Layer 3: Business Logic Integration
This is where the heavy lifting of integration gets done, because this is where the application context is kept and where the best security and web services infrastructure is available. What really sets cloud applications apart is the richness and ease of their APIs: do they support call out and call in, WSDL/SOAP, RESTful APIs, or only simpler conversations with XML, JSON, or similar vocabularies? For productivity, there's no substitute for accurate documentation and code samples...so evaluate cloud vendors on this basis.
Most cloud applications' integration architecture is quite loosely coupled and based on a request/response model. Frequent polling is rarely a good idea, and tight integration loops (like two-phase commit) are tough. In situations where a cloud must push a message, your developers will have to create logic within that application to trigger sending the message. Your developers will also need to develop a strategy (perhaps using a dedicated integration server) to handle network timeouts, application downtime, and guaranteed message delivery.
At this layer, integration code will have access to all system objects and functions, so security will be essential. But it's such a big topic I'll be dealing with that in a separate article.
Layer 4: Data Integration
This is dealing directly with the cloud application's database. In many cloud systems, there is no real way to directly access this level because it's really not safe for writing. Even for read integration direct database access can be problematic, as the table has no indication of application state or transaction coordination. That said, for bulk reading of data (for example, to replicate it for an on-prem data warehouse or a cloud-based analytics tool), nothing beats the speed of direct database access.
At this layer, security is an issue because the application's security model transcends what's visible in the tables' access controls. In most cases, data integration will be done with super-user privileges so the resulting data flow should not be directly accessible to standard users.