is take this approach of projecting value to customers through an API turning that into a contract that doesn't change for your partners or for your um your development partners and at the back end iterates super fast on what that workflow can look like and once you've settled on something that's of value for your end customers then you can further optimize and maybe further enhance it and that's what in this case a visual path of helping you iterate faster these Integrations so all of that the main attention is bring ideas to Market faster because that's one of the big differentiators that you you have by utilizing technology again not technology for Technology's sake but for a particular purpose the other section or the other big area where we think there's more optimization possible in maximizing value is to look at well how do we take what was originally true for large organizations and slice and dice it down to a set of usage patterns that fit your organization and without going into details of the commercials one of the things we've noticed is that these technologies that are available for apis would like like to follow the model of exploring your ideas first trial it when with what we have and then matching it with either a short-term contract literally whatever you use is ends up being paid for or go for longer term fixed cost setups with subscriptions the only reason I bring this up again is to show you that this is not just technology available for large organizations it is in fact very helpful for for smaller teams and smaller organizations too the other big advance in this area is to say well that's great we have technology we have an API management platform we have something like a product but how am I going to make my case for other parts of the organization or how am I going to help other teams do work for me as the API developer in this case and one thing we've noticed is that um oftentimes a lot of the analytics data from apis the behavior of certain clients certain applications that come in or the relevancy of the developer program like how many people have um you know active developer tokens for apis that type of technical information is not just relevant for uh for the teams that run the platform but also for teams that are on the business side who know more perhaps of the financial transaction that happens the you know the rate at which people will complete purchases the reports that have to be generated around costs the reports that that varies Folks up in the treatment have and one of the things we've done is like rather than having you create further Integrations why don't we just create the capability that all the data that pertains to these apis is made available in a business intelligence platform in this case Booker data studio and with that immediately an entire host of reporting questions and data analytics questions is moved away from the harder core technology of API management into the realm of pure data intelligence so we bring API information that's in apogee we bring that over into looker for intelligence we also do that in a cost-effective way by not just copying a bunch of stuff make it available as a data source and then either come up with standard dashboards or use AI inside looker to ask natural language questions about data sets about how the joining of two or three or five data sources ends up with a result for this API program or this type of action that's taken so with that we're bridging between the various technologies that are there and we're doing it without turning that into your problem and we think that's sort of a pattern that we're we're trying to get to and then lastly on sort of maximizing value this is only so good to the moment that you can trust it and the trust Factor here is is critically important we think and it's important because it's all your data it's a new entry point in your organization and what we've done there and we'll keep doing is riding along with everything else that the larger Google Organization has made available and is announcing here in um in Google next as well and that is conceptually to take the information we already have about these apis about the the ecosystems that you've created the transactions that pass through take that analytics data and unleash sort of security models on top of it so not just look at policies that are created but also the activity on these apis what is anomalous behavior from a pure API perspective that's what analytics offers today what do we want to add on top of it things like bot detection like who is scraping our data who's going off with all the you know the purchasing behavior that you have or the entire price list catalog you have or is um you know maliciously impacting marketing numbers based on fake requests that come in to all of this all rides on the same information and the past World it meant that all this information had to be given to a security department expensive enough so what we're doing here is we're bringing those security capabilities to the API management platform and in this case riding along with what's already collected running models against it models against the traffic and it's the same machine learning models that are utilized for larger Google properties in the outside world and continuously recognize activities that don't really fit well with the normal behavior and obviously identifying it is great but if I tell you there are a thousand things wrong you clearly want to know the next step which is what are you going to do about it and that's where a set of mitigating actions can be taken by the same API platform again it doesn't matter if you go you know the the you only have a few apis or you've got billions of API calls the same capabilities exist and are made available and in this case mitigation can mean many things it can mean look we don't want to actually receive this traffic whatsoever or we want a signal to your business logic in the back end this looks kind of funky we've received it from a certain geography we've seen certain behavior that makes us think that this is not really legitimate traffic but we don't know enough yet we want you to make a next call then it might be that you know you're you're not going to give this particular product to someone else or you know you'll lose some extra fraud checks in the back end the key though is that the problem of securing these apis becomes a collaboration between your team in this case uh us an apogee and your security organizations and the context is shared between the two and this at the end of the day all leads us to um to a set of main questions that is do we have a way to look at apis not just as technology but as a way to unlock and to explore new and open new use cases for end customers and we think the answer to that is absolutely true yes we see many of our customers generate new revenue streams on the basis of creating apis and they firstly started off with using apis pure list integration technology and started moving in the direction of more ecosystems creating adjacencies by integrating with partners that are adjacent to them creating net new entry points for new customers all the way through to all the way through to capabilities that allow you to engage with newer Styles developers that work in entirely different fashions so apis really are at the front door to every digital asset that you have in your organization and one particular example of a company that's gone through this journey with us and is still on this journey is this company called L'Oreal everyone knows them large Beauty brand but what's fascinating to take away from from this particular example is they move from the origins of apis as purely means to get faster communication between disparate parts of the organization to sharing more services with other groups in other words promoting reuse reducing costs by varying the costs across multiple business units all the way through to new capabilities in apis as products that are created by engaging developers marketing organizations with the product sets they have through digital means and again this is a multifaceted not just purely one API technology but the starting point is an API is a product turns into a contract where the party in this case L'Oreal has the capability to iterate fast on the inside of the organization while the outside can rely on a known interface into the organization that is trusted and protected and in general what this points at is is a concept that I've not named but I've talked about here another is to rope in the platforms more and more to abdicate functionality into and for those of you who are closer to software development you've heard the industry and we're part of that too we've heard you've heard us talk about shifting left moving certain functionality whether or not it's from a code quality perspective to security vulnerabilities move all that burden closer to the earlier stages of product development or in this case software development in building and development let's move most of the technology left in addition to that though we've seen that that generates sets of concerns with development organizations we're not trying to turn everyone into a security expert we're not trying to turn everyone into an API expert some folks are dedicated mostly to business logic and they should be and the the term that we've we've worked on here is to focus on shifting down in this case shift the burden of some of these integration capabilities some of these API capabilities further down into the platform so that you're freeing up your development resources to work on the things that truly create value that are differentiated to you and we think that you know by by making use of apis and looking at them as products utilizing a platform that helps you secure it and go faster we get this Nifty model where you can shift that burden further down while controlling cost in running that platform so we've got Jeff one more term not just shift left but we also want to shift this functionality down into the platform and we're happily we'll we happily do this for lots of customers and we happily do it for more and just to sort of prime more ideas um there's sets of examples here of companies that have used apis as their core strategic tenant to explore and open new revenue streams and they're not just limited to Pure tech companies like Financial Services everyone here probably knows stripe their biggest product is essentially an API there are many of them right now but the key thing is they've spent so much time developing and crafting the API itself and helping developers get into this ecosystem that they've now become the de facto standard in payments likewise for other technology companies twilio is very well known source for anything communication related if you ask a crowd of developers like who's really sent a text message using Old School Technology the answer right now is like mostly none like everyone uses something like Twitter for it but the core there is it is a product in this case it's the API and your teams can depend on it because there is a contract all the way through to not just capabilities that are technical nature but also data sharing so think of your organization what data can be made into value for partners or for other departments one very prominent example AccuWeather where they're exposing data for specific audiences tailored for specific audiences you know in addition to the primary Outlets that they have in separate applications all the way through to look maybe you're not into Data necessarily or into technology or payments financial services but looking at how you communicate with a community how you communicate with a set of your end users slack and Shopify are two prime examples where the Baseline experience is delivered but extended using apis as product or for Shopify where buying experiences are tailored entirely for new sets of audiences again possible using apis as products to improve virality of products or get the the product information out there in more places the key at the end of the day for us is that apis as products provide us a way to um deliver the capabilities in a far lower cost than was possible in the past with far fewer people necessary to get the get them done and scale it up to multiple new revenue streams across the world I'd say with that we've got some time left over for questions but I'll get to that only after saying look there's a trusted tester program that we're opening as part of apogee and this is for the various generative AI based additions to uh to apogee and Google that were that we've been announcing so again one of it is cloud code or vs code extensions and there are sets of other enhancements um around plugins that are being made available too so if you're interested in that please register in The Trusted tester program thank you [Applause]
2023-12-23 18:08