Show Me the APIs!
UI may be the eye candy but without the right API, we're left hungry for more.By: Mark Wood
I was talking to a customer the other day – a global organization with dozens of geographic operational centers and a sophisticated, mature security operations discipline – and he said something that captured what I've been wanting to express for a while.
"I must see five to six security technology vendors a week," he said. "I tell them all the same thing: It's not about your technology – it's about how your technology integrates with what I already have."
But Can My Customer Use It?
This is something that's bothered me for years and I'm happy to start hearing it from buyers. Trade shows are full of interesting new security startups with attractive new tools. But can my customers actually use them?
When I go to security industry tradeshows, I make a point of seeking out the newest stuff. But what happens when I walk up to a new product vendor? Invariably, the first thing I'm shown is the user interface. The UI is clean-looking with colorful pie charts and curvy trend lines, each of which, it's claimed, allows security operators to immediately pinpoint exactly what's going on and what to do about it in a way that's never been done before and that no competitor could ever hope to equal.
And maybe the product is as awesome as the vendor says — it probably does some really cool and useful stuff. I also get that your new hotness is difficult to show in any way other than via the UI, especially on a trade show floor.
And I get that UI candy pulls people into the booth.
I just don't want you to stop there. I want to see how an existing security team that has a dozen or more solutions is already going to operationalize this new tool. As a global provider of security solutions, Secureworks® encounters dozens of security tools across thousands of clients. There are millions of ways that these solutions combine to form a coherent security program and it's different at every single customer.
Four Asks for New Security Technologies
So I have a question for tech vendors: You're making some really cool stuff – how can my customers integrate your technologies to their infrastructure without changing how they operate?
- Show me how your core functionality has been surrounded by APIs. What percentage of core functionality is accessible via API? If it's less than 100%, why is that?
- Show me how you used APIs to allow your UI to access your core engine. This gives me confidence that everything I see on the screen can be done programmatically.
- Show me the third-party integrations you've already built yourself and tell me where to get them. Maybe my customers already use some of these solutions. In fact, it would be great if you could show me how your solution operates within the operational context of a tool I already use.
- Talk to me about your support program for API integration, just in case I want to integrate it myself.
A caveat here: A lot of security technology providers DO have robust programming interfaces today, so this is not meant to suggest that every new security technology has this challenge. I just don't see enough emphasis on APIs and integration when I look around. Maybe it's the venue, as trade shows tend not to bring out the best in any of us.
Still, the issue remains. Given the huge number of security solutions on the market and the endless revolving door of security startups and exits, the need to integrate isn't going away any time soon. And, today, another attractive UI may be a nice-to-have but it isn't what's going to make the world a safer place.