The Death of Custom APIs: Microsoft Refine (Rayfin) as a Backend as a Service (BaaS)

1
00:00:00,000 --> 00:00:02,000
Your front end is finished, shipped.

2
00:00:02,000 --> 00:00:04,520
You used an AI agent to build the entire interface

3
00:00:04,520 --> 00:00:07,520
in a single afternoon, and the result is actually impressive.

4
00:00:07,520 --> 00:00:10,040
The UX is clean, the features work, and your team

5
00:00:10,040 --> 00:00:12,040
is ready to push the whole thing live.

6
00:00:12,040 --> 00:00:13,240
Then you hit the wall.

7
00:00:13,240 --> 00:00:15,240
You realize you don't actually have a back end.

8
00:00:15,240 --> 00:00:16,640
Not a real one, anyway.

9
00:00:16,640 --> 00:00:18,360
You have a database sitting somewhere.

10
00:00:18,360 --> 00:00:20,280
You might have a few cloud services scattered

11
00:00:20,280 --> 00:00:21,760
across different subscriptions.

12
00:00:21,760 --> 00:00:23,160
You probably have some authentication you

13
00:00:23,160 --> 00:00:25,400
bolted on at the last minute, along with a few API

14
00:00:25,400 --> 00:00:27,040
endpoints that don't quite fit together.

15
00:00:27,040 --> 00:00:29,040
Now you're looking at weeks or months of plumbing

16
00:00:29,040 --> 00:00:30,920
just to get these systems talking to each other

17
00:00:30,920 --> 00:00:33,160
before you can even think about production.

18
00:00:33,160 --> 00:00:34,520
This is the middleware crisis.

19
00:00:34,520 --> 00:00:35,880
It isn't a new problem, but it's

20
00:00:35,880 --> 00:00:37,840
about to kill your ability to move fast.

21
00:00:37,840 --> 00:00:40,000
Custom APIs have become the primary bottleneck

22
00:00:40,000 --> 00:00:42,080
in modern application development today.

23
00:00:42,080 --> 00:00:45,040
The issue isn't the code or the design or even the deployment.

24
00:00:45,040 --> 00:00:46,240
The problem is the back end.

25
00:00:46,240 --> 00:00:47,560
It's the glue and the infrastructure

26
00:00:47,560 --> 00:00:50,600
that nobody wants to own, yet everyone is forced to live with.

27
00:00:50,600 --> 00:00:52,880
Most organizations are currently drowning in fragmented

28
00:00:52,880 --> 00:00:54,560
middleware that they can't maintain,

29
00:00:54,560 --> 00:00:56,000
and don't fully understand.

30
00:00:56,000 --> 00:00:58,040
The real danger here isn't just a lack of speed.

31
00:00:58,040 --> 00:01:00,760
It's the crushing weight of governance and technical debt.

32
00:01:00,760 --> 00:01:03,560
This episode reframes the back end problem entirely

33
00:01:03,560 --> 00:01:06,040
and introduces the structural replacement you actually need.

34
00:01:06,040 --> 00:01:08,680
Subscribe to the M365 FM podcast for insights

35
00:01:08,680 --> 00:01:10,680
on Microsoft 365, Copilot Azure,

36
00:01:10,680 --> 00:01:12,880
and how the modern workplace actually works.

37
00:01:12,880 --> 00:01:15,520
Why custom APIs became a liability?

38
00:01:15,520 --> 00:01:18,040
You built your first custom API because you had to.

39
00:01:18,040 --> 00:01:20,360
Your data didn't fit into a standard service,

40
00:01:20,360 --> 00:01:23,320
and you needed something specific, so you coded it yourself.

41
00:01:23,320 --> 00:01:25,080
It made perfect sense at the time.

42
00:01:25,080 --> 00:01:27,440
Then you built another one, and then another.

43
00:01:27,440 --> 00:01:29,440
Each new API solved a different problem

44
00:01:29,440 --> 00:01:31,160
and connected to different data.

45
00:01:31,160 --> 00:01:34,120
Each one had different consumers, requirements, and constraints.

46
00:01:34,120 --> 00:01:37,160
Before long, you were managing 15 custom APIs,

47
00:01:37,160 --> 00:01:39,800
and none of them talked to each other the way they were supposed to.

48
00:01:39,800 --> 00:01:41,400
The assumption that custom coded middleware

49
00:01:41,400 --> 00:01:43,360
provides flexibility is broken.

50
00:01:43,360 --> 00:01:46,040
It looks flexible at the start because you can do whatever you want,

51
00:01:46,040 --> 00:01:49,400
but flexibility without structure eventually creates sprawl.

52
00:01:49,400 --> 00:01:51,160
That sprawl becomes unsustainable.

53
00:01:51,160 --> 00:01:53,440
Here is what actually happened in your organization.

54
00:01:53,440 --> 00:01:56,160
You built separate APIs for every single integration point

55
00:01:56,160 --> 00:01:57,760
because every request was urgent,

56
00:01:57,760 --> 00:01:59,880
and every team needed a solution yesterday.

57
00:01:59,880 --> 00:02:01,920
Instead of designing one coherent backend,

58
00:02:01,920 --> 00:02:03,920
you created a series of point solutions.

59
00:02:03,920 --> 00:02:05,840
You ended up with separate databases,

60
00:02:05,840 --> 00:02:09,840
separate auth mechanisms, and separate monitoring strategies for everything.

61
00:02:09,840 --> 00:02:13,920
Now imagine multiplying that mess across dozens of teams over the last five years.

62
00:02:13,920 --> 00:02:17,320
Every custom API you own requires its own authentication,

63
00:02:17,320 --> 00:02:20,080
its own monitoring, and its own versioning strategy.

64
00:02:20,080 --> 00:02:21,560
You didn't choose this complexity,

65
00:02:21,560 --> 00:02:24,520
but the structure of your development process forced it on you.

66
00:02:24,520 --> 00:02:28,360
If your first API uses OAuth and your second uses API keys,

67
00:02:28,360 --> 00:02:30,080
you haven't gained flexibility.

68
00:02:30,080 --> 00:02:31,560
You have created inconsistency,

69
00:02:31,560 --> 00:02:34,880
and that inconsistency is a massive security liability.

70
00:02:34,880 --> 00:02:36,760
Think about the actual cost of this approach.

71
00:02:36,760 --> 00:02:38,520
Every time you add a custom API,

72
00:02:38,520 --> 00:02:41,520
you are adding a new surface to patch and a new system to monitor.

73
00:02:41,520 --> 00:02:43,400
Every time you deploy a single API,

74
00:02:43,400 --> 00:02:46,000
you have to check if it breaks the five others that depend on it.

75
00:02:46,000 --> 00:02:48,360
When compliance asks for an audit trail,

76
00:02:48,360 --> 00:02:51,200
you find yourself hunting through 15 different logging systems

77
00:02:51,200 --> 00:02:52,720
just to find one answer.

78
00:02:52,720 --> 00:02:54,720
Technical debt accumulates invisibly

79
00:02:54,720 --> 00:02:56,640
while everything seems to be working fine.

80
00:02:56,640 --> 00:02:59,240
For years, the APIs are fast and reliable,

81
00:02:59,240 --> 00:03:01,640
and nobody complains about the underlying structure.

82
00:03:01,640 --> 00:03:05,560
Then one day you need to change how authentication works across the entire platform,

83
00:03:05,560 --> 00:03:07,720
or you need to enforce a new data policy.

84
00:03:07,720 --> 00:03:11,640
You suddenly discover that two APIs are serving the same data in different formats,

85
00:03:11,640 --> 00:03:15,200
and they have drifted so far apart that reconciling them is now impossible.

86
00:03:15,200 --> 00:03:17,440
Now a single change takes months to complete.

87
00:03:17,440 --> 00:03:20,040
You are stuck coordinating across multiple teams,

88
00:03:20,040 --> 00:03:23,680
and negotiating API contracts while trying to manage backward compatibility

89
00:03:23,680 --> 00:03:26,520
for systems that were never designed to evolve together.

90
00:03:26,520 --> 00:03:29,040
The real cost of your backend isn't the initial build.

91
00:03:29,040 --> 00:03:31,320
It is the maintenance burden that grows silently

92
00:03:31,320 --> 00:03:34,920
until you are spending half your engineering capacity just to keep the lights on.

93
00:03:34,920 --> 00:03:36,800
Custom APIs fragment your security model

94
00:03:36,800 --> 00:03:40,240
by scattering eighth encryption and access control across different places.

95
00:03:40,240 --> 00:03:43,840
Zero trust becomes impossible when you can't even define where your perimeter is.

96
00:03:43,840 --> 00:03:45,880
Your data flows through 15 different systems

97
00:03:45,880 --> 00:03:47,480
with 15 different security policies,

98
00:03:47,480 --> 00:03:49,800
some of which you wrote and some you forgot about years ago.

99
00:03:49,800 --> 00:03:52,440
This is why custom APIs became a liability.

100
00:03:52,440 --> 00:03:54,080
They solved problems in isolation,

101
00:03:54,080 --> 00:03:55,360
but in the modern workplace,

102
00:03:55,360 --> 00:03:58,600
isolation is the most expensive mistake you can make.

103
00:03:58,600 --> 00:04:00,720
The architecture problem nobody talks about.

104
00:04:00,720 --> 00:04:03,160
The real issue isn't that you have too many custom APIs,

105
00:04:03,160 --> 00:04:05,720
because the actual problem sits much deeper than that.

106
00:04:05,720 --> 00:04:07,800
It is architectural.

107
00:04:07,800 --> 00:04:10,720
Traditional backends are built on layers where data lives in one place,

108
00:04:10,720 --> 00:04:12,360
business logic lives in another,

109
00:04:12,360 --> 00:04:14,680
and governance sits somewhere else entirely.

110
00:04:14,680 --> 00:04:17,160
Maybe your stack has three layers or maybe it has five,

111
00:04:17,160 --> 00:04:21,000
but the fact that they are separate is the root cause of everything that is currently broken.

112
00:04:21,000 --> 00:04:24,000
Every time you separate a concern, you create a boundary,

113
00:04:24,000 --> 00:04:25,600
and at every one of those boundaries,

114
00:04:25,600 --> 00:04:28,120
you need translation logic to keep things moving.

115
00:04:28,120 --> 00:04:30,360
You have to move data from one layer to another

116
00:04:30,360 --> 00:04:32,760
while enforcing rules at each crossing point,

117
00:04:32,760 --> 00:04:35,600
and then you have to log what happened and secure the connection.

118
00:04:35,600 --> 00:04:38,600
That translation logic, the messy glue code between layers,

119
00:04:38,600 --> 00:04:41,680
is exactly where complexity starts to metastasize.

120
00:04:41,680 --> 00:04:44,600
Your database has no idea what your security policies are,

121
00:04:44,600 --> 00:04:47,880
and your API doesn't know anything about your data quality standards.

122
00:04:47,880 --> 00:04:51,360
Your authentication layer is completely unaware of which specific fields

123
00:04:51,360 --> 00:04:52,960
should be masked for which users,

124
00:04:52,960 --> 00:04:56,200
so you end up writing custom code just to bolt these pieces together.

125
00:04:56,200 --> 00:04:58,840
You add middleware, you add validation, and you add transformation,

126
00:04:58,840 --> 00:05:02,720
but none of these individual pieces were ever designed to work together from the start.

127
00:05:02,720 --> 00:05:05,800
Now consider what actually happens when you try to build for a modern enterprise.

128
00:05:05,800 --> 00:05:09,800
Power Platform apps need a different back-end shape than co-pilot integrations,

129
00:05:09,800 --> 00:05:13,560
and those co-pilot integrations need different tool contracts than your AI agents.

130
00:05:13,560 --> 00:05:17,440
Because a mobile app requires different API patterns than a data pipeline,

131
00:05:17,440 --> 00:05:19,640
you end up with multiple custom APIs,

132
00:05:19,640 --> 00:05:22,360
all talking to the same data in completely different ways,

133
00:05:22,360 --> 00:05:24,320
instead of having one coherent back-end.

134
00:05:24,320 --> 00:05:27,320
This creates a consistency nightmare for everyone involved.

135
00:05:27,320 --> 00:05:29,800
Your data has one definition in the database,

136
00:05:29,800 --> 00:05:32,360
but then it gets transformed by your first custom API

137
00:05:32,360 --> 00:05:34,320
before being changed again by your second one.

138
00:05:34,320 --> 00:05:37,440
By the time that information reaches your third integration point,

139
00:05:37,440 --> 00:05:40,520
you are no longer sure which version is actually the source of truth.

140
00:05:40,520 --> 00:05:44,200
Your team spend their time arguing about whose transformation is correct,

141
00:05:44,200 --> 00:05:47,240
and your audit logs show different values for the same field,

142
00:05:47,240 --> 00:05:49,400
depending on which API was used.

143
00:05:49,400 --> 00:05:51,600
The moment compliance requirements enter the picture,

144
00:05:51,600 --> 00:05:53,400
the entire architecture collapses.

145
00:05:53,400 --> 00:05:57,560
Your first five custom APIs were likely built without anyone thinking about data classification

146
00:05:57,560 --> 00:05:59,640
because they worked fine for simple internal tools.

147
00:05:59,640 --> 00:06:02,000
Then suddenly you need to enforce sensitivity labels,

148
00:06:02,000 --> 00:06:05,240
or you need to implement column-level masking for certain user roles

149
00:06:05,240 --> 00:06:08,640
to prove that nobody accessed PII without authorization.

150
00:06:08,640 --> 00:06:12,280
Now you are stuck retrofitting every single custom API you've ever built.

151
00:06:12,280 --> 00:06:15,080
You are adding access control logic to each one separately

152
00:06:15,080 --> 00:06:17,600
and implementing the same policy five different ways,

153
00:06:17,600 --> 00:06:19,200
which is a recipe for disaster.

154
00:06:19,200 --> 00:06:21,440
If you discover a bug in your masking logic,

155
00:06:21,440 --> 00:06:24,480
you have to go back and patch it in every custom API independently.

156
00:06:24,480 --> 00:06:27,680
This isn't scaling, it is just chaos with version control.

157
00:06:27,680 --> 00:06:30,800
The deepest problem here is the total absence of a single control plane.

158
00:06:30,800 --> 00:06:34,640
With traditional custom APIs, your governance is scattered across the landscape.

159
00:06:34,640 --> 00:06:37,520
Authentication might be enforced at the API gateway,

160
00:06:37,520 --> 00:06:39,560
while data access control lives in the database

161
00:06:39,560 --> 00:06:42,000
and audit logging happens in three different systems.

162
00:06:42,000 --> 00:06:44,960
Compliance then requires your team to trace through all of them

163
00:06:44,960 --> 00:06:48,800
just to answer a simple question about who accessed specific data and when.

164
00:06:48,800 --> 00:06:53,080
There is no unified view and no single place where you can define the rules

165
00:06:53,080 --> 00:06:55,160
for how data flows through your organization.

166
00:06:55,160 --> 00:06:58,320
You lack a central spot to monitor whether those rules are being followed

167
00:06:58,320 --> 00:07:01,240
or a single lever to enforce them when things go wrong.

168
00:07:01,240 --> 00:07:05,640
Instead you are left with 15 custom APIs that have 15 separate governance models

169
00:07:05,640 --> 00:07:07,560
and 15 separate security assumptions.

170
00:07:07,560 --> 00:07:11,560
You have 15 separate audit trails and 15 separate ways for the system to fail.

171
00:07:11,560 --> 00:07:15,240
This isn't a problem you can solve by simply building better custom APIs

172
00:07:15,240 --> 00:07:18,160
because you cannot engineer your way out of a structural floor.

173
00:07:18,160 --> 00:07:20,440
The architecture itself has become the constraint.

174
00:07:20,440 --> 00:07:22,680
You have separated the concerns so thoroughly

175
00:07:22,680 --> 00:07:26,360
that they are now impossible to govern as a single coherent system.

176
00:07:26,360 --> 00:07:28,680
That is the architecture problem nobody talks about

177
00:07:28,680 --> 00:07:32,040
and it is exactly the problem Reifen was designed to solve.

178
00:07:32,040 --> 00:07:33,840
The agentic AI catalyst.

179
00:07:33,840 --> 00:07:37,640
Everything we have talked about so far, the sprawl, the governance nightmares

180
00:07:37,640 --> 00:07:40,440
and the technical debt has been manageable up until now.

181
00:07:40,440 --> 00:07:44,760
It was painful but organization survived for years with fragmented custom APIs

182
00:07:44,760 --> 00:07:48,240
because humans were the ones orchestrating most of the work.

183
00:07:48,240 --> 00:07:51,880
In the old model a human reads a ticket and decides what to do next.

184
00:07:51,880 --> 00:07:54,240
That person calls the right API in the right order

185
00:07:54,240 --> 00:07:57,160
and handles the edge cases whenever something goes wrong.

186
00:07:57,160 --> 00:08:00,120
Then you introduce an agent, an AI agent does not work that way.

187
00:08:00,120 --> 00:08:03,640
It doesn't read a ticket and then wait around for a human to decide on the next step.

188
00:08:03,640 --> 00:08:07,240
It plans a whole sequence of actions calls multiple APIs in parallel

189
00:08:07,240 --> 00:08:09,640
and adapts its behavior based on the results it gets back.

190
00:08:09,640 --> 00:08:13,840
It makes decisions autonomously and does all of this with minimal human intervention.

191
00:08:13,840 --> 00:08:16,840
This is where your custom API is hit a wall they were never designed to cross.

192
00:08:16,840 --> 00:08:19,040
Custom APIs were built for human-paced interaction

193
00:08:19,040 --> 00:08:21,440
where a request comes in and a response goes out.

194
00:08:21,440 --> 00:08:24,040
There might be some basic retrying logic if a connection fails

195
00:08:24,040 --> 00:08:26,240
but the fundamental assumption is synchronous.

196
00:08:26,240 --> 00:08:29,240
The system expects one human, one request and one response,

197
00:08:29,240 --> 00:08:33,240
assuming that if something goes wrong, a person will eventually notice and fix it.

198
00:08:33,240 --> 00:08:35,640
Agents operate at a different cadence entirely.

199
00:08:35,640 --> 00:08:39,240
They orchestrate complex tool calls and maintain state across multiple steps

200
00:08:39,240 --> 00:08:43,040
which means they need to know which operations are safe to repeat and which ones are not.

201
00:08:43,040 --> 00:08:46,040
They need to handle failures gracefully without losing their context

202
00:08:46,040 --> 00:08:49,440
and they require clear guardrails regarding what they are allowed to do.

203
00:08:49,440 --> 00:08:52,440
None of you existing custom APIs were designed with this in mind.

204
00:08:52,440 --> 00:08:56,040
You don't have an API that manages agent state across session boundaries

205
00:08:56,040 --> 00:08:58,440
or one that knows if an operation is safe to retry.

206
00:08:58,440 --> 00:09:00,440
There is no API enforcing guardrails

207
00:09:00,440 --> 00:09:04,840
and certainly no API designed to be called by an autonomous system making its own decisions.

208
00:09:04,840 --> 00:09:06,040
So what happens next?

209
00:09:06,040 --> 00:09:10,040
Your organization starts building agent applications using the custom APIs you already have

210
00:09:10,040 --> 00:09:11,840
and it usually works for about two weeks.

211
00:09:11,840 --> 00:09:14,240
Then the agent does something unexpected and makes a decision

212
00:09:14,240 --> 00:09:15,840
your APIs didn't account for.

213
00:09:15,840 --> 00:09:18,440
It calls an API in a sequence that was never tested

214
00:09:18,440 --> 00:09:22,240
or it hits an edge case that causes cascading failures across your entire infrastructure.

215
00:09:22,240 --> 00:09:26,040
Now you are back to retrofitting custom APIs just to make them agent safe.

216
00:09:26,040 --> 00:09:27,640
You are adding transaction support,

217
00:09:27,640 --> 00:09:31,040
rollback logic and audit trails for every single decision an agent makes.

218
00:09:31,040 --> 00:09:34,440
You are adding rate limiting so these agents don't overwhelm your systems

219
00:09:34,440 --> 00:09:38,840
and you're adding validation at every step to catch an agent trying to do something it shouldn't.

220
00:09:38,840 --> 00:09:41,240
The agents require fast iteration to be effective.

221
00:09:41,240 --> 00:09:43,840
Your team ships an agent, it fails in production

222
00:09:43,840 --> 00:09:47,440
and you need to understand what went wrong so you can fix it and redeploy within hours.

223
00:09:47,440 --> 00:09:50,040
With custom APIs this process is incredibly painful

224
00:09:50,040 --> 00:09:52,640
because you are coordinating fixes across multiple systems

225
00:09:52,640 --> 00:09:55,040
while worrying about breaking existing consumers.

226
00:09:55,040 --> 00:09:59,240
The gap between a prototype and a production ready app has widened instead of narrowing.

227
00:09:59,240 --> 00:10:02,040
Early on this gap was maybe two weeks to build a quick prototype

228
00:10:02,040 --> 00:10:03,440
and clean it up for deployment.

229
00:10:03,440 --> 00:10:06,840
Now for agentic applications that gap has stretched into months

230
00:10:06,840 --> 00:10:10,240
because your custom API infrastructure wasn't designed for autonomous systems.

231
00:10:10,240 --> 00:10:14,240
It was designed for human-paced request response workflows that just can't keep up.

232
00:10:14,240 --> 00:10:17,640
Organizations trying to deploy serious agentic applications

233
00:10:17,640 --> 00:10:19,840
hit this middleware wall immediately.

234
00:10:19,840 --> 00:10:22,840
They either spend months retrofitting their legacy custom APIs

235
00:10:22,840 --> 00:10:27,040
or they simply accept that agentic automation isn't viable at scale for their business.

236
00:10:27,040 --> 00:10:29,040
This gap is forcing a reckoning.

237
00:10:29,040 --> 00:10:30,840
Organizations have to make a choice.

238
00:10:30,840 --> 00:10:34,840
Either completely redesign the back-end layer to support autonomous decision-making

239
00:10:34,840 --> 00:10:37,640
or abandon the promise of agentic automation entirely.

240
00:10:37,640 --> 00:10:39,440
There is no middle ground anymore.

241
00:10:39,440 --> 00:10:42,040
What Refin actually is, not what you think.

242
00:10:42,040 --> 00:10:47,040
Most people get this wrong immediately because their brains try to shove Refin into a category they already know.

243
00:10:47,040 --> 00:10:49,640
You might be wondering if it is a low-code tool

244
00:10:49,640 --> 00:10:54,240
where you drag components onto a screen or maybe a managed database service like PostgreSQL

245
00:10:54,240 --> 00:10:56,040
where someone else handles the operations.

246
00:10:56,040 --> 00:10:59,640
You might think it is an API gateway or just another back-end framework

247
00:10:59,640 --> 00:11:00,840
but it is none of those things.

248
00:11:00,840 --> 00:11:03,240
And the moment you try to fit it into one of those boxes,

249
00:11:03,240 --> 00:11:05,440
you lose sight of what makes it actually different.

250
00:11:05,440 --> 00:11:09,840
Refin is a back-end definition framework which is the simplest way to describe what it does.

251
00:11:09,840 --> 00:11:12,240
It is an open-source SDK and CLI

252
00:11:12,240 --> 00:11:15,040
that allows you to describe your entire back-end in code

253
00:11:15,040 --> 00:11:18,440
rather than clicking through a UI or picking from a list of templates.

254
00:11:18,440 --> 00:11:21,240
You are essentially writing your application back-end as code

255
00:11:21,240 --> 00:11:23,640
much like you would write infrastructure as code

256
00:11:23,640 --> 00:11:25,840
to ensure everything is precise and repeatable.

257
00:11:25,840 --> 00:11:27,640
To understand what that means concretely,

258
00:11:27,640 --> 00:11:29,840
think about how you define your data models.

259
00:11:29,840 --> 00:11:32,040
You describe exactly what tables exist,

260
00:11:32,040 --> 00:11:35,640
which fields they contain and how those tables relate to one another.

261
00:11:35,640 --> 00:11:38,440
You define your APIs by specifying which endpoints exist,

262
00:11:38,440 --> 00:11:40,240
what data they expect to receive,

263
00:11:40,240 --> 00:11:42,440
and exactly what they should return to the user.

264
00:11:42,440 --> 00:11:46,640
You handle authentication by defining whether you need OAuth or API keys

265
00:11:46,640 --> 00:11:49,840
and you specify your storage needs for things like file uploads

266
00:11:49,840 --> 00:11:51,840
or blob storage directly in the code.

267
00:11:51,840 --> 00:11:54,040
You even define your access policies to determine

268
00:11:54,040 --> 00:11:56,040
who can read or write specific data

269
00:11:56,040 --> 00:11:58,440
and which fields should be masked for certain users.

270
00:11:58,440 --> 00:12:01,640
All of this lives in a single code repository as one source of truth

271
00:12:01,640 --> 00:12:04,240
so you are never bouncing between a database config tool,

272
00:12:04,240 --> 00:12:06,840
an auth provider, and a governance dashboard.

273
00:12:06,840 --> 00:12:08,840
Everything is declarative and version controlled

274
00:12:08,840 --> 00:12:11,640
which means every change you make is reviewable in a pull request

275
00:12:11,640 --> 00:12:13,040
before it ever goes live.

276
00:12:13,040 --> 00:12:15,640
When you are ready, you run the RAFE in CLI with one command,

277
00:12:15,640 --> 00:12:16,840
RAFE in UP.

278
00:12:16,840 --> 00:12:20,040
This is where the magic happens because the CLI takes your back-end definition

279
00:12:20,040 --> 00:12:22,040
and compiles it into actual services.

280
00:12:22,040 --> 00:12:25,240
It provisions a govern database, creates isolated functions,

281
00:12:25,240 --> 00:12:28,640
wires up the authentication, and configures the storage automatically.

282
00:12:28,640 --> 00:12:32,240
It does all the heavy lifting while enforcing the exact governance model

283
00:12:32,240 --> 00:12:33,440
you declared in your code.

284
00:12:33,440 --> 00:12:35,240
This approach is fundamentally different

285
00:12:35,240 --> 00:12:38,440
from the old way of picking a database and wiring it up yourself.

286
00:12:38,440 --> 00:12:40,240
In a traditional setup, you choose a database,

287
00:12:40,240 --> 00:12:41,840
then you choose an API framework,

288
00:12:41,840 --> 00:12:44,840
and then you spend hours trying to make them talk to each other.

289
00:12:44,840 --> 00:12:47,640
Then you have to bolt on authentication, access control,

290
00:12:47,640 --> 00:12:49,240
and monitoring as separate steps

291
00:12:49,240 --> 00:12:52,840
and each of those steps introduces new ways for the system to fail.

292
00:12:52,840 --> 00:12:55,040
With RAFE in you simply describe what you want

293
00:12:55,040 --> 00:12:57,240
and the platform handles the plumbing for you.

294
00:12:57,240 --> 00:12:58,840
It knows how to connect every piece

295
00:12:58,840 --> 00:13:02,040
because it was designed from the start to be a coherent whole

296
00:13:02,040 --> 00:13:05,440
rather than a messy collection of separate parts.

297
00:13:05,440 --> 00:13:08,640
The part that matters most is that RAFE in forces a structural model

298
00:13:08,640 --> 00:13:11,240
that is opinionated rather than permissive.

299
00:13:11,240 --> 00:13:13,440
These opinions are baked into the system.

300
00:13:13,440 --> 00:13:16,240
It is code first, it is governed by default

301
00:13:16,240 --> 00:13:18,440
and it is native to the fabric ecosystem.

302
00:13:18,440 --> 00:13:20,840
Being code first means your backend definitions

303
00:13:20,840 --> 00:13:23,240
are versionable, testable, and easy to review.

304
00:13:23,240 --> 00:13:26,240
You cannot accidentally create a resource that lacks oversight

305
00:13:26,240 --> 00:13:29,040
because if a feature isn't in the code, it simply does not exist.

306
00:13:29,040 --> 00:13:32,840
Governance by default means you cannot opt out of security or compliance.

307
00:13:32,840 --> 00:13:36,440
You don't deploy a backend and then try to lay a governance on top as an afterthought

308
00:13:36,440 --> 00:13:38,840
because the rules are part of the definition itself.

309
00:13:38,840 --> 00:13:40,440
When you mark a field as sensitive,

310
00:13:40,440 --> 00:13:42,840
the platform enforces that declaration immediately

311
00:13:42,840 --> 00:13:45,640
and when an agent tries to access something it shouldn't,

312
00:13:45,640 --> 00:13:48,640
the system catches it before the operation even starts.

313
00:13:48,640 --> 00:13:50,640
Finally, being fabric native means

314
00:13:50,640 --> 00:13:52,240
RAFE does not exist in a vacuum.

315
00:13:52,240 --> 00:13:55,640
It isn't just another external service you have to figure out how to integrate.

316
00:13:55,640 --> 00:13:58,040
Your backend is a native part of Microsoft Fabric

317
00:13:58,040 --> 00:14:01,440
so your data lands in one lake and your functions run on fabric compute.

318
00:14:01,440 --> 00:14:04,040
This creates a unified control plane which is the exact opposite

319
00:14:04,040 --> 00:14:07,640
of the fragmented architecture that has been causing so much chaos lately.

320
00:14:07,640 --> 00:14:10,040
RAFE is not just a faster way to build a backend,

321
00:14:10,040 --> 00:14:12,640
it is a structural replacement for a broken model.

322
00:14:12,640 --> 00:14:15,640
It takes the painful lessons we have learned over the last five years

323
00:14:15,640 --> 00:14:20,840
and embeds them into a framework that stops you from making those same mistakes again.

324
00:14:20,840 --> 00:14:23,040
The fabric integration, the real story.

325
00:14:23,040 --> 00:14:24,840
RAFE does not live on an island.

326
00:14:24,840 --> 00:14:28,440
It isn't a standalone service that you just bolt onto your existing infrastructure

327
00:14:28,440 --> 00:14:31,240
and that is the crucial detail that most people seem to miss.

328
00:14:31,240 --> 00:14:35,040
RAFE in deploys directly into Microsoft Fabric as a managed backend as a service

329
00:14:35,040 --> 00:14:38,040
and this integration is where the entire model shifts in your favor.

330
00:14:38,040 --> 00:14:39,440
When you run that RAFE in up command

331
00:14:39,440 --> 00:14:42,640
you aren't just scattering resources across random Azure subscriptions.

332
00:14:42,640 --> 00:14:45,640
You aren't spinning up a database in one place and functions in another

333
00:14:45,640 --> 00:14:47,840
while praying you can wire them together correctly.

334
00:14:47,840 --> 00:14:51,240
Instead you are telling fabric to create a governed database

335
00:14:51,240 --> 00:14:55,040
and isolated functions right inside your fabric tenant as first class artifacts.

336
00:14:55,040 --> 00:14:58,640
The word tenant is actually the most important part of that sentence.

337
00:14:58,640 --> 00:15:02,440
Your tenant is your organizational boundary and your security perimeter

338
00:15:02,440 --> 00:15:05,240
which is exactly where your data governance policies live.

339
00:15:05,240 --> 00:15:07,040
When RAFE in deploys into that tenant,

340
00:15:07,040 --> 00:15:10,640
the backend you just created inherits every security feature fabric

341
00:15:10,640 --> 00:15:13,440
provides as a fundamental part of its architecture.

342
00:15:13,440 --> 00:15:17,240
This creates a massive structural difference compared to the traditional way of doing things.

343
00:15:17,240 --> 00:15:21,640
Usually you build a custom API on something like Kubernetes or a Lambda function

344
00:15:21,640 --> 00:15:24,640
and it talks to a database that lives in a separate cloud account.

345
00:15:24,640 --> 00:15:28,240
This creates two separate data states, one for operations and one for analytics

346
00:15:28,240 --> 00:15:32,440
which means you have the same data in two places with two different sets of security policies.

347
00:15:32,440 --> 00:15:35,840
You end up with separate audit trails and separate lineage tracking

348
00:15:35,840 --> 00:15:37,440
which is a nightmare to manage.

349
00:15:37,440 --> 00:15:38,640
With RAFE in on fabric,

350
00:15:38,640 --> 00:15:42,440
your application data lands directly in one lake instead of an external silo.

351
00:15:42,440 --> 00:15:45,940
One lake is the unified storage layer that already powers your analytics,

352
00:15:45,940 --> 00:15:48,440
your warehouses and your data science workloads.

353
00:15:48,440 --> 00:15:50,340
When your RAFE in backend writes data,

354
00:15:50,340 --> 00:15:53,140
that information is immediately part of your analytics estate

355
00:15:53,140 --> 00:15:56,440
without any need for ETL pipelines or complex synchronization jobs.

356
00:15:56,440 --> 00:15:59,440
This means your operational data and your analytical data

357
00:15:59,440 --> 00:16:01,540
finally live in the same governed house.

358
00:16:01,540 --> 00:16:04,840
You have one classification system, one set of access policies

359
00:16:04,840 --> 00:16:07,040
and one audit trail to watch over everything.

360
00:16:07,040 --> 00:16:10,440
If a sensitive field is masked for a user in an analytics report,

361
00:16:10,440 --> 00:16:14,740
that same masking is automatically enforced when that user tries to access the data

362
00:16:14,740 --> 00:16:16,340
through the RAFE in backend.

363
00:16:16,340 --> 00:16:18,540
Lineage now flows naturally through the system.

364
00:16:18,540 --> 00:16:21,240
Your fabric models can reference tables created by RAFE in

365
00:16:21,240 --> 00:16:24,340
so when someone asks where a specific metric came from,

366
00:16:24,340 --> 00:16:27,040
the trail leads all the way back to the operational backend.

367
00:16:27,040 --> 00:16:30,240
Data engineers can see exactly how everything connects without having to jump

368
00:16:30,240 --> 00:16:32,640
between five different tools and dashboards.

369
00:16:32,640 --> 00:16:34,240
Access control becomes unified

370
00:16:34,240 --> 00:16:37,440
because you only have to define who can do what one time.

371
00:16:37,440 --> 00:16:39,640
Those policies travel with the data itself.

372
00:16:39,640 --> 00:16:42,740
So if you want to restrict which agents can see sensitive fields,

373
00:16:42,740 --> 00:16:44,640
you do it once in the fabric governance model,

374
00:16:44,640 --> 00:16:47,640
you no longer have to implement the same restriction over and over again

375
00:16:47,640 --> 00:16:49,540
across different custom APIs.

376
00:16:49,540 --> 00:16:51,440
Sensitivity labels work exactly the same way.

377
00:16:51,440 --> 00:16:54,940
If you classify a field as confidential in the fabric labeling system,

378
00:16:54,940 --> 00:16:57,540
that label follows the data wherever it goes.

379
00:16:57,540 --> 00:16:59,740
Whether that data shows up in a Power BI report,

380
00:16:59,740 --> 00:17:02,940
a data scientist's notebook or an API response,

381
00:17:02,940 --> 00:17:06,240
the access restrictions and audit requirements stay attached to it.

382
00:17:06,240 --> 00:17:09,740
The old wall between the operational backend and the analytics platform

383
00:17:09,740 --> 00:17:11,140
has finally collapsed.

384
00:17:11,140 --> 00:17:15,540
They are no longer two separate worlds that you have to bridge with duct tape and prayer.

385
00:17:15,540 --> 00:17:17,340
They are one integrated system.

386
00:17:17,340 --> 00:17:19,740
Your backend is now a part of your data platform

387
00:17:19,740 --> 00:17:22,740
and your data platform has the power to act through your backend.

388
00:17:22,740 --> 00:17:25,140
This integration is the real structural shift.

389
00:17:25,140 --> 00:17:27,940
It isn't just about making things faster or more convenient

390
00:17:27,940 --> 00:17:29,440
even though it definitely does that.

391
00:17:29,440 --> 00:17:32,440
It is about making governance unified instead of fragmented

392
00:17:32,440 --> 00:17:34,740
and letting data flow naturally through one system

393
00:17:34,740 --> 00:17:36,940
instead of being copied across separate universes.

394
00:17:36,940 --> 00:17:39,340
That is the real story of why this is different.

395
00:17:39,340 --> 00:17:41,540
Code first governance, the philosophy.

396
00:17:41,540 --> 00:17:43,640
Every organization has a governance story

397
00:17:43,640 --> 00:17:46,240
and it usually follows a predictable painful pattern.

398
00:17:46,240 --> 00:17:50,240
You build the system, you ship the code, and then, much later.

399
00:17:50,240 --> 00:17:52,340
You ask the compliance team to take a look.

400
00:17:52,340 --> 00:17:54,340
If you're lucky, they give you a thumbs up,

401
00:17:54,340 --> 00:17:55,640
but more often than not,

402
00:17:55,640 --> 00:17:58,440
you're stuck retrofitting fixes to a finished product.

403
00:17:58,440 --> 00:17:59,840
In the worst case scenario,

404
00:17:59,840 --> 00:18:02,040
you discover a massive violation in production

405
00:18:02,040 --> 00:18:04,940
and spend the next three weeks in emergency remediation mode.

406
00:18:04,940 --> 00:18:06,640
This is governance as an aftermath.

407
00:18:06,640 --> 00:18:08,240
It's a gate at the very end of the road.

408
00:18:08,240 --> 00:18:09,240
It's a checkbox.

409
00:18:09,240 --> 00:18:11,040
It's something that happens to your system

410
00:18:11,040 --> 00:18:12,540
rather than something that defines it.

411
00:18:12,540 --> 00:18:14,240
Rayfin inverts this model entirely.

412
00:18:14,240 --> 00:18:15,740
Governance isn't an afterthought here.

413
00:18:15,740 --> 00:18:18,140
It's embedded into the backend definition itself.

414
00:18:18,140 --> 00:18:20,540
From the moment you start writing your backend in code,

415
00:18:20,540 --> 00:18:22,140
you are making governance decisions

416
00:18:22,140 --> 00:18:24,140
and the platform enforces those decisions

417
00:18:24,140 --> 00:18:26,340
before a single line of code gets deployed.

418
00:18:26,340 --> 00:18:27,740
Here is the practical difference.

419
00:18:27,740 --> 00:18:30,740
In a traditional setup, you define your data models first

420
00:18:30,740 --> 00:18:33,740
and then you try to figure out who should actually see that data.

421
00:18:33,740 --> 00:18:35,140
You add authentication logic,

422
00:18:35,140 --> 00:18:36,940
you layer on authorization checks.

423
00:18:36,940 --> 00:18:38,940
You might even try to mask sensitive fields,

424
00:18:38,940 --> 00:18:40,840
but these are separate pieces of a puzzle

425
00:18:40,840 --> 00:18:42,140
that you're trying to force together.

426
00:18:42,140 --> 00:18:45,040
Your database schema doesn't understand your access policies

427
00:18:45,040 --> 00:18:47,940
and your API has no idea what your classification rules are.

428
00:18:47,940 --> 00:18:49,040
You're bolting things on

429
00:18:49,040 --> 00:18:51,040
and that's exactly where the gaps appear.

430
00:18:51,040 --> 00:18:53,240
With Rayfin, your access policies and business rules

431
00:18:53,240 --> 00:18:55,440
live in the code right next to your data models.

432
00:18:55,440 --> 00:18:57,040
They aren't hidden in a separate UI

433
00:18:57,040 --> 00:18:58,940
or managed in some third party tool.

434
00:18:58,940 --> 00:19:01,840
They are declared right there in the backend definition.

435
00:19:01,840 --> 00:19:04,340
When you define a field for something like a salary,

436
00:19:04,340 --> 00:19:06,340
you aren't just setting a data type.

437
00:19:06,340 --> 00:19:07,840
You are declaring who can read it,

438
00:19:07,840 --> 00:19:11,340
who can change it and whether it needs to be masked for specific roles.

439
00:19:11,340 --> 00:19:13,140
You're even deciding if accessing that field

440
00:19:13,140 --> 00:19:14,840
should trigger an audit event.

441
00:19:14,840 --> 00:19:17,540
The policy and the data travel together as one unit.

442
00:19:17,540 --> 00:19:20,840
This means your governance is versioned just like your code.

443
00:19:20,840 --> 00:19:23,340
You don't have to worry about your official policy

444
00:19:23,340 --> 00:19:25,940
drifting away from what's actually running in production.

445
00:19:25,940 --> 00:19:28,040
Your governance rules are reviewed in pull requests.

446
00:19:28,040 --> 00:19:29,340
They are tested in staging

447
00:19:29,340 --> 00:19:31,540
and they can be rolled back if something breaks.

448
00:19:31,540 --> 00:19:34,140
When a stakeholder asks why a policy changed,

449
00:19:34,140 --> 00:19:35,040
you don't have to guess

450
00:19:35,040 --> 00:19:36,540
because there is a commit message

451
00:19:36,540 --> 00:19:39,740
in your version control system explaining exactly why.

452
00:19:39,740 --> 00:19:41,840
More importantly, this governance is deployable.

453
00:19:41,840 --> 00:19:44,640
It isn't just a set of goals or a PDF on a shared drive

454
00:19:44,640 --> 00:19:47,240
when you declare a rule and deploy the backend.

455
00:19:47,240 --> 00:19:49,740
That rule becomes the reality of the running system.

456
00:19:49,740 --> 00:19:51,440
There is no gap between what you intended

457
00:19:51,440 --> 00:19:52,540
and what actually happened.

458
00:19:52,540 --> 00:19:54,740
In fact, the platform won't even let you finish a deployment

459
00:19:54,740 --> 00:19:56,240
if your governance declarations are missing

460
00:19:56,240 --> 00:19:57,640
or if they contradict each other.

461
00:19:57,640 --> 00:20:00,440
This creates a very specific, very intentional constraint.

462
00:20:00,440 --> 00:20:02,840
Teams can't accidentally create ungoverned data stores.

463
00:20:02,840 --> 00:20:04,440
They might try to write a backend definition

464
00:20:04,440 --> 00:20:05,940
that skips the access policies

465
00:20:05,940 --> 00:20:08,240
but the Ravenclawi will stop them immediately.

466
00:20:08,240 --> 00:20:09,740
It will throw an error saying

467
00:20:09,740 --> 00:20:12,440
access policies not defined for table X

468
00:20:12,440 --> 00:20:14,440
which forces the team to stop and make a choice.

469
00:20:14,440 --> 00:20:16,940
They have to explicitly declare who gets access

470
00:20:16,940 --> 00:20:18,540
so they can't just skip the hard parts

471
00:20:18,540 --> 00:20:19,640
and hope nobody notices.

472
00:20:19,640 --> 00:20:21,140
The model forces a conversation

473
00:20:21,140 --> 00:20:22,740
and because this happens upfront,

474
00:20:22,740 --> 00:20:24,540
you aren't dealing with these headaches months

475
00:20:24,540 --> 00:20:25,640
after the system is live.

476
00:20:25,640 --> 00:20:27,140
You're asking the big questions now.

477
00:20:27,140 --> 00:20:29,040
What should this back end be allowed to do?

478
00:20:29,040 --> 00:20:30,440
Who is allowed to touch this data?

479
00:20:30,440 --> 00:20:32,140
What information is actually sensitive?

480
00:20:32,140 --> 00:20:33,840
These aren't just technical questions.

481
00:20:33,840 --> 00:20:35,040
They are business questions.

482
00:20:35,040 --> 00:20:36,440
Raven brings them to the surface

483
00:20:36,440 --> 00:20:37,740
before the code is written

484
00:20:37,740 --> 00:20:39,740
and before you've built expensive dependencies

485
00:20:39,740 --> 00:20:40,940
that are hard to change.

486
00:20:40,940 --> 00:20:42,840
This shift from governance as an aftermath

487
00:20:42,840 --> 00:20:44,040
to governance as a blueprint

488
00:20:44,040 --> 00:20:45,740
is the real reason Raven matters.

489
00:20:45,740 --> 00:20:46,840
The technical features are great

490
00:20:46,840 --> 00:20:48,340
but changing how an organization

491
00:20:48,340 --> 00:20:49,940
thinks about security and compliance

492
00:20:49,940 --> 00:20:51,740
is what's actually transformative.

493
00:20:51,740 --> 00:20:53,240
Once you start embedding governance

494
00:20:53,240 --> 00:20:54,440
into your definitions,

495
00:20:54,440 --> 00:20:56,740
building an ungoverned system becomes impossible.

496
00:20:56,740 --> 00:20:58,240
And when you can't skip the rules,

497
00:20:58,240 --> 00:20:59,740
you start making much better choices

498
00:20:59,740 --> 00:21:01,740
about what you build in the first place.

499
00:21:01,740 --> 00:21:03,340
The anti-corruption layer pattern.

500
00:21:03,340 --> 00:21:05,740
We all know that perfect is the enemy of done.

501
00:21:05,740 --> 00:21:07,040
And this is where we have to talk about

502
00:21:07,040 --> 00:21:08,940
the reality of your current tech stack.

503
00:21:08,940 --> 00:21:11,540
Most organizations aren't starting with a blank slate.

504
00:21:11,540 --> 00:21:13,140
You don't have the luxury of killing off

505
00:21:13,140 --> 00:21:14,340
all your custom APIs

506
00:21:14,340 --> 00:21:16,340
just to rebuild everything on a new platform.

507
00:21:16,340 --> 00:21:17,740
You have customers to support.

508
00:21:17,740 --> 00:21:20,140
You have systems that are currently generating revenue.

509
00:21:20,140 --> 00:21:22,140
You have dependencies that are so tangled

510
00:21:22,140 --> 00:21:23,540
you can't even track them all.

511
00:21:23,540 --> 00:21:25,240
Your teams are likely running on workflows

512
00:21:25,240 --> 00:21:27,640
that depend on APIs that mostly work.

513
00:21:27,640 --> 00:21:29,140
So what do you actually do?

514
00:21:29,140 --> 00:21:30,840
You can't just rip everything out and replace it

515
00:21:30,840 --> 00:21:33,240
but you also can't stay stuck in the status quo forever.

516
00:21:33,240 --> 00:21:34,140
You need a way out

517
00:21:34,140 --> 00:21:36,140
that doesn't involve betting the entire company

518
00:21:36,140 --> 00:21:37,440
on a single migration.

519
00:21:37,440 --> 00:21:39,640
This is where we use the strangler fig pattern.

520
00:21:39,640 --> 00:21:41,140
It's a concept borrowed from nature

521
00:21:41,140 --> 00:21:42,740
and used by teams that have successfully

522
00:21:42,740 --> 00:21:45,240
modernized massive messy legacy systems.

523
00:21:45,240 --> 00:21:46,440
The idea is simple.

524
00:21:46,440 --> 00:21:48,140
You don't try to kill the old tree.

525
00:21:48,140 --> 00:21:49,940
Instead you grow a new tree around it

526
00:21:49,940 --> 00:21:51,540
gradually taking over its functions

527
00:21:51,540 --> 00:21:53,340
until the old one isn't needed anymore.

528
00:21:53,340 --> 00:21:55,440
In the world of software that means building a facade

529
00:21:55,440 --> 00:21:58,040
you might use an API gateway or a middleware layer

530
00:21:58,040 --> 00:22:00,340
that sits right in front of your old custom APIs

531
00:22:00,340 --> 00:22:02,340
or your traffic hits this facade first.

532
00:22:02,340 --> 00:22:03,740
From there the facade can decide

533
00:22:03,740 --> 00:22:05,640
whether to send a request to the old system

534
00:22:05,640 --> 00:22:07,040
or the new rave in backend.

535
00:22:07,040 --> 00:22:08,940
You start by sending everything to the old system

536
00:22:08,940 --> 00:22:11,440
and then piece by piece you move functionality over.

537
00:22:11,440 --> 00:22:13,140
The secret source that makes this work

538
00:22:13,140 --> 00:22:15,240
is the anti-corruption layer.

539
00:22:15,240 --> 00:22:17,140
Think of this as a translation service.

540
00:22:17,140 --> 00:22:18,640
Your old APIs speak one language

541
00:22:18,640 --> 00:22:20,540
and your new rave in backend speaks another.

542
00:22:20,540 --> 00:22:22,340
The anti-corruption layer sits in the middle

543
00:22:22,340 --> 00:22:23,540
and translates between the two

544
00:22:23,540 --> 00:22:24,840
so they can understand each other.

545
00:22:24,840 --> 00:22:26,240
Let's look at how this works in practice.

546
00:22:26,240 --> 00:22:27,740
Imagine you have an old API

547
00:22:27,740 --> 00:22:29,340
that returns customer data

548
00:22:29,340 --> 00:22:31,040
in a very specific outdated format.

549
00:22:31,040 --> 00:22:32,540
Your new rave in backend is designed

550
00:22:32,540 --> 00:22:33,540
with modern principles

551
00:22:33,540 --> 00:22:35,340
and returns that data differently.

552
00:22:35,340 --> 00:22:36,540
When a user calls the facade

553
00:22:36,540 --> 00:22:37,940
expecting the old format,

554
00:22:37,940 --> 00:22:39,840
the anti-corruption layer steps in.

555
00:22:39,840 --> 00:22:41,240
It calls the new backend,

556
00:22:41,240 --> 00:22:43,040
transforms the data to match the old style

557
00:22:43,040 --> 00:22:44,540
and sends it back without the user

558
00:22:44,540 --> 00:22:45,840
ever knowing the difference.

559
00:22:45,840 --> 00:22:47,740
It might feel like you're adding more complexity

560
00:22:47,740 --> 00:22:48,940
and technically you are.

561
00:22:48,940 --> 00:22:51,140
But what you're actually buying is the power to choose.

562
00:22:51,140 --> 00:22:52,740
You can let your legacy systems live

563
00:22:52,740 --> 00:22:55,040
while you build something better right next to them.

564
00:22:55,040 --> 00:22:56,540
Rave in-consid behind your gateway

565
00:22:56,540 --> 00:22:58,740
and work alongside your existing middleware.

566
00:22:58,740 --> 00:23:00,340
Your new backend doesn't have to replace

567
00:23:00,340 --> 00:23:01,740
the whole world on day one.

568
00:23:01,740 --> 00:23:03,940
It replaces one small thing then another

569
00:23:03,940 --> 00:23:04,940
and each time you do this

570
00:23:04,940 --> 00:23:06,940
you're removing a bit of the old sprawl.

571
00:23:06,940 --> 00:23:08,340
This allows your teams to retire

572
00:23:08,340 --> 00:23:10,840
custom APIs one slice at a time.

573
00:23:10,840 --> 00:23:12,140
You aren't making a massive,

574
00:23:12,140 --> 00:23:14,640
risky decision to migrate from system A to system B.

575
00:23:14,640 --> 00:23:16,840
Instead you're making small manageable choices.

576
00:23:16,840 --> 00:23:18,340
You look at a specific workflow,

577
00:23:18,340 --> 00:23:20,040
decide it would be better on Rave in

578
00:23:20,040 --> 00:23:21,240
and move just that piece.

579
00:23:21,240 --> 00:23:22,740
One workflow, one translation,

580
00:23:22,740 --> 00:23:25,540
one conversation about whether the effort is worth the reward.

581
00:23:25,540 --> 00:23:26,840
The migration becomes doable

582
00:23:26,840 --> 00:23:29,240
because Rave in keeps the new side of the house clean.

583
00:23:29,240 --> 00:23:30,640
You aren't just moving your data

584
00:23:30,640 --> 00:23:32,640
into another fragmented mess.

585
00:23:32,640 --> 00:23:33,840
You're moving it into a system

586
00:23:33,840 --> 00:23:35,840
with built-in governance and clear ownership.

587
00:23:35,840 --> 00:23:37,540
Once a piece is moved, it stays moved.

588
00:23:37,540 --> 00:23:39,640
It doesn't drift, it doesn't pile up technical debt

589
00:23:39,640 --> 00:23:41,640
and you never have to go back and try to fix

590
00:23:41,640 --> 00:23:42,840
the governance later.

591
00:23:42,840 --> 00:23:44,640
This is how real modernization happens.

592
00:23:44,640 --> 00:23:46,340
It isn't about heroic all night re-rides.

593
00:23:46,340 --> 00:23:47,640
It's about incremental replacement.

594
00:23:47,640 --> 00:23:50,340
The strangler fig doesn't take down the old tree overnight

595
00:23:50,340 --> 00:23:51,840
but it strangles it slowly.

596
00:23:51,840 --> 00:23:53,540
And by the time the old tree is gone,

597
00:23:53,540 --> 00:23:56,840
you've already built a healthy new ecosystem to take its place.

598
00:23:56,840 --> 00:23:58,840
Strategy matters because for most of us,

599
00:23:58,840 --> 00:24:01,540
starting from zero is never an option.

600
00:24:01,540 --> 00:24:04,340
Technical debt retirement, metrics that matter.

601
00:24:04,340 --> 00:24:06,040
The moment you decide to modernize,

602
00:24:06,040 --> 00:24:07,340
someone is going to ask the question

603
00:24:07,340 --> 00:24:08,740
that stops everyone in their tracks.

604
00:24:08,740 --> 00:24:10,940
They want to know which APIs you should retire first

605
00:24:10,940 --> 00:24:13,140
and the honest answer is that you start with the ones

606
00:24:13,140 --> 00:24:14,940
that are most expensive to keep alive.

607
00:24:14,940 --> 00:24:16,040
But here is the problem.

608
00:24:16,040 --> 00:24:17,640
Expensive isn't always obvious

609
00:24:17,640 --> 00:24:19,140
because it isn't written down in a ledger

610
00:24:19,140 --> 00:24:20,640
or something you can feel during a meeting.

611
00:24:20,640 --> 00:24:21,840
You have to measure it

612
00:24:21,840 --> 00:24:24,140
and that measurement is what transforms your migration

613
00:24:24,140 --> 00:24:26,740
from a religious debate into a data-driven decision.

614
00:24:26,740 --> 00:24:28,240
It starts with a simple principle.

615
00:24:28,240 --> 00:24:30,640
Not every custom API deserves to be retired,

616
00:24:30,640 --> 00:24:32,940
especially if it is still doing valuable work

617
00:24:32,940 --> 00:24:34,440
or running a stable process.

618
00:24:34,440 --> 00:24:36,440
Some of these systems have only one or two consumers

619
00:24:36,440 --> 00:24:37,840
who depend heavily on them.

620
00:24:37,840 --> 00:24:39,740
And if those teams aren't ready to move,

621
00:24:39,740 --> 00:24:42,440
you gain nothing by breaking something that actually works.

622
00:24:42,440 --> 00:24:44,740
The question isn't about which APIs you should kill off.

623
00:24:44,740 --> 00:24:46,640
It is about which ones are costing you the most

624
00:24:46,640 --> 00:24:47,940
in maintenance and risk.

625
00:24:47,940 --> 00:24:49,440
And you can find that answer if you're willing

626
00:24:49,440 --> 00:24:50,540
to look at the numbers.

627
00:24:50,540 --> 00:24:53,340
The framework you need is the technical debt ratio.

628
00:24:53,340 --> 00:24:56,340
It is a simple way to compare the cost of fixing a system

629
00:24:56,340 --> 00:24:58,840
against the cost of building it from scratch in the first place.

630
00:24:58,840 --> 00:25:00,440
If you have a TDR of 50%,

631
00:25:00,440 --> 00:25:01,840
it means rebuilding the system

632
00:25:01,840 --> 00:25:03,940
would cost half of the original investment,

633
00:25:03,940 --> 00:25:07,440
but a TDR of 200% means it now costs twice as much

634
00:25:07,440 --> 00:25:09,040
to maintain as it did to create.

635
00:25:09,040 --> 00:25:10,840
When you look at custom APIs,

636
00:25:10,840 --> 00:25:12,940
you calculate this by tracking incident rates,

637
00:25:12,940 --> 00:25:15,140
and maintenance effort and architectural complexity.

638
00:25:15,140 --> 00:25:17,940
An API that requires two hours of maintenance every month

639
00:25:17,940 --> 00:25:20,740
has a much lower TDR than one requiring 20 hours,

640
00:25:20,740 --> 00:25:22,840
just as an API with constant incidents

641
00:25:22,840 --> 00:25:26,040
is a much higher liability than one that works reliably.

642
00:25:26,040 --> 00:25:27,940
But TDR alone doesn't tell the whole story.

643
00:25:27,940 --> 00:25:30,140
You need operational signals like usage volume

644
00:25:30,140 --> 00:25:32,640
because an API handling 100 requests a month

645
00:25:32,640 --> 00:25:35,640
is a very different candidate than one handling 100,000.

646
00:25:35,640 --> 00:25:37,040
The number of consumers matters too,

647
00:25:37,040 --> 00:25:39,540
since retiring an API used by five different teams

648
00:25:39,540 --> 00:25:42,840
is much more expensive than if only one team is connected to it.

649
00:25:42,940 --> 00:25:44,940
You also need to watch how often things change.

650
00:25:44,940 --> 00:25:46,740
An API that requires constant updates

651
00:25:46,740 --> 00:25:48,440
is a signal that you don't fully understand

652
00:25:48,440 --> 00:25:49,740
what it is supposed to do,

653
00:25:49,740 --> 00:25:52,240
and persistent incidents are just evidence

654
00:25:52,240 --> 00:25:55,040
that the system has become a liability.

655
00:25:55,040 --> 00:25:56,640
Then you should layer in your door or metrics.

656
00:25:56,640 --> 00:25:58,240
You need to look at deployment frequency

657
00:25:58,240 --> 00:26:00,640
to see how often you can actually push changes,

658
00:26:00,640 --> 00:26:01,940
and you need to measure lead time

659
00:26:01,940 --> 00:26:04,840
to see how long it takes to go from a decision to production.

660
00:26:04,840 --> 00:26:06,840
You also have to track the change failure rate

661
00:26:06,840 --> 00:26:08,740
and the mean time to recovery,

662
00:26:08,740 --> 00:26:10,940
which tells you how long it takes to fix things

663
00:26:10,940 --> 00:26:12,540
when they inevitably break.

664
00:26:12,940 --> 00:26:15,140
These metrics reveal something that TDR misses.

665
00:26:15,140 --> 00:26:17,640
They show you exactly how much an API is slowing down

666
00:26:17,640 --> 00:26:19,140
your entire organization.

667
00:26:19,140 --> 00:26:21,940
An API with high lead time is keeping your teams waiting

668
00:26:21,940 --> 00:26:24,240
while an API with a high change failure rate

669
00:26:24,240 --> 00:26:26,540
is making your entire platform unreliable.

670
00:26:26,540 --> 00:26:29,040
When you run these numbers across your entire portfolio,

671
00:26:29,040 --> 00:26:30,840
the patterns start to emerge.

672
00:26:30,840 --> 00:26:32,640
Some APIs are economic to keep,

673
00:26:32,640 --> 00:26:35,040
but the ones with high TDR, high incident rates,

674
00:26:35,040 --> 00:26:37,240
and high operational friction are your primary

675
00:26:37,240 --> 00:26:38,840
retirement candidates.

676
00:26:38,840 --> 00:26:40,340
The business case becomes obvious

677
00:26:40,340 --> 00:26:43,240
once you measure the cost of keeping these systems alive.

678
00:26:43,240 --> 00:26:45,540
You might discover you are spending 10 engineering years

679
00:26:45,540 --> 00:26:47,140
every single year just to maintain a system

680
00:26:47,140 --> 00:26:48,440
that only three teams use.

681
00:26:48,440 --> 00:26:49,940
You might find an API so fragile

682
00:26:49,940 --> 00:26:52,140
that a simple change takes six weeks to deploy

683
00:26:52,140 --> 00:26:53,940
or realize that half of your incident pages

684
00:26:53,940 --> 00:26:57,340
are coming from the same three APIs over and over again.

685
00:26:57,340 --> 00:26:59,540
Measurement doesn't tell you what to do,

686
00:26:59,540 --> 00:27:01,940
but it does show you what is actually happening.

687
00:27:01,940 --> 00:27:04,640
And once you can see the reality of your system clearly,

688
00:27:04,640 --> 00:27:07,440
the decisions usually make themselves.

689
00:27:07,440 --> 00:27:09,040
The decoupled agent pattern.

690
00:27:09,040 --> 00:27:11,240
There is a new pattern emerging in systems designed

691
00:27:11,240 --> 00:27:12,540
for autonomous AI,

692
00:27:12,540 --> 00:27:14,740
and it is the complete opposite of how you probably

693
00:27:14,740 --> 00:27:16,240
build your custom APIs.

694
00:27:16,240 --> 00:27:18,140
Most custom APIs are monolithic.

695
00:27:18,140 --> 00:27:20,240
They know everything about one specific domain.

696
00:27:20,240 --> 00:27:22,540
They have opinions about how that domain should work,

697
00:27:22,540 --> 00:27:25,940
and they validate every request according to their own internal rules.

698
00:27:25,940 --> 00:27:27,940
They manage state across multiple requests

699
00:27:27,940 --> 00:27:29,440
and return responses in a shape

700
00:27:29,440 --> 00:27:31,640
that only makes sense for their specific context.

701
00:27:31,640 --> 00:27:33,640
This works perfectly for human-paced workflows.

702
00:27:33,640 --> 00:27:34,840
A person calls the API,

703
00:27:34,840 --> 00:27:36,740
the API guesses what that person wants,

704
00:27:36,740 --> 00:27:39,340
and then it returns a response the human can understand.

705
00:27:39,340 --> 00:27:40,840
But agents operate differently.

706
00:27:40,840 --> 00:27:42,840
An agent doesn't call your API because it thinks

707
00:27:42,840 --> 00:27:44,340
your API is the perfect solution.

708
00:27:44,340 --> 00:27:46,940
It treats your API as just one tool among many.

709
00:27:46,940 --> 00:27:48,240
An agent might call your service,

710
00:27:48,240 --> 00:27:49,340
then hit a search engine,

711
00:27:49,340 --> 00:27:50,440
then query a database,

712
00:27:50,440 --> 00:27:53,440
and then call a calculation service all in one sequence.

713
00:27:53,440 --> 00:27:54,840
It is orchestrating a workflow

714
00:27:54,840 --> 00:27:56,640
across many independent services,

715
00:27:56,640 --> 00:27:58,940
which means your API is just a small component

716
00:27:58,940 --> 00:28:00,340
in a much larger machine.

717
00:28:00,340 --> 00:28:02,440
This shift means your API needs to change.

718
00:28:02,440 --> 00:28:04,940
It needs to be a tool rather than a monolithic system

719
00:28:04,940 --> 00:28:06,240
with its own opinions.

720
00:28:06,240 --> 00:28:08,540
You need a simple, predictable schema-driven interface

721
00:28:08,540 --> 00:28:10,340
that an agent can use without needing

722
00:28:10,340 --> 00:28:12,740
to understand the deep history of your domain.

723
00:28:12,740 --> 00:28:14,940
Modern agentex systems are built on the principle

724
00:28:14,940 --> 00:28:17,840
of separating the agent orchestrator from stateless tools.

725
00:28:17,840 --> 00:28:20,040
The orchestrator acts as the brain that makes decisions

726
00:28:20,040 --> 00:28:23,240
and plan sequences while the tools are intentionally dumb.

727
00:28:23,240 --> 00:28:24,740
They are called with specific inputs,

728
00:28:24,740 --> 00:28:26,240
they return specific outputs,

729
00:28:26,240 --> 00:28:28,240
and they don't know anything about what happened before

730
00:28:28,240 --> 00:28:29,640
or what will happen next.

731
00:28:29,640 --> 00:28:32,340
This separation is fundamental to the whole system.

732
00:28:32,340 --> 00:28:34,740
If your API is tightly coupled to business logic

733
00:28:34,740 --> 00:28:37,240
or if it tries to maintain state about what the agent is doing,

734
00:28:37,240 --> 00:28:38,540
it loses its flexibility.

735
00:28:38,540 --> 00:28:39,940
It stops being a general tool

736
00:28:39,940 --> 00:28:41,340
and becomes a specialized service

737
00:28:41,340 --> 00:28:43,540
that only one specific kind of agent can use.

738
00:28:43,540 --> 00:28:45,640
Custom APIs actually make this problem worse

739
00:28:45,640 --> 00:28:47,740
because they were built for human-paced patterns.

740
00:28:47,740 --> 00:28:49,140
They try to maintain session state

741
00:28:49,140 --> 00:28:51,240
and return responses shaped for people,

742
00:28:51,240 --> 00:28:53,440
which forces an agent to track complex context

743
00:28:53,440 --> 00:28:54,840
and pass messy data.

744
00:28:54,840 --> 00:28:57,240
It is a fragile and inefficient way to work.

745
00:28:57,240 --> 00:29:00,040
Ravein handles this differently by generating APIs

746
00:29:00,040 --> 00:29:02,240
that are schema-driven from the ground up.

747
00:29:02,240 --> 00:29:03,440
When you define a data model,

748
00:29:03,440 --> 00:29:05,240
the system automatically creates an API

749
00:29:05,240 --> 00:29:06,840
that reflects that exact schema.

750
00:29:06,840 --> 00:29:07,940
The contract is explicit,

751
00:29:07,940 --> 00:29:09,940
so the agent knows exactly what inputs to send

752
00:29:09,940 --> 00:29:11,740
and what outputs to expect without any guessing

753
00:29:11,740 --> 00:29:13,240
or implicit assumptions.

754
00:29:13,240 --> 00:29:16,440
More importantly, these APIs are stateless by design.

755
00:29:16,440 --> 00:29:17,740
When an agent calls one,

756
00:29:17,740 --> 00:29:19,240
it passes every piece of information

757
00:29:19,240 --> 00:29:21,240
the API needs as part of the input.

758
00:29:21,240 --> 00:29:23,740
The API processes that single request independently

759
00:29:23,740 --> 00:29:25,140
and returns a result,

760
00:29:25,140 --> 00:29:27,840
leaving the agent responsible for remembering the context

761
00:29:27,840 --> 00:29:29,440
and planning the next move.

762
00:29:29,440 --> 00:29:32,240
This stateless design creates a massive advantage.

763
00:29:32,240 --> 00:29:34,940
Agents can call these APIs without worrying about side effects

764
00:29:34,940 --> 00:29:36,140
or complex session logic

765
00:29:36,140 --> 00:29:38,540
because each call is entirely independent.

766
00:29:38,540 --> 00:29:40,240
The API either succeeds or it fails,

767
00:29:40,240 --> 00:29:43,140
but either way, the result is deterministic and predictable.

768
00:29:43,140 --> 00:29:46,240
This architecture is also what allows the system to scale.

769
00:29:46,240 --> 00:29:47,640
Because the tools are independent,

770
00:29:47,640 --> 00:29:50,240
you can run 10 instances of a generated API

771
00:29:50,240 --> 00:29:52,240
and the agent will distribute calls across them

772
00:29:52,240 --> 00:29:55,540
without any need for coordination or session affinity.

773
00:29:55,540 --> 00:29:58,040
Even your security model gets better with this approach.

774
00:29:58,040 --> 00:29:59,840
With old monolithic APIs,

775
00:29:59,840 --> 00:30:01,340
you usually give broad permissions

776
00:30:01,340 --> 00:30:03,940
that let an agent do anything the API allows.

777
00:30:03,940 --> 00:30:04,740
With decouple tools,

778
00:30:04,740 --> 00:30:07,140
you give narrow permissions for specific operations

779
00:30:07,140 --> 00:30:08,840
so the agent can't accidentally use a tool

780
00:30:08,840 --> 00:30:10,740
for something it wasn't designed to do.

781
00:30:10,740 --> 00:30:12,940
This architectural shift is exactly why this model works

782
00:30:12,940 --> 00:30:14,540
for AI-driven applications

783
00:30:14,540 --> 00:30:17,740
where traditional custom APIs usually fail.

784
00:30:17,740 --> 00:30:20,040
Data minimization and security boundaries.

785
00:30:20,040 --> 00:30:21,740
Now we need to talk about what actually happens

786
00:30:21,740 --> 00:30:23,240
to your data in these systems

787
00:30:23,240 --> 00:30:25,540
because the security model breaks down in a specific way

788
00:30:25,540 --> 00:30:28,340
that people don't usually see coming until it's too late.

789
00:30:28,340 --> 00:30:30,140
Custom APIs have a security problem

790
00:30:30,140 --> 00:30:31,540
that's almost structural.

791
00:30:31,540 --> 00:30:32,540
They expose too much data

792
00:30:32,540 --> 00:30:35,240
because access control was never baked into the design.

793
00:30:35,240 --> 00:30:37,540
You build an API, you're focused on making it work,

794
00:30:37,540 --> 00:30:39,140
making it return the right responses,

795
00:30:39,140 --> 00:30:40,140
getting the logic right.

796
00:30:40,140 --> 00:30:42,440
Access control feels like something to add later.

797
00:30:42,440 --> 00:30:44,040
Something the security team will handle.

798
00:30:44,040 --> 00:30:44,540
So what happens?

799
00:30:44,540 --> 00:30:46,840
You build an endpoint that returns customer records.

800
00:30:46,840 --> 00:30:47,840
The endpoint works.

801
00:30:47,840 --> 00:30:50,540
It returns all the fields, all the details.

802
00:30:50,540 --> 00:30:51,540
Then someone asks,

803
00:30:51,540 --> 00:30:53,140
"We need to restrict this endpoint

804
00:30:53,140 --> 00:30:55,240
so that finance can see salary data,

805
00:30:55,240 --> 00:30:57,240
but customer service can't."

806
00:30:57,240 --> 00:30:59,040
Now you need to add conditional logic.

807
00:30:59,040 --> 00:31:00,440
You add permission checks.

808
00:31:00,440 --> 00:31:02,940
You mask certain fields for certain roles,

809
00:31:02,940 --> 00:31:04,740
but you're doing this on top of an API

810
00:31:04,740 --> 00:31:07,140
that was never designed with this constraint in mind.

811
00:31:07,140 --> 00:31:09,040
The masking logic lives in your application code,

812
00:31:09,040 --> 00:31:10,240
not in your data layer.

813
00:31:10,240 --> 00:31:12,640
It's easy to accidentally return unmasked data

814
00:31:12,640 --> 00:31:14,640
if someone changes the code and forgets to update

815
00:31:14,640 --> 00:31:15,540
the conditional logic.

816
00:31:15,540 --> 00:31:17,240
With Rayfin, this is inverted.

817
00:31:17,240 --> 00:31:18,940
Row level and column level security

818
00:31:18,940 --> 00:31:20,640
is enforced at the schema level,

819
00:31:20,640 --> 00:31:22,440
not at the application level.

820
00:31:22,440 --> 00:31:24,040
When you define your data model,

821
00:31:24,040 --> 00:31:25,240
you don't just define fields.

822
00:31:25,240 --> 00:31:27,740
You define who can see them, who can modify them.

823
00:31:27,740 --> 00:31:30,640
Whether they get masked for certain roles or redacted entirely.

824
00:31:30,640 --> 00:31:33,340
This enforcement happens in the platform, not in your code.

825
00:31:33,340 --> 00:31:35,040
You can't accidentally bypass it.

826
00:31:35,040 --> 00:31:36,840
An agent calling a Rayfin API

827
00:31:36,840 --> 00:31:39,040
can't see fields you've declared invisible to it.

828
00:31:39,040 --> 00:31:41,040
The platform enforces this at query time.

829
00:31:41,040 --> 00:31:42,440
Before data is returned,

830
00:31:42,440 --> 00:31:44,040
before it touches application code.

831
00:31:44,040 --> 00:31:45,340
This is security by construction,

832
00:31:45,340 --> 00:31:47,940
not security you hope you've implemented correctly.

833
00:31:47,940 --> 00:31:50,640
The distinction matters especially for agentex systems.

834
00:31:50,640 --> 00:31:51,740
With custom APIs,

835
00:31:51,740 --> 00:31:53,540
you worry constantly about what an agent

836
00:31:53,540 --> 00:31:54,840
might be allowed to access.

837
00:31:54,840 --> 00:31:55,840
You add permission checks.

838
00:31:55,840 --> 00:31:57,140
You add validation.

839
00:31:57,140 --> 00:31:58,540
You review the agent's code

840
00:31:58,540 --> 00:32:01,040
to make sure it doesn't try to access sensitive data.

841
00:32:01,040 --> 00:32:02,540
But agents are code too.

842
00:32:02,540 --> 00:32:03,640
Code evolves.

843
00:32:03,640 --> 00:32:05,640
An agent might start with modest permissions

844
00:32:05,640 --> 00:32:08,240
and gradually accumulate the ability to do more.

845
00:32:08,240 --> 00:32:10,140
A human might not notice the scope creep

846
00:32:10,140 --> 00:32:13,140
until the agent has already accessed more data than it should.

847
00:32:13,140 --> 00:32:14,640
With Rayfin, you don't have that problem.

848
00:32:14,640 --> 00:32:16,040
An agent doesn't have permissions.

849
00:32:16,040 --> 00:32:17,640
The API it calls has permissions.

850
00:32:17,640 --> 00:32:20,040
The agent is just a consumer, like any other.

851
00:32:20,040 --> 00:32:23,440
If the API is designed to mask salary data for certain callers,

852
00:32:23,440 --> 00:32:26,840
that masking happens regardless of whether the caller is a human user

853
00:32:26,840 --> 00:32:28,440
or an AI agent.

854
00:32:28,440 --> 00:32:30,440
The boundary is enforced in the platform,

855
00:32:30,440 --> 00:32:33,140
not dependent on the intelligence or behavior of the caller.

856
00:32:33,140 --> 00:32:33,940
Sensitive data,

857
00:32:33,940 --> 00:32:36,340
PI, PI, PHI, financial records can be masked

858
00:32:36,340 --> 00:32:37,540
or redacted automatically.

859
00:32:37,540 --> 00:32:39,040
You declare a field as sensitive,

860
00:32:39,040 --> 00:32:40,140
the platform knows what to do.

861
00:32:40,140 --> 00:32:42,040
It applies the appropriate protection,

862
00:32:42,040 --> 00:32:43,440
based on who's accessing it.

863
00:32:43,440 --> 00:32:45,140
You don't have to implement this logic separately

864
00:32:45,140 --> 00:32:47,140
in every API that touches that data.

865
00:32:47,140 --> 00:32:50,040
The result is that your backend becomes secure by construction,

866
00:32:50,040 --> 00:32:51,140
not through vigilance,

867
00:32:51,140 --> 00:32:53,740
not through careful code review and permission management,

868
00:32:53,740 --> 00:32:55,240
but because the architecture itself

869
00:32:55,240 --> 00:32:57,040
makes insecurity hard to achieve,

870
00:32:57,040 --> 00:32:59,340
because security is embedded in the data definitions

871
00:32:59,340 --> 00:33:00,540
enforced by the platform,

872
00:33:00,540 --> 00:33:02,340
not delegated to application code.

873
00:33:02,340 --> 00:33:04,740
This matters more than it sounds.

874
00:33:04,740 --> 00:33:06,340
The HorizonDB connection.

875
00:33:06,340 --> 00:33:08,040
AI ready persistence.

876
00:33:08,040 --> 00:33:10,440
We've been talking about Rayfin as the orchestration layer,

877
00:33:10,440 --> 00:33:12,240
the framework that defines your backend,

878
00:33:12,240 --> 00:33:13,840
the control plane, the source of truth

879
00:33:13,840 --> 00:33:15,340
for how your application behaves,

880
00:33:15,340 --> 00:33:18,340
but orchestration without persistence is just thought experiments.

881
00:33:18,340 --> 00:33:20,040
You need somewhere to put the data,

882
00:33:20,040 --> 00:33:22,740
somewhere to keep the state that your backend depends on.

883
00:33:22,740 --> 00:33:24,640
This is where HorizonDB enters the picture.

884
00:33:24,640 --> 00:33:27,040
HorizonDB is Microsoft's AI native database.

885
00:33:27,040 --> 00:33:28,340
It's PostgreSQL compatible,

886
00:33:28,340 --> 00:33:31,040
which means if you know PostgreSQL, it feels familiar,

887
00:33:31,040 --> 00:33:33,140
but it's built from the ground up for modern workloads,

888
00:33:33,140 --> 00:33:34,640
the ones that Rayfin targets,

889
00:33:34,640 --> 00:33:37,540
the ones that need vectors alongside relational data,

890
00:33:37,540 --> 00:33:39,240
the ones that need AI capabilities

891
00:33:39,240 --> 00:33:40,640
baked into the database itself,

892
00:33:40,640 --> 00:33:42,040
not bolted on afterward.

893
00:33:42,040 --> 00:33:43,140
Here's the key distinction.

894
00:33:43,140 --> 00:33:45,540
Rayfin defines the backend orchestration layer.

895
00:33:45,540 --> 00:33:46,940
It's the declarative framework,

896
00:33:46,940 --> 00:33:49,740
the governance, the API surface, the business logic.

897
00:33:49,740 --> 00:33:52,140
HorizonDB is the AI native database layer.

898
00:33:52,140 --> 00:33:53,540
It's where data lives,

899
00:33:53,540 --> 00:33:55,240
where intelligence gets stored,

900
00:33:55,240 --> 00:33:57,240
where embeddings coexist with transactional data

901
00:33:57,240 --> 00:33:58,240
in the same system.

902
00:33:58,240 --> 00:34:02,040
HorizonDB provides something custom APIs rarely have.

903
00:34:02,040 --> 00:34:03,940
Vector search, embeddings,

904
00:34:03,940 --> 00:34:06,040
and AI functions directly in SQL,

905
00:34:06,040 --> 00:34:07,440
not through a separate vector database

906
00:34:07,440 --> 00:34:10,140
that you have to synchronize with your operational database,

907
00:34:10,140 --> 00:34:12,340
not through API calls to external services,

908
00:34:12,340 --> 00:34:14,740
direct in the database in SQL.

909
00:34:14,740 --> 00:34:16,240
This matters concretely.

910
00:34:16,240 --> 00:34:17,840
When you're building a RAC system,

911
00:34:17,840 --> 00:34:19,440
retrieval augmented generation,

912
00:34:19,440 --> 00:34:21,740
you need to store documents and their embeddings,

913
00:34:21,740 --> 00:34:23,740
you need to search by semantic similarity,

914
00:34:23,740 --> 00:34:25,040
you need to re-rank results,

915
00:34:25,040 --> 00:34:28,140
you need all of this to happen quickly in a single query

916
00:34:28,140 --> 00:34:30,840
on data that's also your operational source of truth.

917
00:34:30,840 --> 00:34:33,040
With custom APIs and separate services,

918
00:34:33,040 --> 00:34:35,340
you'd replicate your documents to a vector store,

919
00:34:35,340 --> 00:34:36,540
you'd embed them separately,

920
00:34:36,540 --> 00:34:37,640
you'd query the vector store,

921
00:34:37,640 --> 00:34:39,240
then query your operational database

922
00:34:39,240 --> 00:34:40,340
to get additional context,

923
00:34:40,340 --> 00:34:42,640
you'd stitch the results together in application code.

924
00:34:42,640 --> 00:34:45,440
Each connection, each synchronization point,

925
00:34:45,440 --> 00:34:48,240
each opportunity for data to drift out of sync.

926
00:34:48,240 --> 00:34:49,240
With HorizonDB,

927
00:34:49,240 --> 00:34:51,940
your documents live in the database with their embeddings.

928
00:34:51,940 --> 00:34:54,340
A single query returns both the semantic matches

929
00:34:54,340 --> 00:34:55,940
and all related metadata.

930
00:34:55,940 --> 00:34:57,840
You don't replicate, you don't synchronize,

931
00:34:57,840 --> 00:35:00,440
you don't compose results from multiple sources.

932
00:35:00,440 --> 00:35:01,740
The database handles it.

933
00:35:01,740 --> 00:35:03,440
The AI functions are equally direct.

934
00:35:03,440 --> 00:35:05,540
You can call embedding models, classification models,

935
00:35:05,540 --> 00:35:07,640
re-ranking models directly from SQL,

936
00:35:07,640 --> 00:35:10,040
within a stored procedure as part of a query.

937
00:35:10,040 --> 00:35:12,040
The database executes these functions

938
00:35:12,040 --> 00:35:14,540
and returns results integrated with your data.

939
00:35:14,540 --> 00:35:16,140
It's not fast in the sense of,

940
00:35:16,140 --> 00:35:18,240
we manage to make network calls quick.

941
00:35:18,240 --> 00:35:19,940
It's fast because the computation happens

942
00:35:19,940 --> 00:35:21,140
where the data lives.

943
00:35:21,140 --> 00:35:22,940
Raffin can target HorizonDB

944
00:35:22,940 --> 00:35:24,440
as the operational store for Ragn

945
00:35:24,440 --> 00:35:26,340
and a genetic workload specifically.

946
00:35:26,340 --> 00:35:27,840
When you define your back end in Raffin,

947
00:35:27,840 --> 00:35:29,440
you specify where data lives.

948
00:35:29,440 --> 00:35:31,640
You can say use HorizonDB.

949
00:35:31,640 --> 00:35:32,940
The CLI understands this.

950
00:35:32,940 --> 00:35:34,740
It configures the connectivity.

951
00:35:34,740 --> 00:35:35,940
It sets up the credentials.

952
00:35:35,940 --> 00:35:37,840
It ensures your Raffin defined APIs

953
00:35:37,840 --> 00:35:39,940
connect to HorizonDB automatically.

954
00:35:39,940 --> 00:35:42,440
This combination, Raffin orchestration,

955
00:35:42,440 --> 00:35:44,240
plus HorizonDB persistence,

956
00:35:44,240 --> 00:35:46,340
is the modern stack for AI applications.

957
00:35:46,340 --> 00:35:48,740
Not because each one is individually impressive,

958
00:35:48,740 --> 00:35:51,040
but because together they solve the integration problem

959
00:35:51,040 --> 00:35:53,540
that plagues every custom API architecture.

960
00:35:53,540 --> 00:35:55,240
Vector indexes, hybrid search,

961
00:35:55,240 --> 00:35:56,940
and in database AI functions

962
00:35:56,940 --> 00:35:59,040
reduce integration complexity dramatically.

963
00:35:59,040 --> 00:36:00,940
You're not gluing together five different services.

964
00:36:00,940 --> 00:36:03,340
You're not writing middleware to translate between formats.

965
00:36:03,340 --> 00:36:05,240
You're defining your back end in Raffin,

966
00:36:05,240 --> 00:36:07,740
specifying HorizonDB as your data layer

967
00:36:07,740 --> 00:36:09,740
and letting the platform handle the plumbing.

968
00:36:09,740 --> 00:36:11,040
The two services work together

969
00:36:11,040 --> 00:36:12,940
with clear division of labor.

970
00:36:12,940 --> 00:36:14,340
Raffin handles business logic,

971
00:36:14,340 --> 00:36:17,540
orchestration governance, HorizonDB handles data intelligence,

972
00:36:17,540 --> 00:36:19,740
AI capabilities, persistence.

973
00:36:19,740 --> 00:36:21,440
Each does what it's designed for.

974
00:36:21,440 --> 00:36:22,940
Neither tries to be everything.

975
00:36:22,940 --> 00:36:24,740
And together they eliminate the fragmentation

976
00:36:24,740 --> 00:36:28,040
that made custom API so expensive to maintain.

977
00:36:28,040 --> 00:36:30,340
Understanding how Raffin integrates with HorizonDB

978
00:36:30,340 --> 00:36:32,840
reveals why the old custom API model

979
00:36:32,840 --> 00:36:35,340
was never going to work for artificial intelligence.

980
00:36:35,340 --> 00:36:37,540
Observability and agente governance.

981
00:36:37,540 --> 00:36:38,640
There is a fundamental difference

982
00:36:38,640 --> 00:36:39,940
between knowing what happened

983
00:36:39,940 --> 00:36:41,640
and understanding why it happened.

984
00:36:41,640 --> 00:36:43,740
Custom APIs excel at the first part

985
00:36:43,740 --> 00:36:46,540
because they generate logs, timestamps and error codes.

986
00:36:46,540 --> 00:36:47,540
If something goes wrong,

987
00:36:47,540 --> 00:36:49,540
you can dig through those logs and reconstruct the event

988
00:36:49,540 --> 00:36:51,940
but reconstructing an event is not the same

989
00:36:51,940 --> 00:36:54,940
as understanding the decision making process that led to it.

990
00:36:54,940 --> 00:36:56,740
With Raffin, this distinction matters

991
00:36:56,740 --> 00:36:59,740
because your system is no longer just responding to requests.

992
00:36:59,740 --> 00:37:00,840
It is making decisions.

993
00:37:00,840 --> 00:37:02,240
When an agent calls your back end,

994
00:37:02,240 --> 00:37:04,340
that back end executes a sequence of operations

995
00:37:04,340 --> 00:37:05,640
where every step has context.

996
00:37:05,640 --> 00:37:08,340
You have input states, output states, policy decisions

997
00:37:08,340 --> 00:37:09,140
and side effects.

998
00:37:09,140 --> 00:37:10,840
You need visibility into all of that

999
00:37:10,840 --> 00:37:13,640
rather than just knowing if the operation succeeded or failed.

1000
00:37:13,840 --> 00:37:17,440
Raffin generates structured traces instead of standard text logs.

1001
00:37:17,440 --> 00:37:18,940
The difference is architectural.

1002
00:37:18,940 --> 00:37:21,540
A log is just a record of a timestamp and a message

1003
00:37:21,540 --> 00:37:24,840
but a trace is a complete record of a decision and its consequences.

1004
00:37:24,840 --> 00:37:26,840
You can see what input triggered the decision

1005
00:37:26,840 --> 00:37:28,640
which policy rules were evaluated

1006
00:37:28,640 --> 00:37:31,340
and exactly why certain rules were matched or rejected.

1007
00:37:31,340 --> 00:37:32,940
Every back end operation is recorded

1008
00:37:32,940 --> 00:37:34,640
with this level of granularity.

1009
00:37:34,640 --> 00:37:36,040
When an agent calls an API,

1010
00:37:36,040 --> 00:37:37,540
the platform traces the input,

1011
00:37:37,540 --> 00:37:38,740
the permission evaluation,

1012
00:37:38,740 --> 00:37:41,240
the data fetched and the transformations applied.

1013
00:37:41,240 --> 00:37:43,040
This information isn't buried in text logs

1014
00:37:43,040 --> 00:37:44,440
you have to pass manually.

1015
00:37:44,440 --> 00:37:46,740
It exists as structured data that is queryable,

1016
00:37:46,740 --> 00:37:50,040
analyzable and standardized across your entire environment.

1017
00:37:50,040 --> 00:37:52,140
This level of observability is essential

1018
00:37:52,140 --> 00:37:54,540
when agents are making autonomous decisions.

1019
00:37:54,540 --> 00:37:55,840
In a human driven system,

1020
00:37:55,840 --> 00:37:57,740
you can ask a person why they did something

1021
00:37:57,740 --> 00:37:59,240
and they can justify their actions.

1022
00:37:59,240 --> 00:38:00,740
Agents cannot explain themselves.

1023
00:38:00,740 --> 00:38:02,440
You need the system to explain them

1024
00:38:02,440 --> 00:38:04,240
by reconstructing the decision through the trace.

1025
00:38:04,240 --> 00:38:06,440
You have to see the context the agent was working with

1026
00:38:06,440 --> 00:38:07,940
and the constraints it hit

1027
00:38:07,940 --> 00:38:09,740
to understand the choices it made.

1028
00:38:09,740 --> 00:38:11,040
You can audit what an agent did,

1029
00:38:11,040 --> 00:38:12,940
why it did it and what data it accessed.

1030
00:38:12,940 --> 00:38:14,840
This becomes critical for compliance.

1031
00:38:14,840 --> 00:38:16,640
If a regulator asks you to prove an agent

1032
00:38:16,640 --> 00:38:19,540
never accessed customer data without authorization,

1033
00:38:19,540 --> 00:38:22,240
you cannot answer that by inspecting the agent's code.

1034
00:38:22,240 --> 00:38:24,440
You answer it by running a query against the traces

1035
00:38:24,440 --> 00:38:26,640
to show exactly which APIs were called

1036
00:38:26,640 --> 00:38:29,640
and which access control policies were enforced.

1037
00:38:29,640 --> 00:38:31,040
The audit trail is complete,

1038
00:38:31,040 --> 00:38:32,640
verifiable and tamper evident

1039
00:38:32,640 --> 00:38:34,740
because the platform generates it automatically.

1040
00:38:34,740 --> 00:38:38,040
Behavioral baselining is the next layer of this strategy.

1041
00:38:38,040 --> 00:38:39,940
Over time, you establish normal patterns

1042
00:38:39,940 --> 00:38:41,440
for how your agents behave.

1043
00:38:41,440 --> 00:38:43,040
A particular agent might typically call

1044
00:38:43,040 --> 00:38:44,740
three specific APIs in sequence

1045
00:38:44,740 --> 00:38:47,140
or access customer data 50 times per day.

1046
00:38:47,140 --> 00:38:48,540
These numbers become your baseline

1047
00:38:48,540 --> 00:38:50,240
and they allow the system to recognize

1048
00:38:50,240 --> 00:38:51,340
when something is wrong.

1049
00:38:51,340 --> 00:38:52,940
When an agent deviates from the norm,

1050
00:38:52,940 --> 00:38:54,440
you notice it immediately.

1051
00:38:54,440 --> 00:38:57,240
If an agent suddenly starts calling 10 APIs instead of three

1052
00:38:57,240 --> 00:38:59,140
or accesses data, it doesn't normally touch.

1053
00:38:59,140 --> 00:39:00,640
The system flags the behavior.

1054
00:39:00,640 --> 00:39:02,640
It doesn't necessarily shut the agent down

1055
00:39:02,640 --> 00:39:05,440
but it alerts operations or triggers an escalation to a human.

1056
00:39:05,440 --> 00:39:07,840
You could even apply guardrails to throttle the agent

1057
00:39:07,840 --> 00:39:10,040
or require approval before it continues.

1058
00:39:10,040 --> 00:39:12,140
The platform becomes auditable by default.

1059
00:39:12,140 --> 00:39:14,040
It isn't auditable because of manual effort

1060
00:39:14,040 --> 00:39:16,740
or because your team added logging to every line of code.

1061
00:39:16,740 --> 00:39:18,740
It is auditable because the architecture itself

1062
00:39:18,740 --> 00:39:20,240
produces audit ready data.

1063
00:39:20,240 --> 00:39:23,340
Every operation traces, every policy decision is recorded

1064
00:39:23,340 --> 00:39:25,740
and every data access is documented.

1065
00:39:25,740 --> 00:39:27,340
The system isn't trying to be auditable.

1066
00:39:27,340 --> 00:39:29,440
It's simply impossible for it to be opaque.

1067
00:39:29,440 --> 00:39:30,540
This matters for two reasons.

1068
00:39:30,540 --> 00:39:32,640
First, it acts as a control mechanism

1069
00:39:32,640 --> 00:39:35,540
that lets you prevent problems before they cascade.

1070
00:39:35,540 --> 00:39:37,240
Second, it provides the evidence you need

1071
00:39:37,240 --> 00:39:38,340
when something goes wrong.

1072
00:39:38,340 --> 00:39:41,040
You have complete records to show regulators, customers

1073
00:39:41,040 --> 00:39:43,840
and your own compliance team exactly what happened and why.

1074
00:39:43,840 --> 00:39:46,840
Observability is not an optional feature for agent systems.

1075
00:39:46,840 --> 00:39:48,040
It is a requirement.

1076
00:39:48,040 --> 00:39:50,540
While custom APIs require you to implement observability

1077
00:39:50,540 --> 00:39:54,440
painstakingly, Reifen treats it as a foundational part of the build.

1078
00:39:54,440 --> 00:39:56,040
The governance board decision.

1079
00:39:56,040 --> 00:39:57,740
Organizational implications.

1080
00:39:57,740 --> 00:39:59,940
This is where the conversation stops being about technology

1081
00:39:59,940 --> 00:40:02,440
and starts being about organizational structure.

1082
00:40:02,440 --> 00:40:04,440
Adopting Reifen is not just a technical choice.

1083
00:40:04,440 --> 00:40:06,040
It is an organizational one.

1084
00:40:06,040 --> 00:40:07,540
The moment you acknowledge that shift,

1085
00:40:07,540 --> 00:40:09,640
the way you manage your team's changes.

1086
00:40:09,640 --> 00:40:13,540
When you deploy custom APIs, each team usually decides things independently.

1087
00:40:13,540 --> 00:40:16,140
Engineering might decide their API lives on an app service,

1088
00:40:16,140 --> 00:40:19,840
while the database team picks Cosmos DB and security bolts on authentication.

1089
00:40:19,840 --> 00:40:22,840
Every team owns their own piece in a decentralized model.

1090
00:40:22,840 --> 00:40:27,740
That is exactly how you end up with hundreds of ungoverned back-ends scattered across your infrastructure.

1091
00:40:27,740 --> 00:40:28,840
Reifen inverts this model.

1092
00:40:28,840 --> 00:40:30,840
Adopting this platform means you are standardizing

1093
00:40:30,840 --> 00:40:33,340
how back-ends get built across the entire organization.

1094
00:40:33,340 --> 00:40:35,440
Not every workload will fit this model,

1095
00:40:35,440 --> 00:40:39,140
but the ones that do will follow one pattern and one governance framework.

1096
00:40:39,140 --> 00:40:41,540
That decision cannot be made by individual teams

1097
00:40:41,540 --> 00:40:44,040
because it requires organizational consensus.

1098
00:40:44,040 --> 00:40:46,340
This is where the governance board enters the picture.

1099
00:40:46,340 --> 00:40:50,240
This is not a compliance committee that reviews things after they are already built.

1100
00:40:50,240 --> 00:40:52,040
Instead, it is a decision-making body

1101
00:40:52,040 --> 00:40:55,240
that defines standards before a single line of code is written.

1102
00:40:55,240 --> 00:40:58,040
The board asks which workloads should use Reifen,

1103
00:40:58,040 --> 00:41:00,740
which are exceptions, and what guardrails need to be applied.

1104
00:41:00,740 --> 00:41:04,840
The board makes these decisions because they have massive organizational consequences.

1105
00:41:04,840 --> 00:41:07,240
If you decide all new back-ends must use Reifen,

1106
00:41:07,240 --> 00:41:10,240
you are betting that this model aligns with your long-term needs.

1107
00:41:10,240 --> 00:41:12,440
If you decide only AI-driven back-ends use it,

1108
00:41:12,440 --> 00:41:14,640
you are accepting the cost of maintaining multiple models.

1109
00:41:14,640 --> 00:41:16,240
If you stay entirely custom,

1110
00:41:16,240 --> 00:41:19,240
you are accepting the ongoing price of fragmentation.

1111
00:41:19,240 --> 00:41:21,840
None of these answers is objectively right or wrong.

1112
00:41:21,840 --> 00:41:24,040
The right choice depends on your risk tolerance,

1113
00:41:24,040 --> 00:41:26,640
your technical maturity, and your timeline.

1114
00:41:26,640 --> 00:41:29,640
However, these choices must be made deliberately and together.

1115
00:41:29,640 --> 00:41:33,240
You cannot leave these decisions to each individual team to figure out on their own.

1116
00:41:33,240 --> 00:41:35,040
Initially, this creates friction.

1117
00:41:35,040 --> 00:41:38,040
Teams that want to build custom solutions often resist standardization

1118
00:41:38,040 --> 00:41:40,040
because they feel their use case is special.

1119
00:41:40,040 --> 00:41:44,240
They argue they need more flexibility or that they cannot work within the constraints of the platform.

1120
00:41:44,240 --> 00:41:46,440
Some of these arguments are legitimate, but many are not,

1121
00:41:46,440 --> 00:41:49,240
and the governance boards' job is to distinguish between them.

1122
00:41:49,240 --> 00:41:52,640
Over time, that friction decreases as clear roles begin to emerge.

1123
00:41:52,640 --> 00:41:57,240
The platform team owns the Reifen infrastructure, the SDK, and the deployment pipeline.

1124
00:41:57,240 --> 00:42:00,440
Domain teams own their back-end definitions and their code.

1125
00:42:00,440 --> 00:42:03,640
They still make decisions about data models and access policies,

1126
00:42:03,640 --> 00:42:05,640
but they work within a standard model.

1127
00:42:05,640 --> 00:42:09,240
They no longer have to reinvent the infrastructure for every new project.

1128
00:42:09,240 --> 00:42:12,440
This division of labor scales in a way that custom APIs never can.

1129
00:42:12,440 --> 00:42:16,040
With custom APIs, every team has to understand a databases,

1130
00:42:16,040 --> 00:42:18,440
authentication, networking, and security.

1131
00:42:18,440 --> 00:42:22,040
That is an expensive way to work, and it is usually why security gaps appear.

1132
00:42:22,040 --> 00:42:24,440
With Reifen, the platform team handles the heavy lifting,

1133
00:42:24,440 --> 00:42:26,640
so domain teams can focus on business logic.

1134
00:42:26,640 --> 00:42:29,840
The model scales because governance is standardized rather than repeated.

1135
00:42:29,840 --> 00:42:33,840
You don't have to explain data classification rules five times to five different teams.

1136
00:42:33,840 --> 00:42:35,040
You define them once.

1137
00:42:35,040 --> 00:42:38,640
You don't implement access controls separately for every single API.

1138
00:42:38,640 --> 00:42:40,640
You define those policies once in Reifen,

1139
00:42:40,640 --> 00:42:43,440
and the platform enforces them consistently across the board.

1140
00:42:43,440 --> 00:42:46,640
The governance board decision creates real accountability.

1141
00:42:46,640 --> 00:42:49,040
Someone has to decide which back-ends use the platform,

1142
00:42:49,040 --> 00:42:51,640
and someone has to own the criteria for exceptions.

1143
00:42:51,640 --> 00:42:54,440
When things go wrong, the board is there to answer for it.

1144
00:42:54,440 --> 00:42:56,240
This means the decision gets made carefully

1145
00:42:56,240 --> 00:42:59,640
because the organization is collectively betting on the model to work.

1146
00:42:59,640 --> 00:43:01,440
The technical change is the easy part.

1147
00:43:01,440 --> 00:43:03,440
The organizational change is the hard part,

1148
00:43:03,440 --> 00:43:05,640
but if you want to move toward an agentic future,

1149
00:43:05,640 --> 00:43:07,640
both are absolutely necessary.

1150
00:43:07,640 --> 00:43:09,640
Cost and capacity management.

1151
00:43:09,640 --> 00:43:13,240
Now, we are going to talk about something that usually matters more to CFOs than architects,

1152
00:43:13,240 --> 00:43:19,240
but you need to understand it because it determines whether your strategy actually gets funded or dies during a budget review.

1153
00:43:19,240 --> 00:43:20,240
It comes down to money.

1154
00:43:20,240 --> 00:43:22,440
Specifically, where is that money actually going?

1155
00:43:22,440 --> 00:43:27,240
When you build custom APIs, your costs are hidden and scattered across the entire organization.

1156
00:43:27,240 --> 00:43:29,840
One team might have a database in subscription A,

1157
00:43:29,840 --> 00:43:32,040
while another team runs functions in subscription B,

1158
00:43:32,040 --> 00:43:35,440
and someone else has a storage account in subscription C that was set up years ago,

1159
00:43:35,440 --> 00:43:37,640
and nobody even remembers who owns it.

1160
00:43:37,640 --> 00:43:41,040
You end up with API gateways in one place and load balances in another,

1161
00:43:41,040 --> 00:43:45,040
and because monitoring tools are often purchased separately for different use cases,

1162
00:43:45,040 --> 00:43:46,840
you can never see the full picture.

1163
00:43:46,840 --> 00:43:49,640
The costs are distributed across so many different line items

1164
00:43:49,640 --> 00:43:51,840
that adding them up becomes impossible.

1165
00:43:51,840 --> 00:43:54,240
If you are a team trying to hide how much you spend,

1166
00:43:54,240 --> 00:43:59,640
this is a great feature, but it is a total disaster if you are trying to make smart decisions about where to invest.

1167
00:43:59,640 --> 00:44:04,040
Rayfin changes this by consolidating your back and infrastructure into fabric capacities.

1168
00:44:04,040 --> 00:44:06,240
This shift makes your costs visible immediately,

1169
00:44:06,240 --> 00:44:08,040
allowing you to point to a single number,

1170
00:44:08,040 --> 00:44:10,840
and show exactly what these workloads cost every month.

1171
00:44:10,840 --> 00:44:14,840
There is no mystery and no hidden line items buried deep inside cloud subscriptions.

1172
00:44:14,840 --> 00:44:18,440
You get one capacity, one bill, and one number that you can actually reason about.

1173
00:44:18,440 --> 00:44:22,240
This level of transparency forces conversations that simply never happened before.

1174
00:44:22,240 --> 00:44:25,640
You can finally ask if a specific back end is worth its cost,

1175
00:44:25,640 --> 00:44:29,040
or how much you are paying to keep a service alive that only three people are using.

1176
00:44:29,040 --> 00:44:31,040
These are business questions rather than technical ones,

1177
00:44:31,040 --> 00:44:33,440
but you can only ask them if you have the data.

1178
00:44:33,440 --> 00:44:37,440
You can also start applying chargeback models to hold teams accountable for what they use.

1179
00:44:37,440 --> 00:44:39,040
This does not have to be adversarial,

1180
00:44:39,040 --> 00:44:42,040
but it is functional, meaning if the finance department wants a back end,

1181
00:44:42,040 --> 00:44:44,640
they get one, and the cost comes directly out of their budget.

1182
00:44:44,640 --> 00:44:47,240
When teams see the actual cost of their infrastructure,

1183
00:44:47,240 --> 00:44:50,040
they start to think differently about what they really need.

1184
00:44:50,040 --> 00:44:53,040
They become much less likely to request back ends they won't use,

1185
00:44:53,040 --> 00:44:55,840
and they are more likely to shut down the ones they don't need anymore.

1186
00:44:55,840 --> 00:44:57,840
What you get out of this is rationalization.

1187
00:44:57,840 --> 00:45:01,240
Without cost visibility, you naturally accumulate zombie back ends,

1188
00:45:01,240 --> 00:45:03,240
which are systems that nobody is actively using,

1189
00:45:03,240 --> 00:45:06,440
but nobody has decommissioned because the process is too painful.

1190
00:45:06,440 --> 00:45:09,640
These systems sit there consuming capacity and accumulating technical debt

1191
00:45:09,640 --> 00:45:13,440
while occasionally breaking and requiring your team to go into firefighting mode.

1192
00:45:13,440 --> 00:45:15,240
Because Reifen makes the cost obvious,

1193
00:45:15,240 --> 00:45:18,040
you can finally ask why you are paying for these systems,

1194
00:45:18,040 --> 00:45:20,840
and then shut them down when the answer is that you shouldn't be.

1195
00:45:20,840 --> 00:45:24,640
The reduction in operational overhead is just as important for your bottom line.

1196
00:45:24,640 --> 00:45:28,840
Custom APIs require expensive people like database administrators to tune performance

1197
00:45:28,840 --> 00:45:32,240
and engineers to patch security vulnerabilities.

1198
00:45:32,240 --> 00:45:34,840
Fabric uses a managed model that eliminates most of this work

1199
00:45:34,840 --> 00:45:36,840
because Microsoft maintains the platform

1200
00:45:36,840 --> 00:45:39,240
while you only maintain your back end definitions.

1201
00:45:39,240 --> 00:45:41,640
The result is a much lower total cost of ownership

1202
00:45:41,640 --> 00:45:44,840
even if your per request costs look a bit higher at first glance.

1203
00:45:44,840 --> 00:45:50,040
You are paying for the convenience of not having to manage infrastructure or hire a massive team to keep the lights on.

1204
00:45:50,040 --> 00:45:52,440
The math works when you account for the incidents,

1205
00:45:52,440 --> 00:45:56,840
you don't have to fight, and the fact that zombie back ends are no longer draining your budget.

1206
00:45:56,840 --> 00:45:59,240
The self-service trap, what can go wrong?

1207
00:45:59,240 --> 00:46:03,440
There is a specific risk that nobody likes to talk about at the start of a modernization program.

1208
00:46:03,440 --> 00:46:06,240
Reifen is powerful, and sometimes it is actually too powerful.

1209
00:46:06,240 --> 00:46:08,840
If you give developers the ability to define back ends

1210
00:46:08,840 --> 00:46:10,440
this quickly without the right guardrails,

1211
00:46:10,440 --> 00:46:12,040
you might not solve your original problem,

1212
00:46:12,040 --> 00:46:14,840
and you might actually end up accelerating it.

1213
00:46:14,840 --> 00:46:18,440
Think about what happens the moment you roll this out to your engineering organization.

1214
00:46:18,440 --> 00:46:21,240
You tell everyone they can now deploy back ends independently

1215
00:46:21,240 --> 00:46:24,840
without waiting for infrastructure teams or dealing with months long deployment cycles.

1216
00:46:24,840 --> 00:46:27,840
You tell them to just write a definition in code and run the CLI

1217
00:46:27,840 --> 00:46:29,840
and their back end will be live in minutes.

1218
00:46:29,840 --> 00:46:31,840
This feels like total liberation to an engineer

1219
00:46:31,840 --> 00:46:33,840
and for about three months, everything is great.

1220
00:46:33,840 --> 00:46:36,840
But then you wake up and realize you have 30 different Reifen back ends

1221
00:46:36,840 --> 00:46:39,040
running and every single one of them has different standards.

1222
00:46:39,040 --> 00:46:41,440
One team might decide to store passwords in plain text

1223
00:46:41,440 --> 00:46:42,840
because they were moving too fast,

1224
00:46:42,840 --> 00:46:46,240
while another team uses an unapproved data source that hasn't been vetted.

1225
00:46:46,240 --> 00:46:49,240
A third team might set their data retention to never delete

1226
00:46:49,240 --> 00:46:51,840
because they are afraid of losing something important.

1227
00:46:51,840 --> 00:46:53,240
You haven't actually fixed this brawl,

1228
00:46:53,240 --> 00:46:56,240
you just traded custom API sprawl for Reifen sprawl.

1229
00:46:56,240 --> 00:46:58,640
This happens because Reifen is a self-service tool

1230
00:46:58,640 --> 00:47:02,040
that allows teams to make big decisions without any oversight.

1231
00:47:02,040 --> 00:47:04,640
The platform is designed to enforce your governance,

1232
00:47:04,640 --> 00:47:07,840
but it only does that if you actually define what the rules are.

1233
00:47:07,840 --> 00:47:10,640
If you leave it blank, the platform won't invent those rules for you,

1234
00:47:10,640 --> 00:47:13,240
and it will happily deploy whatever your teams ask it to.

1235
00:47:13,240 --> 00:47:16,240
The solution here isn't to take the tool away or restrict access

1236
00:47:16,240 --> 00:47:18,440
but to make the right way the easiest way to work.

1237
00:47:18,440 --> 00:47:20,840
You do this by creating templated Reifen projects

1238
00:47:20,840 --> 00:47:23,240
that aren't just optional suggestions or examples.

1239
00:47:23,240 --> 00:47:25,840
These are the actual starting points that every team must use.

1240
00:47:25,840 --> 00:47:28,440
A good template defines how to structure data,

1241
00:47:28,440 --> 00:47:30,040
how to handle authentication,

1242
00:47:30,040 --> 00:47:32,040
and exactly where the data is allowed to live.

1243
00:47:32,040 --> 00:47:34,840
It sets the rules for retention and compliance checks

1244
00:47:34,840 --> 00:47:37,440
so the teams don't have to guess what the standard is.

1245
00:47:37,440 --> 00:47:38,240
Beyond those templates,

1246
00:47:38,240 --> 00:47:41,640
you need a governance library that acts as a catalog of approved components.

1247
00:47:41,640 --> 00:47:44,840
You can use this library to specify which databases are allowed

1248
00:47:44,840 --> 00:47:46,040
and which ones are forbidden.

1249
00:47:46,040 --> 00:47:49,440
You can define exactly how the organization handles O/Oth

1250
00:47:49,440 --> 00:47:51,440
or service-to-service authentication

1251
00:47:51,440 --> 00:47:53,240
so that nobody is making it up as they go.

1252
00:47:53,240 --> 00:47:55,440
This library does more than just document the rules.

1253
00:47:55,440 --> 00:47:57,440
It actually enforces them.

1254
00:47:57,440 --> 00:47:59,440
When a team writes a backend definition,

1255
00:47:59,440 --> 00:48:01,840
they are constrained by the choices available in that library.

1256
00:48:01,840 --> 00:48:03,240
They don't have unlimited freedom,

1257
00:48:03,240 --> 00:48:05,840
but they do have structured choices that keep them safe.

1258
00:48:05,840 --> 00:48:09,440
The platform will literally prevent them from connecting to an unapproved data source

1259
00:48:09,440 --> 00:48:12,640
or deploying a service with an undefined retention policy.

1260
00:48:12,640 --> 00:48:14,840
This enforcement happens at the moment of deployment,

1261
00:48:14,840 --> 00:48:16,640
rather than months later during an audit.

1262
00:48:16,640 --> 00:48:19,040
If a backend definition violates your governance rules,

1263
00:48:19,040 --> 00:48:21,440
the CLI validation will fail immediately.

1264
00:48:21,440 --> 00:48:23,040
The team finds out right then and there

1265
00:48:23,040 --> 00:48:25,640
and they have to fix the issue before they are allowed to go live.

1266
00:48:25,640 --> 00:48:27,440
This means there is no gray area

1267
00:48:27,440 --> 00:48:30,840
and no, we will fix it later excuses that lead to security debt.

1268
00:48:30,840 --> 00:48:34,040
There is a real trade-off here because you are going to lose some flexibility.

1269
00:48:34,040 --> 00:48:36,440
Teams cannot do exactly what they want whenever they want

1270
00:48:36,440 --> 00:48:38,840
and they have to work within specific constraints.

1271
00:48:38,840 --> 00:48:41,240
However, those constraints are transparent and documented

1272
00:48:41,240 --> 00:48:43,240
for reasons that actually make sense for the business.

1273
00:48:43,240 --> 00:48:46,440
Most teams will accept these restrictions when they see the alternative

1274
00:48:46,440 --> 00:48:49,640
which is a governance nightmare where everyone is doing their own thing.

1275
00:48:49,640 --> 00:48:52,040
Rayfin only solves your custom API problems

1276
00:48:52,040 --> 00:48:53,840
if you take the time to govern it correctly.

1277
00:48:53,840 --> 00:48:56,840
If you don't, you haven't actually solved the problem.

1278
00:48:56,840 --> 00:48:58,840
You have just shifted it to a new tool.

1279
00:48:58,840 --> 00:49:01,840
Migration strategy, the practical path.

1280
00:49:01,840 --> 00:49:05,640
The question that kills most modernization programs is deceptively simple.

1281
00:49:05,640 --> 00:49:06,640
When do we start?

1282
00:49:06,640 --> 00:49:08,040
The trap is equally simple.

1283
00:49:08,040 --> 00:49:09,640
You think the answer is next quarter

1284
00:49:09,640 --> 00:49:12,640
or perhaps you tell yourself it has to wait until the current project wraps up.

1285
00:49:12,640 --> 00:49:14,640
But in reality, the only real answer is now

1286
00:49:14,640 --> 00:49:16,640
you start with a pilot, you set a defined scope,

1287
00:49:16,640 --> 00:49:18,040
you secure clear sponsorship.

1288
00:49:18,040 --> 00:49:21,240
If you wait for perfect conditions, you will be waiting forever.

1289
00:49:21,240 --> 00:49:23,240
Start by choosing a pilot domain.

1290
00:49:23,240 --> 00:49:25,040
Do not pick your most critical system

1291
00:49:25,040 --> 00:49:27,840
or something the entire organization depends on to function.

1292
00:49:27,840 --> 00:49:31,240
Instead, find one business area with a stakeholder who is ready to back you.

1293
00:49:31,240 --> 00:49:34,640
You need something valuable enough that people actually care if it succeeds.

1294
00:49:34,640 --> 00:49:38,040
But it must be constrained enough that a failure isn't a catastrophe.

1295
00:49:38,040 --> 00:49:41,840
Finance, marketing, or HR operations are usually great candidates.

1296
00:49:41,840 --> 00:49:44,440
Pick a spot where you can show a win in six months

1297
00:49:44,440 --> 00:49:47,240
because that is how you build the momentum you need to keep going.

1298
00:49:47,240 --> 00:49:48,640
Once you have that pilot domain,

1299
00:49:48,640 --> 00:49:51,440
you need to map out your existing custom APIs.

1300
00:49:51,440 --> 00:49:54,240
Don't try to do this at scale across your entire portfolio yet.

1301
00:49:54,240 --> 00:49:56,840
Just focus on the ones serving that specific domain.

1302
00:49:56,840 --> 00:49:59,240
Document what they do, identify who is calling them.

1303
00:49:59,240 --> 00:50:01,640
Track exactly what data flows through them.

1304
00:50:01,640 --> 00:50:03,440
You need to know which ones are ready to be retired

1305
00:50:03,440 --> 00:50:04,840
and which ones are still working.

1306
00:50:04,840 --> 00:50:06,040
This is the inventory step.

1307
00:50:06,040 --> 00:50:07,640
It is boring. It is tedious.

1308
00:50:07,640 --> 00:50:09,240
But it is absolutely necessary.

1309
00:50:09,240 --> 00:50:12,440
You cannot strategically migrate a landscape that you do not understand.

1310
00:50:12,440 --> 00:50:14,640
The actual migration happens behind a facade.

1311
00:50:14,640 --> 00:50:16,640
You don't just cut over and hope for the best.

1312
00:50:16,640 --> 00:50:19,040
You don't declare all your old APIs retired on a Friday

1313
00:50:19,040 --> 00:50:20,840
and pray nothing breaks over the weekend.

1314
00:50:20,840 --> 00:50:23,040
Instead, you run both systems in parallel.

1315
00:50:23,040 --> 00:50:26,240
Your API gateway acts as the facade that roots the traffic.

1316
00:50:26,240 --> 00:50:28,840
In the beginning, everything goes to the old system

1317
00:50:28,840 --> 00:50:32,440
and then you gradually shift that traffic over to the new Raven back end.

1318
00:50:32,440 --> 00:50:34,840
The anti-corruption layer lives right behind that facade.

1319
00:50:34,840 --> 00:50:37,440
Its job is to translate between the old API contracts

1320
00:50:37,440 --> 00:50:38,840
and your new Raven services.

1321
00:50:38,840 --> 00:50:41,040
Your consumers won't even know anything has changed.

1322
00:50:41,040 --> 00:50:44,440
They call the facade using the same old contract they've always used.

1323
00:50:44,440 --> 00:50:47,440
The layer translates the request, calls the Raven back end

1324
00:50:47,440 --> 00:50:50,440
and then translates the response back before sending it to the consumer.

1325
00:50:50,440 --> 00:50:51,840
It is completely transparent.

1326
00:50:51,840 --> 00:50:54,440
The consumer sees zero disruption to their workflow.

1327
00:50:54,440 --> 00:50:56,240
When it comes to moving consumers over,

1328
00:50:56,240 --> 00:50:59,040
you do it gradually. Start with read only operations.

1329
00:50:59,040 --> 00:51:02,240
These are much lower risk because if something breaks,

1330
00:51:02,240 --> 00:51:04,040
you haven't actually lost any data.

1331
00:51:04,040 --> 00:51:06,240
You might have just returned some stale information

1332
00:51:06,240 --> 00:51:08,440
and consumers are generally more forgiving of that.

1333
00:51:08,440 --> 00:51:10,240
This phase lets you learn the failure modes

1334
00:51:10,240 --> 00:51:12,240
so you can understand what breaks and why.

1335
00:51:12,240 --> 00:51:14,640
Once you're comfortable, you move to right operations,

1336
00:51:14,640 --> 00:51:16,240
then you move to the critical workflows.

1337
00:51:16,240 --> 00:51:19,240
With every step, you are validating that the new back end works

1338
00:51:19,240 --> 00:51:22,440
and with every step, you are building organizational confidence.

1339
00:51:22,440 --> 00:51:24,840
As each custom API loses its consumers,

1340
00:51:24,840 --> 00:51:26,640
it becomes a candidate for retirement.

1341
00:51:26,640 --> 00:51:29,040
This isn't some dramatic flag planting moment.

1342
00:51:29,040 --> 00:51:30,640
It is purely administrative.

1343
00:51:30,640 --> 00:51:34,640
When you notice an API has zero active consumers,

1344
00:51:34,640 --> 00:51:36,640
you simply file a retirement request.

1345
00:51:36,640 --> 00:51:40,440
You give the relevant teams 90 days of notice and then you shut it down.

1346
00:51:40,440 --> 00:51:42,840
That is one less system you have to maintain.

1347
00:51:42,840 --> 00:51:45,040
That is one less source of potential incidents.

1348
00:51:45,040 --> 00:51:48,440
That is one less piece of technical debt accumulating in your environment.

1349
00:51:48,440 --> 00:51:51,840
But what happens to the teams that used to maintain those APIs?

1350
00:51:51,840 --> 00:51:53,640
This is a critical organizational question.

1351
00:51:53,640 --> 00:51:56,440
You cannot simply lay people off because you retire their system.

1352
00:51:56,440 --> 00:51:57,440
You redirect them.

1353
00:51:57,440 --> 00:52:00,040
Some of them will migrate to the Raffin platform team

1354
00:52:00,040 --> 00:52:02,240
to help maintain templates and enforce governance.

1355
00:52:02,240 --> 00:52:03,840
Others will move into domain teams

1356
00:52:03,840 --> 00:52:07,240
where they can finally focus on business logic instead of fighting with infrastructure.

1357
00:52:07,240 --> 00:52:09,440
Some might transition to entirely different products.

1358
00:52:09,440 --> 00:52:10,840
The point is that they stay.

1359
00:52:10,840 --> 00:52:13,240
They don't become obstacles to your modernization

1360
00:52:13,240 --> 00:52:15,840
because they understand they are moving towards something better.

1361
00:52:15,840 --> 00:52:18,240
The pilot domain serves as your proof of concept.

1362
00:52:18,240 --> 00:52:21,040
You migrate one system and show the world that it actually works.

1363
00:52:21,040 --> 00:52:22,840
You show that costs went down.

1364
00:52:22,840 --> 00:52:24,440
You show that incidents decreased.

1365
00:52:24,440 --> 00:52:26,640
You show that the team is more productive than ever.

1366
00:52:26,640 --> 00:52:28,040
That success is your leverage.

1367
00:52:28,040 --> 00:52:29,640
When other domains see those results,

1368
00:52:29,640 --> 00:52:31,440
they will start asking to participate.

1369
00:52:31,440 --> 00:52:33,640
The program grows through demonstrated value,

1370
00:52:33,640 --> 00:52:35,440
rather than a top-down mandate.

1371
00:52:35,440 --> 00:52:38,440
Every new domain that joins follows this exact same pattern.

1372
00:52:38,440 --> 00:52:40,840
Pilot first, map the APIs, run in parallel,

1373
00:52:40,840 --> 00:52:43,240
gradual migration, retirement and reallocation.

1374
00:52:43,240 --> 00:52:45,640
This isn't a one-time event that you finish and forget.

1375
00:52:45,640 --> 00:52:47,040
It is a continuous process.

1376
00:52:47,040 --> 00:52:48,640
You are always working on a domain,

1377
00:52:48,640 --> 00:52:52,240
always retiring old APIs and always reallocating your teams.

1378
00:52:52,240 --> 00:52:54,440
This becomes your new normal operating rhythm.

1379
00:52:54,440 --> 00:52:56,440
Migration isn't a revolution.

1380
00:52:56,440 --> 00:52:57,840
It is an evolution.

1381
00:52:57,840 --> 00:53:01,040
You don't blow up the old system and try to rebuild it from scratch.

1382
00:53:01,040 --> 00:53:04,040
Instead, you slowly strangle the old way of doing things.

1383
00:53:04,040 --> 00:53:07,640
You prove the new system works and then you retire the old one piece by piece.

1384
00:53:07,640 --> 00:53:09,040
By the time you are finished,

1385
00:53:09,040 --> 00:53:13,240
you have successfully replaced a massive liability with a solid structure.

1386
00:53:13,240 --> 00:53:16,240
The fabric governance foundation, what you inherit.

1387
00:53:16,240 --> 00:53:18,640
There is a moment in every modernization project

1388
00:53:18,640 --> 00:53:21,240
where someone realizes they have been solving the wrong problem.

1389
00:53:21,240 --> 00:53:24,040
You have been thinking about governance as something you have to build.

1390
00:53:24,040 --> 00:53:25,440
Something you have to design.

1391
00:53:25,440 --> 00:53:27,840
Something you have to implement on top of your infrastructure.

1392
00:53:27,840 --> 00:53:29,440
You build your own access controls.

1393
00:53:29,440 --> 00:53:30,640
You build your own audit logs.

1394
00:53:30,640 --> 00:53:32,240
You build your own compliance frameworks.

1395
00:53:32,240 --> 00:53:33,840
Then you bolt them onto your systems.

1396
00:53:33,840 --> 00:53:35,240
And you hope they actually work.

1397
00:53:35,240 --> 00:53:36,240
But when you adopt Rhaifin,

1398
00:53:36,240 --> 00:53:37,640
governance doesn't work that way.

1399
00:53:37,640 --> 00:53:38,440
You don't build it.

1400
00:53:38,440 --> 00:53:39,440
You inherit it.

1401
00:53:39,440 --> 00:53:42,240
This is the structural advantage that nobody really talks about

1402
00:53:42,240 --> 00:53:43,640
when they are pitching Rhaifin.

1403
00:53:43,640 --> 00:53:46,240
It isn't just about speed or the developer experience.

1404
00:53:46,240 --> 00:53:50,840
It is about the fact that Microsoft Fabric has already solved the governance problem for you.

1405
00:53:50,840 --> 00:53:52,640
When you deploy Rhaifin into Fabric,

1406
00:53:52,640 --> 00:53:54,240
you get all of that work for free.

1407
00:53:54,240 --> 00:53:56,640
Rhaifin inherits the entire Fabric governance model.

1408
00:53:56,640 --> 00:53:59,440
Not just the pieces you like or the interesting parts, but all of it.

1409
00:53:59,440 --> 00:54:02,240
Roll-based access control, sensitivity labels, lineage,

1410
00:54:02,240 --> 00:54:05,040
compliance frameworks, audit trails, data classification.

1411
00:54:05,040 --> 00:54:06,640
All of these features work with Rhaifin

1412
00:54:06,640 --> 00:54:09,240
because Rhaifin is deployed directly into Fabric.

1413
00:54:09,240 --> 00:54:12,440
It isn't a separate system that you have to struggle to integrate.

1414
00:54:12,440 --> 00:54:14,040
It is part of the governance system

1415
00:54:14,040 --> 00:54:16,040
from the very first moment it exists.

1416
00:54:16,040 --> 00:54:18,640
You don't need to build a separate governance layer for your backends

1417
00:54:18,640 --> 00:54:20,240
because the platform provides it.

1418
00:54:20,240 --> 00:54:23,040
This sounds obvious when you say it out loud, but in reality,

1419
00:54:23,040 --> 00:54:24,440
it is a massive shift.

1420
00:54:24,440 --> 00:54:27,840
Most teams treat governance as an add-on or a phase two project.

1421
00:54:27,840 --> 00:54:30,840
They think it is something you implement once you've proven the technology works.

1422
00:54:30,840 --> 00:54:33,040
With Rhaifin, governance is there on day one.

1423
00:54:33,040 --> 00:54:36,240
It isn't optional and it isn't something you have to retrofit later.

1424
00:54:36,240 --> 00:54:37,440
It is structural.

1425
00:54:37,440 --> 00:54:40,840
Data classification happens automatically through Pervue Integration.

1426
00:54:40,840 --> 00:54:43,840
You don't have to manually tag your data sets anymore.

1427
00:54:43,840 --> 00:54:47,640
Instead, you define your classification rules and let Pervue scan your data.

1428
00:54:47,640 --> 00:54:49,040
It applies the labels for you.

1429
00:54:49,040 --> 00:54:51,240
Financial data gets flagged as sensitive

1430
00:54:51,240 --> 00:54:54,240
and customer records are automatically marked as PII.

1431
00:54:54,240 --> 00:54:57,440
The system understands exactly what it is looking at and it acts accordingly.

1432
00:54:57,440 --> 00:54:59,840
When Rhaifin back-ends stores data in one lake,

1433
00:54:59,840 --> 00:55:01,640
Pervue already knows it is there.

1434
00:55:01,640 --> 00:55:04,840
It classifies the data and enforces your policies without you lifting a finger.

1435
00:55:04,840 --> 00:55:06,440
The audit logs capture everything.

1436
00:55:06,440 --> 00:55:09,640
This isn't a situation where you hope you logged the important stuff.

1437
00:55:09,640 --> 00:55:12,840
Every single operation is recorded, traceable and immutable.

1438
00:55:12,840 --> 00:55:14,640
You can see who accessed what data,

1439
00:55:14,640 --> 00:55:16,840
when they did it, and what their purpose was.

1440
00:55:16,840 --> 00:55:19,640
You can see exactly what policy decisions the system made.

1441
00:55:19,640 --> 00:55:22,640
All of this is logged by the platform itself, not by your custom code.

1442
00:55:22,640 --> 00:55:26,640
The platform generates the audit trail and you simply query it when you need an answer.

1443
00:55:26,640 --> 00:55:30,240
Compliance reviews become straightforward because the evidence is already there.

1444
00:55:30,240 --> 00:55:33,240
When an auditor asks you to prove that you enforce data classification,

1445
00:55:33,240 --> 00:55:34,440
you don't have to scramble.

1446
00:55:34,440 --> 00:55:36,640
You just run a query against those audit logs.

1447
00:55:36,640 --> 00:55:40,640
You can demonstrate that every single access to classified data was preceded by a policy check.

1448
00:55:40,640 --> 00:55:44,840
You can show that the classification was enforced and that unauthorized access was denied.

1449
00:55:44,840 --> 00:55:47,440
The evidence is right there in the logs.

1450
00:55:47,440 --> 00:55:48,240
It is complete.

1451
00:55:48,240 --> 00:55:49,240
It is verifiable.

1452
00:55:49,240 --> 00:55:52,240
It doesn't depend on your team's memory or your code being perfect.

1453
00:55:52,240 --> 00:55:57,240
Access control is enforced consistently across both your operational and analytical workloads.

1454
00:55:57,240 --> 00:56:00,040
You don't have one security model for your transactional systems

1455
00:56:00,040 --> 00:56:02,240
and a completely different one for your analytics.

1456
00:56:02,240 --> 00:56:03,440
Both of them live in fabric.

1457
00:56:03,440 --> 00:56:06,640
Both of them use the same R-back model and the same sensitivity labels.

1458
00:56:06,640 --> 00:56:08,640
Consistency isn't a goal you have to work toward.

1459
00:56:08,640 --> 00:56:11,640
It is just something you get because everything is sitting on the same platform.

1460
00:56:11,640 --> 00:56:13,640
The platform becomes auditable by default.

1461
00:56:13,640 --> 00:56:16,840
This doesn't happen because someone decided auditing was important

1462
00:56:16,840 --> 00:56:19,440
or because your compliance team is being extra vigilant.

1463
00:56:19,440 --> 00:56:21,840
It happens because the architecture itself is transparent.

1464
00:56:21,840 --> 00:56:25,240
Operations are logged, policies are traced, data access is recorded.

1465
00:56:25,240 --> 00:56:29,440
The system cannot hide what it is doing because the infrastructure forces that visibility.

1466
00:56:29,440 --> 00:56:33,640
This inheritance model is what really separates Rayfin from those old custom API architectures.

1467
00:56:33,640 --> 00:56:36,440
You aren't trying to build governance on top of an ungoverned mess.

1468
00:56:36,440 --> 00:56:39,840
You are building on top of an infrastructure where governance is the foundation.

1469
00:56:39,840 --> 00:56:41,440
It is enforced by the platform,

1470
00:56:41,440 --> 00:56:44,640
which means it doesn't depend on your team's discipline to stay intact.

1471
00:56:44,640 --> 00:56:48,240
That is the real value proposition of running Rayfin on fabric.

1472
00:56:48,240 --> 00:56:51,240
Agentec app deployment patterns, the future state.

1473
00:56:51,240 --> 00:56:53,240
Fast forward five years into the future.

1474
00:56:53,240 --> 00:56:56,440
Your organization is no longer just a collection of people using tools

1475
00:56:56,440 --> 00:56:58,240
but a network of autonomous systems

1476
00:56:58,240 --> 00:57:00,840
where AI agents orchestrate every major workflow.

1477
00:57:00,840 --> 00:57:03,640
These agents make real-time decisions within your guardrails,

1478
00:57:03,640 --> 00:57:07,240
acting on live data without waiting for a human to click approve

1479
00:57:07,240 --> 00:57:09,440
unless a specific policy demands it.

1480
00:57:09,440 --> 00:57:11,040
This isn't a science fiction pitch.

1481
00:57:11,040 --> 00:57:14,640
This is the exact direction where enterprise architecture is heading right now.

1482
00:57:14,640 --> 00:57:16,240
The real question for your leadership

1483
00:57:16,240 --> 00:57:18,640
isn't whether your company will eventually run these agents

1484
00:57:18,640 --> 00:57:23,040
but whether your underlying infrastructure will actually be ready to support them when you do.

1485
00:57:23,040 --> 00:57:26,240
Agentec applications require a backend that is fundamentally different

1486
00:57:26,240 --> 00:57:28,840
from the custom APIs we've been building for decades.

1487
00:57:28,840 --> 00:57:32,040
They don't need passive systems that sit around waiting for a request

1488
00:57:32,040 --> 00:57:35,240
but instead require environments that support autonomous decision-making

1489
00:57:35,240 --> 00:57:36,840
and complex tool orchestration.

1490
00:57:36,840 --> 00:57:39,840
You need a system that allows an agent to plan a sequence of steps

1491
00:57:39,840 --> 00:57:43,040
recover when a process fails and respect the boundaries of its authority.

1492
00:57:43,040 --> 00:57:45,840
Rayfin provides the structural foundation this new era demands.

1493
00:57:45,840 --> 00:57:49,040
We didn't just bolt on agent support as an afterthought to an old product.

1494
00:57:49,040 --> 00:57:52,040
Rayfin was designed from the ground up to serve as the nervous system

1495
00:57:52,040 --> 00:57:53,840
for autonomous enterprise systems.

1496
00:57:53,840 --> 00:57:55,840
Consider the multi-agent coordinator pattern

1497
00:57:55,840 --> 00:57:58,440
that is quickly becoming the standard for enterprise deployments.

1498
00:57:58,440 --> 00:58:01,440
In this model, one coordinator agent receives a high-level goal

1499
00:58:01,440 --> 00:58:04,440
and immediately decomposes that goal into smaller sub-tasks.

1500
00:58:04,440 --> 00:58:07,040
It then roots those tasks to specialist agents

1501
00:58:07,040 --> 00:58:10,040
who execute their specific pieces before the coordinator collects

1502
00:58:10,040 --> 00:58:12,440
and validates the results against your business rules.

1503
00:58:12,440 --> 00:58:15,840
The entire system operates autonomously within the specific boundaries

1504
00:58:15,840 --> 00:58:16,840
you have to find.

1505
00:58:16,840 --> 00:58:20,840
This works because Rayfin handles the heavy lifting of the orchestration layer.

1506
00:58:20,840 --> 00:58:23,840
The coordinator agent doesn't have to worry about managing infrastructure,

1507
00:58:23,840 --> 00:58:27,440
provisioning new databases, or setting up complex authentication flows.

1508
00:58:27,440 --> 00:58:30,840
It simply calls APIs because those APIs are Rayfin generated,

1509
00:58:30,840 --> 00:58:34,840
they are stable, predictable, and capable of enforcing their own constraints.

1510
00:58:34,840 --> 00:58:38,040
The coordinator doesn't need to manage state across a dozen different services

1511
00:58:38,040 --> 00:58:40,040
because each service manages its own state,

1512
00:58:40,040 --> 00:58:43,640
allowing the coordinator to focus entirely on the flow of the work.

1513
00:58:43,640 --> 00:58:46,640
Agents can call these services with total confidence

1514
00:58:46,640 --> 00:58:50,840
because access control and data validation are enforced by the platform itself,

1515
00:58:50,840 --> 00:58:53,040
not by fragile application code.

1516
00:58:53,040 --> 00:58:57,240
An agent never has broad permissions or read-only access to a database.

1517
00:58:57,240 --> 00:59:01,040
It calls a specific API and that API dictates exactly what is allowed.

1518
00:59:01,040 --> 00:59:04,040
If an agent calls a customer API to get a record,

1519
00:59:04,040 --> 00:59:06,240
it won't receive sensitive salary information

1520
00:59:06,240 --> 00:59:09,840
because Rayfin simply doesn't expose that field to that specific endpoint.

1521
00:59:09,840 --> 00:59:12,040
The agent never even had the option to see it.

1522
00:59:12,040 --> 00:59:14,640
Access control isn't a logic puzzle, the agent has to solve

1523
00:59:14,640 --> 00:59:17,840
because the platform enforces the rules before the agent can even ask.

1524
00:59:17,840 --> 00:59:20,840
Validation happens long before any data reaches the agent's logic.

1525
00:59:20,840 --> 00:59:24,840
A Rayfin API only accepts specific inputs with strict types,

1526
00:59:24,840 --> 00:59:29,040
so if an agent sends malformed data, the API rejects the request immediately.

1527
00:59:29,040 --> 00:59:31,440
If an agent tries to modify a field it shouldn't touch.

1528
00:59:31,440 --> 00:59:34,040
The API blocks the action and returns a clear error.

1529
00:59:34,040 --> 00:59:36,640
The agent can log that error and try a different approach,

1530
00:59:36,640 --> 00:59:40,440
but it can never accidentally cause systemic harm through an invalid operation.

1531
00:59:40,440 --> 00:59:42,640
The backend essentially becomes a safe sandbox

1532
00:59:42,640 --> 00:59:45,840
where agents act autonomously within your defined boundaries.

1533
00:59:45,840 --> 00:59:49,040
You aren't relying on the agent to be smart enough to follow the rules.

1534
00:59:49,040 --> 00:59:53,240
Instead, the infrastructure makes it physically impossible for the agent to exceed its authority.

1535
00:59:53,240 --> 00:59:56,840
This is security by design rather than security through trust.

1536
00:59:56,840 --> 01:00:00,640
Think about a concrete scenario like an agent managing customer support tickets.

1537
01:00:00,640 --> 01:00:04,440
It reads incoming messages, analyzes the intent, and proposes a response.

1538
01:00:04,440 --> 01:00:07,840
Under the right conditions, it executes that response and closes the ticket

1539
01:00:07,840 --> 01:00:10,840
or opens an escalation all without human intervention.

1540
01:00:10,840 --> 01:00:12,640
But there are hard boundaries in place.

1541
01:00:12,640 --> 01:00:16,440
It cannot refund more than a specific dollar amount without a manager's approval

1542
01:00:16,440 --> 01:00:20,240
and it cannot access payment information or delete historical records.

1543
01:00:20,240 --> 01:00:23,640
With custom APIs, you would have to code these boundaries into the agent's logic

1544
01:00:23,640 --> 01:00:25,040
and hope it respects them.

1545
01:00:25,040 --> 01:00:28,040
With Rayfin, those boundaries are baked into the API definitions.

1546
01:00:28,040 --> 01:00:31,840
The agent can try to violate a rule, but the API will simply reject the request

1547
01:00:31,840 --> 01:00:33,840
and the agent will move on to the next task.

1548
01:00:33,840 --> 01:00:36,040
The boundary is structural, not advisory.

1549
01:00:36,040 --> 01:00:40,240
This architectural approach scales because it doesn't depend on how sophisticated your agents are.

1550
01:00:40,240 --> 01:00:43,640
A simple script works just as well as a complex multi-agent system

1551
01:00:43,640 --> 01:00:45,840
because the infrastructure catches the mistakes.

1552
01:00:45,840 --> 01:00:48,640
You stop managing agent behavior through endless code reviews

1553
01:00:48,640 --> 01:00:51,840
and start managing it through clean API design and policy enforcement.

1554
01:00:51,840 --> 01:00:55,440
Agentec applications are the future of how companies get work done.

1555
01:00:55,440 --> 01:00:58,440
Rayfin is the infrastructure they need to actually function.

1556
01:00:58,440 --> 01:00:59,840
The competitive pressure.

1557
01:00:59,840 --> 01:01:01,240
Why this matters now?

1558
01:01:01,240 --> 01:01:05,440
In the world of enterprise technology, speed is the only metric that truly kills.

1559
01:01:05,440 --> 01:01:08,240
It doesn't happen in a sudden crash, but in a slow loss of market share

1560
01:01:08,240 --> 01:01:10,040
that becomes impossible to reverse.

1561
01:01:10,040 --> 01:01:14,040
The organization that can deploy a full backend in two days instead of two months

1562
01:01:14,040 --> 01:01:16,040
isn't just faster than you.

1563
01:01:16,040 --> 01:01:19,040
They are operating in an entirely different strategic category.

1564
01:01:19,040 --> 01:01:22,440
They are learning, experimenting, and shipping products at a pace

1565
01:01:22,440 --> 01:01:24,440
that creates a compounding gap.

1566
01:01:24,440 --> 01:01:27,440
Look at what is happening across almost every industry right now.

1567
01:01:27,440 --> 01:01:30,240
Companies that built their entire foundation on custom APIs

1568
01:01:30,240 --> 01:01:33,040
are still drowning in technical debt from three years ago.

1569
01:01:33,040 --> 01:01:35,840
They are still having long meetings about whether to retire an old endpoint

1570
01:01:35,840 --> 01:01:37,640
or spend six months refactoring it.

1571
01:01:37,640 --> 01:01:40,240
They are running incident reviews on systems that break

1572
01:01:40,240 --> 01:01:43,440
because nobody actually understands how the different pieces interact anymore.

1573
01:01:43,440 --> 01:01:45,840
Meanwhile, the competitors who standardized on a bar's model

1574
01:01:45,840 --> 01:01:48,040
have already deployed five new features in the time

1575
01:01:48,040 --> 01:01:50,640
it took the other team to plan a single API change.

1576
01:01:50,640 --> 01:01:53,240
That speed advantage isn't linear, it compounds.

1577
01:01:53,240 --> 01:01:55,440
If you can deploy ten times faster than your rival,

1578
01:01:55,440 --> 01:01:57,840
you can afford to experiment ten times more frequently.

1579
01:01:57,840 --> 01:01:59,840
You learn from every single failure and optimize

1580
01:01:59,840 --> 01:02:01,840
based on what actually works in the real world.

1581
01:02:01,840 --> 01:02:03,840
By the second year, you haven't just moved ahead.

1582
01:02:03,840 --> 01:02:05,840
You've built an organizational muscle

1583
01:02:05,840 --> 01:02:08,240
that the slower teams simply cannot replicate.

1584
01:02:08,240 --> 01:02:10,840
You have trained your people to work at a high velocity rhythm

1585
01:02:10,840 --> 01:02:14,240
while the slower organization is still arguing about their architecture.

1586
01:02:14,240 --> 01:02:15,640
This isn't a theoretical threat.

1587
01:02:15,640 --> 01:02:17,440
The market is already sorting winners and losers

1588
01:02:17,440 --> 01:02:19,240
based on this specific capability.

1589
01:02:19,240 --> 01:02:21,640
Your most dangerous competitors are already using bar's models

1590
01:02:21,640 --> 01:02:23,440
because they don't want to build custom backends.

1591
01:02:23,440 --> 01:02:25,440
They treat infrastructure as a solve problem

1592
01:02:25,440 --> 01:02:27,440
so they can focus entirely on the product.

1593
01:02:27,440 --> 01:02:30,240
They are deploying agents while custom API shops

1594
01:02:30,240 --> 01:02:32,240
are still stuck in committee meetings.

1595
01:02:32,240 --> 01:02:35,240
When a competitor launches a new AI-powered feature

1596
01:02:35,240 --> 01:02:37,440
and you're still debating how to wire your database,

1597
01:02:37,440 --> 01:02:38,840
the customer notices.

1598
01:02:38,840 --> 01:02:41,040
They will choose the competitor every single time

1599
01:02:41,040 --> 01:02:42,640
because their feature works today

1600
01:02:42,640 --> 01:02:44,440
and yours doesn't even exist yet.

1601
01:02:44,440 --> 01:02:46,640
This also changes the game for talent retention.

1602
01:02:46,640 --> 01:02:49,040
Engineers want to spend their time on business logic

1603
01:02:49,040 --> 01:02:52,040
and solving interesting problems, not fighting infrastructure fires

1604
01:02:52,040 --> 01:02:53,440
or managing technical debt.

1605
01:02:53,440 --> 01:02:55,440
This isn't just about making them comfortable.

1606
01:02:55,440 --> 01:02:57,040
It's about their career development.

1607
01:02:57,040 --> 01:02:58,840
Junior engineers learn significantly more

1608
01:02:58,840 --> 01:03:00,840
from solving domain-specific problems

1609
01:03:00,840 --> 01:03:04,440
than they do from learning your proprietary custom API framework.

1610
01:03:04,440 --> 01:03:06,440
Senior engineers are far less likely to quit

1611
01:03:06,440 --> 01:03:08,440
for a startup if they are doing meaningful work

1612
01:03:08,440 --> 01:03:11,040
instead of acting as part-time database administrators.

1613
01:03:11,040 --> 01:03:12,440
Your best people want to build things.

1614
01:03:12,440 --> 01:03:14,840
If you give them infrastructure that stays out of their way,

1615
01:03:14,840 --> 01:03:15,840
they will stay with you.

1616
01:03:15,840 --> 01:03:17,440
Your cost structure shifts as well,

1617
01:03:17,440 --> 01:03:19,040
but not in the way most people think.

1618
01:03:19,040 --> 01:03:21,640
It isn't just that a boss platform costs less than a server farm.

1619
01:03:21,640 --> 01:03:23,440
The real value is that you can finally

1620
01:03:23,440 --> 01:03:25,640
allocate your human resources differently.

1621
01:03:25,640 --> 01:03:28,040
Every engineer you have maintaining a custom API

1622
01:03:28,040 --> 01:03:30,640
is an engineer who isn't building a new feature for your customers.

1623
01:03:30,640 --> 01:03:34,040
Every firefighting team is a team that isn't working on optimization.

1624
01:03:34,040 --> 01:03:35,640
When you move that effort toward feature work,

1625
01:03:35,640 --> 01:03:37,840
you ship faster and compete better.

1626
01:03:37,840 --> 01:03:39,840
The real cost advantage isn't a lower bill

1627
01:03:39,840 --> 01:03:42,040
but a much higher return on your engineering spend.

1628
01:03:42,040 --> 01:03:43,840
What makes this so urgent right now

1629
01:03:43,840 --> 01:03:45,240
is that you aren't just choosing

1630
01:03:45,240 --> 01:03:46,640
between two different technologies.

1631
01:03:46,640 --> 01:03:48,240
You are choosing whether your organization

1632
01:03:48,240 --> 01:03:50,040
will lead the market or follow it.

1633
01:03:50,040 --> 01:03:52,040
The companies moving toward Raffin today

1634
01:03:52,040 --> 01:03:53,640
are hiring the people who understand

1635
01:03:53,640 --> 01:03:56,440
modern stacks and building products that depend on velocity.

1636
01:03:56,440 --> 01:03:58,640
They are making moves that a custom API shop

1637
01:03:58,640 --> 01:03:59,840
simply cannot match.

1638
01:03:59,840 --> 01:04:03,040
By the time the slower organization finally decides to modernize,

1639
01:04:03,040 --> 01:04:04,840
the market will have already moved on.

1640
01:04:04,840 --> 01:04:06,440
That competitive advantage isn't something

1641
01:04:06,440 --> 01:04:07,840
you can just buy back later.

1642
01:04:07,840 --> 01:04:09,440
The faster organization learned more,

1643
01:04:09,440 --> 01:04:11,240
build better products and captured the market

1644
01:04:11,240 --> 01:04:12,240
while you were still planning.

1645
01:04:12,240 --> 01:04:13,440
You aren't just trying to catch up.

1646
01:04:13,440 --> 01:04:15,240
You are playing a completely different game.

1647
01:04:15,240 --> 01:04:17,440
The question isn't whether you should adopt a boss model.

1648
01:04:17,440 --> 01:04:20,040
The only question is how fast you can make the move.

1649
01:04:20,040 --> 01:04:22,640
The operating model shift, closing argument.

1650
01:04:22,640 --> 01:04:24,240
Here is what nobody wants to acknowledge

1651
01:04:24,240 --> 01:04:26,040
when they are excited about new technology.

1652
01:04:26,040 --> 01:04:27,640
The technology is the easy part,

1653
01:04:27,640 --> 01:04:29,640
changing how your organization actually works

1654
01:04:29,640 --> 01:04:32,240
is the hard part and to be honest, it is going to hurt.

1655
01:04:32,240 --> 01:04:34,040
Adopting Raffin requires you to rethink

1656
01:04:34,040 --> 01:04:35,040
how teams are organized

1657
01:04:35,040 --> 01:04:36,640
and how workflows through your building.

1658
01:04:36,640 --> 01:04:39,840
This isn't a metaphor, it is structural.

1659
01:04:39,840 --> 01:04:41,840
The way your engineering teams operate today

1660
01:04:41,840 --> 01:04:44,040
assumes that custom APIs are the default

1661
01:04:44,040 --> 01:04:45,840
and it assumes back-end infrastructure

1662
01:04:45,840 --> 01:04:48,640
is something teams should own and operate independently.

1663
01:04:48,640 --> 01:04:50,840
In the old model, the path to shipping is simple.

1664
01:04:50,840 --> 01:04:53,040
You write code, you provision infrastructure,

1665
01:04:53,040 --> 01:04:54,640
and then you manage it forever.

1666
01:04:54,640 --> 01:04:56,240
That entire model has to invert.

1667
01:04:56,240 --> 01:04:58,840
Back-end teams do not shift from building custom APIs

1668
01:04:58,840 --> 01:05:01,440
to maintaining Raffin at scale without a lot of friction.

1669
01:05:01,440 --> 01:05:03,440
Their job description changes, their skills change,

1670
01:05:03,440 --> 01:05:05,040
their day-to-day life changes.

1671
01:05:05,040 --> 01:05:07,640
Instead of spending their afternoon tuning database performance

1672
01:05:07,640 --> 01:05:09,640
or patching security vulnerabilities,

1673
01:05:09,640 --> 01:05:11,840
they are defining back-end schemas in code.

1674
01:05:11,840 --> 01:05:13,640
They are reviewing governance definitions

1675
01:05:13,640 --> 01:05:16,840
and collaborating with domain teams on data model choices

1676
01:05:16,840 --> 01:05:18,440
which is still highly technical work

1677
01:05:18,440 --> 01:05:20,640
but it is a different flavor of skilled labor.

1678
01:05:20,640 --> 01:05:23,840
Some people will thrive in this change while others will resist it

1679
01:05:23,840 --> 01:05:26,240
but most of your staff will end up somewhere in the middle.

1680
01:05:26,240 --> 01:05:28,840
The skill set shift is real and it is significant.

1681
01:05:28,840 --> 01:05:31,040
You will need less infrastructure operations

1682
01:05:31,040 --> 01:05:33,840
and more focus on business logic and governance.

1683
01:05:33,840 --> 01:05:36,240
This means you need fewer database administrators

1684
01:05:36,240 --> 01:05:38,640
and more people who actually understand domain modeling.

1685
01:05:38,640 --> 01:05:41,040
You need fewer people building APIs from scratch

1686
01:05:41,040 --> 01:05:44,840
and more people thinking about how to enforce policy through platform abstractions.

1687
01:05:44,840 --> 01:05:47,440
This isn't something that happens through a weekend training session.

1688
01:05:47,440 --> 01:05:49,840
It happens through hiring, through natural attrition

1689
01:05:49,840 --> 01:05:51,840
and through organizational evolution

1690
01:05:51,840 --> 01:05:53,640
that takes years rather than quarters.

1691
01:05:53,640 --> 01:05:56,040
Cross-functional teams need new communication patterns

1692
01:05:56,040 --> 01:05:57,840
because the work is no longer siloed.

1693
01:05:57,840 --> 01:06:00,040
A back-end definition in Raffin isn't something

1694
01:06:00,040 --> 01:06:03,240
the back-end team creates in a vacuum and hands-off to the operations group.

1695
01:06:03,240 --> 01:06:06,240
It is something that platform domain security and compliance teams

1696
01:06:06,240 --> 01:06:07,840
have to collaborate on together.

1697
01:06:07,840 --> 01:06:10,040
The platform team defines what they support.

1698
01:06:10,040 --> 01:06:12,040
The domain team explains what they need

1699
01:06:12,040 --> 01:06:15,640
and the security and compliance teams layer on the regulations.

1700
01:06:15,640 --> 01:06:18,640
The final definition is the intersection of all those constraints.

1701
01:06:18,640 --> 01:06:20,640
Nobody owns the entire answer anymore.

1702
01:06:20,640 --> 01:06:22,040
Everyone owns a piece of it.

1703
01:06:22,040 --> 01:06:23,840
That requires communication patterns

1704
01:06:23,840 --> 01:06:26,240
that many organizations simply haven't developed yet.

1705
01:06:26,240 --> 01:06:28,640
The governance board becomes the critical decision point

1706
01:06:28,640 --> 01:06:30,040
instead of the individual team leads.

1707
01:06:30,040 --> 01:06:33,240
This is the organizational shift that feels most threatening to people

1708
01:06:33,240 --> 01:06:35,240
but it is also the most necessary.

1709
01:06:35,240 --> 01:06:38,040
Team leads used to decide their own back-end strategy

1710
01:06:38,040 --> 01:06:40,040
like whether to use Cosmos or Post-Riscule

1711
01:06:40,040 --> 01:06:42,040
or whether to live in Azure or AWS.

1712
01:06:42,040 --> 01:06:43,840
Now those decisions come to the board.

1713
01:06:43,840 --> 01:06:45,040
This is centralization.

1714
01:06:45,040 --> 01:06:46,840
It is a constraint on autonomy.

1715
01:06:46,840 --> 01:06:48,040
It is a loss of freedom.

1716
01:06:48,040 --> 01:06:49,840
But here is why it is necessary.

1717
01:06:49,840 --> 01:06:51,240
When everyone chooses independently,

1718
01:06:51,240 --> 01:06:53,640
you optimize for individual team satisfaction

1719
01:06:53,640 --> 01:06:56,040
but when you optimize for organizational efficiency,

1720
01:06:56,040 --> 01:06:57,440
you need standardization.

1721
01:06:57,440 --> 01:06:59,640
This doesn't mean teams lose all their autonomy.

1722
01:06:59,640 --> 01:07:02,640
It means their autonomy is constrained by the organizational strategy.

1723
01:07:02,640 --> 01:07:06,240
Teams choose how to solve problems within the bounds of the approved architecture

1724
01:07:06,240 --> 01:07:08,640
and that isn't oppressive if the bounds are reasonable.

1725
01:07:08,640 --> 01:07:10,240
The board's job is to make sure they are.

1726
01:07:10,240 --> 01:07:12,840
This shift is uncomfortable, genuinely uncomfortable.

1727
01:07:12,840 --> 01:07:14,040
People will resist it.

1728
01:07:14,040 --> 01:07:16,240
Architects will defend custom approaches.

1729
01:07:16,240 --> 01:07:18,240
Teams will fight for their own way of doing things.

1730
01:07:18,240 --> 01:07:20,440
People worry about losing flexibility

1731
01:07:20,440 --> 01:07:22,440
and some of those concerns are legitimate.

1732
01:07:22,440 --> 01:07:25,640
The board's job is to distinguish between real technical constraints

1733
01:07:25,640 --> 01:07:28,040
and resistance that is just driven by preference.

1734
01:07:28,040 --> 01:07:30,440
They have to say yes to exceptions that make sense

1735
01:07:30,440 --> 01:07:32,040
and note the ones that don't

1736
01:07:32,040 --> 01:07:34,240
and they have to explain the reasoning both times.

1737
01:07:34,240 --> 01:07:36,640
The organizational change is harder than the technical change

1738
01:07:36,640 --> 01:07:38,640
but both are required to move forward.

1739
01:07:38,640 --> 01:07:41,240
You cannot adopt Refin without changing how you operate

1740
01:07:41,240 --> 01:07:43,040
and you cannot maintain consistency

1741
01:07:43,040 --> 01:07:45,240
without governance boards making the hard calls.

1742
01:07:45,240 --> 01:07:47,240
You cannot scale without standardization.

1743
01:07:47,240 --> 01:07:48,640
The technology simply won't work

1744
01:07:48,640 --> 01:07:50,840
if the organization doesn't change to support it.

1745
01:07:50,840 --> 01:07:52,240
The death is already here.

1746
01:07:52,240 --> 01:07:55,040
Custom APIs aren't dying because they are technically inferior.

1747
01:07:55,040 --> 01:07:57,240
They are dying because they are structurally unfit

1748
01:07:57,240 --> 01:07:59,240
for the world that is emerging right now.

1749
01:07:59,240 --> 01:08:01,840
We live in a world where development speed matters,

1750
01:08:01,840 --> 01:08:04,040
where autonomy matters and where governance matters.

1751
01:08:04,040 --> 01:08:05,840
It is a world where artificial intelligence

1752
01:08:05,840 --> 01:08:07,840
is starting to orchestrate decisions.

1753
01:08:07,840 --> 01:08:09,640
Refin represents a different model entirely.

1754
01:08:09,640 --> 01:08:10,640
It is code first.

1755
01:08:10,640 --> 01:08:11,840
It is governed by default.

1756
01:08:11,840 --> 01:08:13,240
It is fabric native.

1757
01:08:13,240 --> 01:08:14,640
This isn't just a marginal improvement

1758
01:08:14,640 --> 01:08:17,240
on the custom APIs you have been building for a decade.

1759
01:08:17,240 --> 01:08:19,840
It is a different architecture for a different era.

1760
01:08:19,840 --> 01:08:21,640
Organizations that move toward this model

1761
01:08:21,640 --> 01:08:23,440
will outpace those defending the old one

1762
01:08:23,440 --> 01:08:25,240
and they will do it now, not eventually.

1763
01:08:25,240 --> 01:08:27,840
The speed advantage is already compounding in the market.

1764
01:08:27,840 --> 01:08:29,440
The transition is uncomfortable

1765
01:08:29,440 --> 01:08:31,640
and the organizational change will create friction

1766
01:08:31,640 --> 01:08:33,040
but it is unavoidable.

1767
01:08:33,040 --> 01:08:35,640
Your governance board needs to make this decision today.

1768
01:08:35,640 --> 01:08:36,440
Not next year.

1769
01:08:36,440 --> 01:08:38,440
Not after you finish the current project.

1770
01:08:38,440 --> 01:08:40,040
Right now every month you delay

1771
01:08:40,040 --> 01:08:41,640
is a month your competitors are learning

1772
01:08:41,640 --> 01:08:43,040
how to operate faster than you.

1773
01:08:43,040 --> 01:08:45,240
The future of enterprise backends is standardized.

1774
01:08:45,240 --> 01:08:47,840
It is auditable and it is ready for agents.

1775
01:08:47,840 --> 01:08:49,240
If you want to compete in that future

1776
01:08:49,240 --> 01:08:51,040
you need to start building for it today.

1777
01:08:51,040 --> 01:08:52,940
If this changed how you think about your strategy

1778
01:08:52,940 --> 01:08:55,040
follow me, Mirko Peters on LinkedIn.

1779
01:08:55,040 --> 01:08:56,440
And if you want more of this,

1780
01:08:56,440 --> 01:08:59,240
leave a review for the M365FM podcast

1781
01:08:59,240 --> 01:09:01,640
because it helps more people find these insights.

1782
01:09:01,640 --> 01:09:03,440
Connect with me directly if you want to discuss

1783
01:09:03,440 --> 01:09:06,440
how Ravein fits into your digital transformation roadmap.

1784
01:09:06,440 --> 01:09:08,640
The conversation you have next could change everything.