To cope with stricter data regulation, enterprises should look to fully open APIs
Picture this scenario as a young enterprise: You are a customer of Azure, AWS, or the Google Cloud Platform, assuming they are the frontrunners. While traveling in Russia or a European Union country on a mission to expand your business, you discover that you’re required to have data locally stored. Even worse, in the EU, you face the GDPR and have national regulatory authorities warning you how using U.S.-based clouds in the EU violates the GDPR.
This is a huge problem. No matter where you go outside the U.S., you’ll have to comply with different regulations that could ultimately prevent you from deploying your applications successfully. By using the APIs of the big players, there’s either the possibility of no connectivity or even legal risk.
How can enterprises get around this issue? This is where fully open APIs based on open source software are a great help and the technology of the future.
“Fully open” APIs contain open source software with open source operation procedures so that the technology can be reproduced and audited in any region, which resolves the geopolitical conflict mentioned above.
Fully open APIs give the end-user control on how to debug the software (which powers the API) while also potentially keeping costs down due to their scalability and a complete lack of maintenance costs compared to a closed-loop system. These closed systems are limited by their dependency on a particular platform, driving costs and other limitations on developers. Fully open APIs don’t just harness open-source software, but rather are combined with a complete description of how the infrastructure is made and how it operated – it’s an entirely open process.
Fully open APIs give any developer the same level of control and freedom in the cloud as open source brought to the software industry, with no adverse effects.
In Europe, security is becoming increasingly critical. New security qualifications, such as the French-German ESCloud Label for secure cloud computing, are examples of cooperation aimed at raising the level of cybersecurity in Europe. Any technology that extends the extraterritorial application of U.S. law could soon be banned from both government markets and processing personal data.
In many international markets, local laws regarding personal data require that the services or technologies used are free of technical components that could lead to foreign surveillance by the U.S. This creates an apparent conflict that is deeply connected to legislation, and U.S.-based companies that provide APIs are in the middle of it.
Adopting fully open APIs
To implement a fully open API, you essentially require an open process that lets third parties implement APIs independently of their original creator. For the process to be open, all the steps need to be described in such a way that a third party can reproduce them and verify that the outcome satisfies customer expectations.
Ideally, the software and hardware that implement the API should also be open source. Use of software without being able to audit its source code poses a risk of backdoor presence, which is incompatible with certain legislations for data protection. Use of hardware without being able to audit its design poses a risk of logistics attacks. Both risks are well understood by hyperscalers for their own infrastructures, which are now mainly based on open source hardware and software.