To cope with stricter data regulation, enterprises should look to fully open APIs


High angle view of many yellow padlocks on yellow background. One of them is open.
Image Credits: Javier Zayas Photography (opens in a new window) / Getty Images

Jean-Paul Smets


Jean-Paul Smets is the CEO of Rapid.Space, a hyper open cloud provider offering virtual private servers (VPS), content delivery networks (CDN) and global IPv6 (SDN).

Picture this scenario as a young enterprise: You are a customer of Azure, AWS, or the Google Cloud Platform, assuming they are the frontrunners. While traveling in Russia or a European Union country on a mission to expand your business, you discover that you’re required to have data locally stored. Even worse, in the EU, you face the GDPR and have national regulatory authorities warning you how using U.S.-based clouds in the EU violates the GDPR.

This is a huge problem. No matter where you go outside the U.S., you’ll have to comply with different regulations that could ultimately prevent you from deploying your applications successfully. By using the APIs of the big players, there’s either the possibility of no connectivity or even legal risk.

How can enterprises get around this issue? This is where fully open APIs based on open source software are a great help and the technology of the future.

“Fully open” APIs contain open source software with open source operation procedures so that the technology can be reproduced and audited in any region, which resolves the geopolitical conflict mentioned above.

Fully open APIs give the end-user control on how to debug the software (which powers the API) while also potentially keeping costs down due to their scalability and a complete lack of maintenance costs compared to a closed-loop system. These closed systems are limited by their dependency on a particular platform, driving costs and other limitations on developers. Fully open APIs don’t just harness open-source software, but rather are combined with a complete description of how the infrastructure is made and how it operated – it’s an entirely open process.

In Europe, security is becoming increasingly critical. New security qualifications, such as the French-German ESCloud Label for secure cloud computing, are examples of cooperation aimed at raising the level of cybersecurity in Europe. Any technology that extends the extraterritorial application of U.S. law could soon be banned from both government markets and processing personal data.

In many international markets, local laws regarding personal data require that the services or technologies used are free of technical components that could lead to foreign surveillance by the U.S. This creates an apparent conflict that is deeply connected to legislation, and U.S.-based companies that provide APIs are in the middle of it.

Adopting fully open APIs

To implement a fully open API, you essentially require an open process that lets third parties implement APIs independently of their original creator. For the process to be open, all the steps need to be described in such a way that a third party can reproduce them and verify that the outcome satisfies customer expectations.

Ideally, the software and hardware that implement the API should also be open source. Use of software without being able to audit its source code poses a risk of backdoor presence, which is incompatible with certain legislations for data protection. Use of hardware without being able to audit its design poses a risk of logistics attacks. Both risks are well understood by hyperscalers for their own infrastructures, which are now mainly based on open source hardware and software.

Enterprises should adopt the same attitude as hyperscalers when selecting an API. They should ask their API vendor: “Can you provide us with the detailed process, software, and hardware to implement this API by ourselves on a network without Internet access?”

If the vendor says “Yes,” it’s safe to assume this is a “fully open” API and you can use it without risk. Just make sure the API subscription agreement includes reversibility provisions with prices so that you can later access the process, software, and hardware to implement the API yourself.

If the vendor refuses, though, it will mostly be illegal to use the API in many regions globally, unless they already have independent, local partners to implement it in every region.

In Europe, ten cloud providers are offering governments to license their APIs – software, hardware, and processes. OVHCloud, which previously acquired VMWare vCloud, announced that it would make its cloud platform and APIs open source.

Rapid.Space has produced a step-by-step tutorial on installing open source networking APIs for the Accton Operating System on the Edgecore AS5812 switch. Many companies related to the open source community are ready to provide or develop fully open APIs at a very reasonable cost.

If your API vendor is adamant on refusing to let you maintain the API yourself, try explaining that you are not requesting to make its technology open source but only to license it. If they still refuse, then do as hyperscalers do – develop or sponsor the development of an open source software for a fully open API. This could even get you a tax break.

Why fully open APIs are the answer

We have already seen the implementation of document storage APIs used by the /e/ Foundation as an alternative to Google Drive. They provide the service, the source code, and the corresponding steps for installation so that anybody can reinstall it anywhere in the world despite any geo-restrictions in place.

Taking it a step further, enterprises that want to create a content delivery network (CDN) or implement their own instant messaging can look beyond Cloudflare or Whatsapp, which are restricted in various countries. Delta.Chat enables end-to-end encrypted instant messaging everywhere, even in North Korea, based on the standard Incoming Mail (IMAP) and Outgoing Mail (SMTP) server APIs.

Both APIs, widely available and already used by Gmail, can be replicated with open source software called Dovecot and Postfix. Nexedi’s SlapOS operation management software includes a cloud-native, open-source CDN that can be self-deployed everywhere, including in China. Again, these two solutions quell the problems created by data access being blocked in a particular country.

How secure is open source software?

Those considering switching cloud providers know that security is a priority concern – customers will make buying choices based on the reputation for confidentiality, integrity, and resilience, and the security services offered by a provider, more so than in traditional environments.

The development of fully open APIs marks a clear point of transformation regarding business behavior with data. The common wisdom used to be that organizations need to do everything in their power to hold data on their premises. This has evolved into enforcing trust through contracts and policy compliance with facility management and cloud. However, to take advantage of the sharing of tools and data through a “plug-and-play” model, it’s crucial to use fully open APIs.

In the case of clouds powered by proprietary software, the customer has no hope of discovering backdoors, because they have no access to the source code. They just have to trust the supplier without any way to verify what they are doing.

Open source projects at the core of fully open APIs are less likely to include bugs and security vulnerabilities than closed source clouds, because closed source clouds tend to have much longer release cycles for some of their software, so vulnerabilities will take longer to resolve. Many open source projects have hundreds or thousands of contributors who can review any problems almost immediately.

Beyond fully open APIs, open processes

Fully open APIs give any developer the same level of control and freedom in the cloud as open source brought to the software industry, with no adverse effects. They present an opportunity for greater innovation to customers, partners, and vendors in ways that we may not have already considered for APIs.

Creating a fully open API that the external end-user can integrate into their application and customize removes any barriers. With data regulations imposed by governments worldwide continuing to tighten, cloud computing isn’t far from hitting a wall, and embracing a completely open process for cloud-based on open source software could well prove to be the answer.

More TechCrunch

After Apple loosened its App Store guidelines to permit game emulators, the retro game emulator Delta — an app 10 years in the making — hit the top of the…

Adobe comes after indie game emulator Delta for copying its logo

Meta is once again taking on its competitors by developing a feature that borrows concepts from others — in this case, BeReal and Snapchat. The company is developing a feature…

Meta’s latest experiment borrows from BeReal’s and Snapchat’s core ideas

Welcome to Startups Weekly! We’ve been drowning in AI news this week, with Google’s I/O setting the pace. And Elon Musk rages against the machine.

Startups Weekly: It’s the dawning of the age of AI — plus,  Musk is raging against the machine

IndieBio’s Bay Area incubator is about to debut its 15th cohort of biotech startups. We took special note of a few, which were making some major, bordering on ludicrous, claims…

IndieBio’s SF incubator lineup is making some wild biotech promises

YouTube TV has announced that its multiview feature for watching four streams at once is now available on Android phones and tablets. The Android launch comes two months after YouTube…

YouTube TV’s ‘multiview’ feature is now available on Android phones and tablets

Featured Article

Two Santa Cruz students uncover security bug that could let millions do their laundry for free

CSC ServiceWorks provides laundry machines to thousands of residential homes and universities, but the company ignored requests to fix a security bug.

10 hours ago
Two Santa Cruz students uncover security bug that could let millions do their laundry for free

OpenAI’s Superalignment team, responsible for developing ways to govern and steer “superintelligent” AI systems, was promised 20% of the company’s compute resources, according to a person from that team. But…

OpenAI created a team to control ‘superintelligent’ AI — then let it wither, source says

TechCrunch Disrupt 2024 is just around the corner, and the buzz is palpable. But what if we told you there’s a chance for you to not just attend, but also…

Harness the TechCrunch Effect: Host a Side Event at Disrupt 2024

Decks are all about telling a compelling story and Goodcarbon does a good job on that front. But there’s important information missing too.

Pitch Deck Teardown: Goodcarbon’s $5.5M seed deck

Slack is making it difficult for its customers if they want the company to stop using its data for model training.

Slack under attack over sneaky AI training policy

A Texas-based company that provides health insurance and benefit plans disclosed a data breach affecting almost 2.5 million people, some of whom had their Social Security number stolen. WebTPA said…

Healthcare company WebTPA discloses breach affecting 2.5 million people

Featured Article

Microsoft dodges UK antitrust scrutiny over its Mistral AI stake

Microsoft won’t be facing antitrust scrutiny in the U.K. over its recent investment into French AI startup Mistral AI.

12 hours ago
Microsoft dodges UK antitrust scrutiny over its Mistral AI stake

Ember has partnered with HSBC in the U.K. so that the bank’s business customers can access Ember’s services from their online accounts.

Embedded finance is still trendy as accounting automation startup Ember partners with HSBC UK

Kudos uses AI to figure out consumer spending habits so it can then provide more personalized financial advice, like maximizing rewards and utilizing credit effectively.

Kudos lands $10M for an AI smart wallet that picks the best credit card for purchases

The EU’s warning comes after Microsoft failed to respond to a legally binding request for information that focused on its generative AI tools.

EU warns Microsoft it could be fined billions over missing GenAI risk info

The prospects for troubled banking-as-a-service startup Synapse have gone from bad to worse this week after a United States Trustee filed an emergency motion on Wednesday.  The trustee is asking…

A US Trustee wants troubled fintech Synapse to be liquidated via Chapter 7 bankruptcy, cites ‘gross mismanagement’

U.K.-based Seraphim Space is spinning up its 13th accelerator program, with nine participating companies working on a range of tech from propulsion to in-space manufacturing and space situational awareness. The…

Seraphim’s latest space accelerator welcomes nine companies

OpenAI has reached a deal with Reddit to use the social news site’s data for training AI models. In a blog post on OpenAI’s press relations site, the company said…

OpenAI inks deal to train AI on Reddit data

X users will now be able to discover posts from new Communities that are trending directly from an Explore tab within the section.

X pushes more users to Communities

For Mark Zuckerberg’s 40th birthday, his wife got him a photoshoot. Zuckerberg gives the camera a sly smile as he sits amid a carefully crafted re-creation of his childhood bedroom.…

Mark Zuckerberg’s makeover: Midlife crisis or carefully crafted rebrand?

Strava announced a slew of features, including AI to weed out leaderboard cheats, a new ‘family’ subscription plan, dark mode and more.

Strava taps AI to weed out leaderboard cheats, unveils ‘family’ plan, dark mode and more

We all fall down sometimes. Astronauts are no exception. You need to be in peak physical condition for space travel, but bulky space suits and lower gravity levels can be…

Astronauts fall over. Robotic limbs can help them back up.

Microsoft will launch its custom Cobalt 100 chips to customers as a public preview at its Build conference next week, TechCrunch has learned. In an analyst briefing ahead of Build,…

Microsoft’s custom Cobalt chips will come to Azure next week

What a wild week for transportation news! It was a smorgasbord of news that seemed to touch every sector and theme in transportation.

Tesla keeps cutting jobs and the feds probe Waymo

Sony Music Group has sent letters to more than 700 tech companies and music streaming services to warn them not to use its music to train AI without explicit permission.…

Sony Music warns tech companies over ‘unauthorized’ use of its content to train AI

Winston Chi, Butter’s founder and CEO, told TechCrunch that “most parties, including our investors and us, are making money” from the exit.

GrubMarket buys Butter to give its food distribution tech an AI boost

The investor lawsuit is related to Bolt securing a $30 million personal loan to Ryan Breslow, which was later defaulted on.

Bolt founder Ryan Breslow wants to settle an investor lawsuit by returning $37 million worth of shares

Meta, the parent company of Facebook, launched an enterprise version of the prominent social network in 2015. It always seemed like a stretch for a company built on a consumer…

With the end of Workplace, it’s fair to wonder if Meta was ever serious about the enterprise

X, formerly Twitter, turned TweetDeck into X Pro and pushed it behind a paywall. But there is a new column-based social media tool in town, and it’s from Instagram Threads.…

Meta Threads is testing pinned columns on the web, similar to the old TweetDeck

As part of 2024’s Accessibility Awareness Day, Google is showing off some updates to Android that should be useful to folks with mobility or vision impairments. Project Gameface allows gamers…

Google expands hands-free and eyes-free interfaces on Android