While doing interviews for my report, Centralized API Governance Considered Harmful, one interviewee was surprised that I wanted to discuss governance because many of their clients view it as a curse. I’ve had clients ask for presentations but been warned not to utter the words “API governance.” I’ve heard some say that, yes, they do governance and they do it well, but they call it something else, since the word “governance” has too much political baggage from past failures. API governance has become that which must not be named, though in the evil wizard sense rather than the ineffable sense.
The reason for this is clear: Governance often centralizes into a team that becomes the enterprise bottleneck. It is not tailored to the needs of each individual API, resulting in a one-size-fits-all model that overgoverns most APIs. Unfortunately, when organizations overpivot and respond by throwing away governance, this leads to failure: A plethora of APIs largely doing the same thing sprout up like weeds in an unattended garden.
API Governance Is Not The Problem
The problem isn’t API governance. Rather, centralized governance is the problem. A centralized API governance program may work just fine in the earliest stages of an API program, but it does not scale. Successful governance must be federated. This does not mean no centralization at all. Rather, some concerns remain centralized, but delivery teams take much of the responsibility.
Federated governance means shifting the mindset from command-and-control to empowering teams to make better decisions. This employs guardrails and leverages automation to enforce consistency across teams. It means creating a culture of trust and accountability for delivery teams to enforce much of the governance. And it means creating golden paths or paved roads to make it easier for delivery teams to make the right, safe decision than to go outside the guardrails.
A federated model, though, does have the challenge of information sharing. How do you ensure consistency? How does the team creating governance guardrails know its guidance is working? What is the means for teams to share its experiences with other teams? With centralized governance, the central review board has conversations with every API delivery effort and addresses the questions there.
Federated Governance Works
As APIs become the heart of business strategy, then ungoverned APIs means ungoverned business strategy. You need API governance, though by all means, use some other word to name it if that gets buy-in! When organizations embrace effective, efficient, federated governance, Forrester has seen API delivery increase its pace. Yes, you read that correctly: Governance done correctly will improve delivery, not slow it down! So if your organization is complaining that governance makes APIs too slow, it is time to reevaluate how you do governance. Learn more by reading Forrester’s report, Centralized API Governance Considered Harmful.