Half-a-billion users don't mean API payola

Open-source pain in transition

SANS - Survey on application security programs

Open...and Shut Open source is a great way to drive adoption of one's software, but is a generally poor way to monetize that software. The more open one's code, after all, the less compelling the need to pay for it.

Unfortunately for Twitter, Facebook, and other new-age, web service developers this same principle holds true for their open APIs: the more open they are, the more inviting they become to developers, and the less likely to lead to cash. At least, directly.

Is this a fatal flaw, or the mark of long-term foresight?

David Hansson of 37Signals fame believes it's the former, at least with regard to Facebook. Facebook has a wealth of open APIs that let its services be leveraged by a host of third-party application developers, but this hasn't, in turn, led to profitability. As Hansson writes:

[M]aybe Facebook just needs to mature, you say. If we give them just a few more years, the profit fairy might drop by and sprinkle her billions all over Facebook and its shareholders. I call fat chance.

Facebook has been around for seven years. It has 500 million users. If you can't figure out how to make money off half a billion people in seven years, I'm going to go out on a limb and say you're unlikely to ever do.

Hansson's point is a fair one, but it's unclear that Facebook has any alternative but to play the open API game. As Dan Woods makes clear in a recent Forbes article: "APIs are rapidly going to be vitally important for every business, not just the Silicon Valley technology giants." Why?

The trend toward creating and using APIs is driven by the economics of the long tail. Access to the tools of production is essentially free. Developers can create applications that serve a specific niche. Even if every application is not a home run, when you add up the traffic from thousands of them, it can be huge. Because the applications are specialized to a niche of users, they tend to be sticky.

The explosion of mobile devices and appearance of new arrivals like the iPad and other tablets also makes it impossible even for large companies to write applications for every platform for every need. "Established companies face two huge realities: more customers are moving beyond the browser to mobile and tablet apps, and budgets are getting tighter. An API gives you huge leverage at a low cost," says Chet Kapoor, CEO of Apigee, an API infrastructure company.

But that huge leverage doesn't necessarily translate into revenue. It just offers a clearer pathway to adoption.

In theory, such adoption should equate to cash, but it doesn't. Not in a one-to-one relationship, anyway. Just ask any open-source vendor. For every paying customer MySQL had millions of downloads. The same was true of JBoss, as I've detailed, and is true of every open-source company I know.

Not that I'm arguing that developers must take a vow of poverty whenever they decide to open up, be it their source code or their APIs. Far from it.

In the case of open APIs, while a developer may be trading off their ability to monetize the underlying service the API calls, they can instead package the data resulting from their APIs' adoption. Big data is big business, as IBM's acquisition of Netezza demontrates, which perhaps is more accurately stated as "analysis of big data is big business."

The data can be free all they want. The real value is in parsing it for business value.

Twitter may discover the same thing. As O'Reilly's Alistair Croll divines from Twitter's new t.co URL shorterning service, URLs may well be the new cookie, with at least one potent money-making scheme baked in:

The t.co URL shortener... might seem like a relatively small addition to the company's offering. But it's a massive power shift in the world of analytics because now Twitter can measure engagement wherever it happens, across any browser or app. And unlike other URL shorteners, Twitter can force everyone to use their service simply because they control the platform. Your URLs can be shortened (and their engagement tracked by Twitter) whether you like it or not.

Because the interested reader is forced to go to the URL shortener to map the short URL to the real one, whoever owns the shortener sees the engagement between the audience and the content, no matter where it happens. That's why URLs are the new cookies.

Twitter's API draws in a huge host of third-party developers, an army that pays Twitter nothing and, if anything, costs the company plenty as it must fund the infrastructure necessary for maintaining its service.

But because of how hard it's becoming for advertisers to track buying behavior across things like mobile apps and browsers, Twitter regains that control with its t.co URL shortening service, and thereby gives advertisers insights into the activity generated by its highly adopted, open API.

The value, in short, is not in the open API, just as the value in an open-source business is not in the source code. In the midst of an abundance of code, API calls and so on the value is in making sense of it all, whether you're Red Hat selling a stream of code updates or Facebook selling the ability to guide and predict buying behavior based on social connections.

Open APIs make the business possible. But they don't make the business. It's not enough to have an open API. You also need to determine how you're going to turn its adoption into cash. ®

Matt Asay is chief operating officer of Ubuntu commercial operation Canonical. With more than a decade spent in open source, Asay served as Alfreso's general manager for the Americas and vice president of business development, and he helped put Novell on its open-source track. Asay is an emeritus board member of the Open Source Initiative (OSI). His column, Open...and Shut, appears every Friday on The Register.

3 Big data security analytics techniques

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.