The Hybrid Cloud has 100s if not 1000s of APIs in use at any time. API security therefore becomes a crucial part of any hybrid cloud environment. There are only so many ways to secure an API, we can limit its access, check the commands, encrypt the data transfer, employ API level role based access controls, ensure we use strong authentication, etc. However, it mostly boils down to depending on the API itself to be secure because while we can do many things on the front end, there is a chance that once the commands and actions reach the other end (cloud or datacenter) that the security could be suspect. So how do we implement API security within the hybrid cloud today?
There is a great debate on which hypervisor vendor works with ISVs and which do not. You have a number of ISVs working with VMware that are just now starting to work with Hyper-V. A number of ISVs that are struggling to catch up in the virtualization space. Hypervisor Vendors that are directly competing with ISVs as well as welcoming ISVs. This story is not about any of this, but about how easy is it to launch a new product for each of the hypervisors available with or without help from the hypervisor vendor. In essence, is there enough documentation, community, and code out there to be interpreted as welcoming ISVs.