April 3, 2023
7 min read

Evolving API Management Requirements of Modern Enterprises

Simon Wolfenden

The ability to rapidly assemble and reassemble APIs and microservices has become a competitive differentiator across all industries — allowing organizations to pivot business models and deliver amazing customer experiences at speed and scale. Innovative organizations are pushing to become agile and transforming by adopting cloud native technologies that allow them to build more resilient software quickly that easily scales. So it's no surprise that the ability to build and connect services has become exponentially more important in recent years.

With the move to become more agile and introduce domain-aligned product development teams, an organization's IT ecosystem becomes increasingly decentralized and complex. This typically consists of legacy and modern applications written in multiple development languages and deployed in diverse infrastructures (e.g., VMs, multi-cloud, containers, K8s).

This has raised the need to implement a modern API management and service mesh platform that can operate across cloud, hybrid, or on-prem environments to decentralize API deployments within an organization — all while providing the appropriate level of security and governance required by central IT.

Evolving operating models

We're observing the evolution and growth of operating models to create federated development teams (value streams) that have autonomy to build capabilities using their preferred development language, cloud provider, protocols, etc. These teams own the entire application lifecycle, including the APIs to support these capabilities.

In the federated model, each line of business requires its own API gateway to design, build, manage, and secure API traffic. The result is the ability to rapidly develop and release product capabilities and improve time to market.

While executives are focused on developing new applications at a faster rate, they're not willing to compromise on quality. This requires a modern central function to remove the cognitive loads of platform management and offer the guardrail to apply standards that are not so onerous as to slow down the development cadence and restrict innovation but ensure central standards are adhered to.

A key enabler of a federated model is the introduction of APIOps, which embeds governance to ensure consistency, resilience, and security into the DevOps frameworks used by engineering teams.

Federated API Management with APIOps

Federated API Deployment Model: Central team provides shared technical components, know-how, best practices, and enablement to service delivery teams

Connectivity requirements of a modern enterprise

In order to balance market demands for faster application development with quality and security, organizations increasingly require the following capabilities:

  • Ability to build and expose secure and consumable services in any development language and protocol to achieve higher developer productivity.
  • Facilitate digital ecosystems with faster partner/developer onboarding to foster an ecosystem of innovation and drive revenue through new business models.
  • A high-performance, low-compute API gateway for deployment across the entire distributed ecosystem, regardless of the infrastructure, to deliver high levels of performance and resilience.
  • End-to-end automation of the service lifecycle to achieve consistency at scale. Automating deployments isn't enough. Automating governance checks throughout the SDLC is required to achieve speed and quality of service delivery.

Why Kong?

Kong's API and service mesh platforms have been built from the ground up to address the complexities of transforming your business and implementing a federated API management model to meet the requirements of modern enterprises.

Many of the world's largest organizations are migrating to Kong from traditional API platforms to support their ongoing transformation initiatives. Organizations are relying on Kong for their mission-critical applications to reduce costs associated with operational overhead, infrastructure, and development while improving agility and time to market.

Kong's API platform and service mesh also meets IT's requirements for resilience, stability, performance, and security to ensure that sensitive data is protected and regulatory requirements are met.

A truly modern platform like Kong enables a consistent application framework across an entire API portfolio, regardless of where the APIs are hosted.

Kong has been designed for extremely high deployment flexibility specifically to support evolving operating models. We provide the option to decouple the control plane from the data planes to empower federated teams to own their own Kong gateway runtimes and manage their own APIs — while at the same time enabling a central team to implement API governance standards and apply a central framework of governance across the decentralized data planes. We have built-in product capabilities to enforce governance, which means an organization can innovate and release services quickly while maintaining the high quality that executives demand.

Kong Konnect

Kong vs. traditional API platforms

As part of their API platform modernization, many organizations are migrating to Kong from traditional API platforms based on the factors outlined below.

Automated deployment and configuration

Kong’s core functionality is similar to what you might have seen in traditional API platforms, but the key difference is the way we implement the functionality to support the requirements that modern organizations are demanding.

We support a 100% declarative approach. This provides a more predictable way to publish APIs, resulting in a smaller number of errors. This approach is extremely easy to build into your CI/CD pipelines to fully automate Kong's operations, which results in improved time to market and lower operational TCO for our customers

Deployment flexibility, performance, scale, and resilience

The entire Kong runtime footprint is about 30 MB, and Kong will run on almost any infrastructure and deliver high levels of performance.

This results in architectural freedom for our customers as they have the ability to deploy Kong in their preferred patterns to support hybrid and multi-cloud environments. This also means that you can achieve extremely high levels of performance, resilience, and scale with a significantly lower TCO than traditional API platforms.

Kong's customer Verifone is a great example of this capability. Verifone processes 46% of the world's non-cash transactions and needed an API platform to deliver the highest levels of performance, resilience, scale, and security. A failure to process a customer payment would result in irreparable brand damage and regulatory fines for the company. In a testament to Kong's importance to the company's infrastructure, Verifone stated, "The whole world economy depends on us. And now, Kong as well." Such is the criticality of their APIs.

In addition to architectural flexibility, Kong's API platform also provides best-in-class performance. The graph below depicts the results of a third-party performance benchmark comparing Kong's scale and performance with other API management products.


Kong provides over 100+ plugins out-of-the-box for functionality such as security, authentication, traffic control, transformation, and analytics — so the majority of API functional requirements are met without increasing the gateway’s footprint. However, we recognize that many organizations have unique use cases, so we provide tooling and a plugin development kit for developers to quickly and easily build their own Kong plugins.

The Kong open source community is extremely active and there are ~1,100 additional plugins that have been written by the community and are available as open source plugins.

Open source

Kong is the world's most adopted open source API gateway.

For a number of customers, lack of vendor lock-in, continuous innovation delivered by an active community, product extensibility through community plugins, the ability to attract and retain talent that is excited about using open source tools, and a seamless upgrade path to enterprise-grade functionality are all reasons that have played a major role in their selection.

Open ID Connect (OIDC)

OIDC is Kong's most popular policy. It allows fine-grained control and integration with any OIDC server to improve authentication access to critical services.

Logging and observability

Kong is built with open source principles in mind, so the entire platform’s capabilities are available via easy-to-use APIs. This makes it extremely easy to extract data from the platform into your preferred tooling for reporting/dashboarding. This means you can augment your API data with data from other sources to achieve a single pane of glass view.

Customer outcomes

Ultimately, what matters most are the benefits that customers realize when adopting Kong. These include:

  • Improved time to market through developer productivity and automation
  • Lower TCO based on reduced infrastructure costs and operational overhead
  • Efficient development process due to automation and increased flexibility of supported patterns
  • Predictable deployment of APIs and platform capabilities via declarative configuration and automation results in a better developer experience with fewer errors and more reuse
  • Better decision-making through improved observability
  • Improved resilience, performance, and scale
  • Faster onboarding time for new employees due to ease of use
  • No "noisy neighbor" implications of SaaS hosting.
  • Support modern operating models, including APIOps
  • Increased architectural flexibility


Kong provides comprehensive API lifecycle and service mesh management capabilities for organizations with cloud, on-prem, and hybrid cloud environments with multiple architecture patterns to support API management best practices and the evolution of federated development teams.

Kong's API management and service mesh platforms deliver extremely high levels of performance, scale, and resilience on a significantly lower infrastructure footprint than traditional API tools. Kong has been designed to support modern operating models and development methods that developers love to work with.

Get started today with Kong Konnect

Ready to transform your organization? Try Kong Konnect for free. It's the fastest, easiest way to deploy, secure, and manage your APIs.

Developer agility meets compliance and security. Discover how Kong can help you become an API-first company.