Ca Security and API Management solutions
-
Upload
santiago-cavanna -
Category
Technology
-
view
423 -
download
0
Transcript of Ca Security and API Management solutions
1 © 2014 CA. ALL RIGHTS RESERVED.
CA Security & APIM SolutionsPowering the building blocks of digital transformation
Internal and Confidential
Santiago CavannaSecurity Solution Account DirectorArgentina, Chile, Bolivia, Uruguay y Paraguay. Twitter https://twitter.com/scavannaOffice: +54-11-43-17-15-95 | Mobile: +54-911-41-65-15-47 | [email protected]
2 © 2014 CA. ALL RIGHTS RESERVED.
Traditional business modelsAre threatened, fading or obsolete.
Digital disruptersAre winning market share and growing.
Customers want three things:Fast, reliable and secure transactions.
Disintermediation is ubiquitous.Can your business be rewritten by software?
The app economy changes everything
2 © 2015 CA. ALL RIGHTS RESERVED.
3 © 2014 CA. ALL RIGHTS RESERVED.
Experience is everything.In business and in life, we choose the things we like, seeking them out over and over again. The things we don’t enjoy we avoid like the plague.
Experience drives our decisions. Of course, that’s never been more true than in the application economy. Today’s customers are empowered and have more choices than ever.
Providing a superior customer experience is a simple concept, yet deceptively difficult to execute.
The Bottom Line: Customer Experience is THE prime differentiator in business today.
3 © 2015 CA. ALL RIGHTS RESERVED.
4 © 2014 CA. ALL RIGHTS RESERVED.
From sneaker company to data enabled athletic brand.
From book seller to insight driven delivery service, cloud servicer and entertainment hub.
The journey to digital transformation. Where are you?
From UK Grocer to global consumer retailer leveraging data and technology that reframes the shopper experience.
78% of enterprises believe that the shift to becoming a software-driven business will be a critical driver of competitive advantage. Over 40% say it is already affecting new product and service development. 1
From appliance manufacturer to Industrial Internet provider with 10,000 software professionals.
1“Global Study: The Battle for Competitive Advantage in the Application Economy”, Oxford Economics and CA Technologies, June 2015
4 © 2015 CA. ALL RIGHTS RESERVED.
5 © 2014 CA. ALL RIGHTS RESERVED.
Since 1976, we’ve been a culture of innovation—half of our 11,600 person workforce is in development, creating better ways of managing, securing and deploying IT infrastructure.
CA is one of the largest, independent system software companies in the world that continues to transform the face of business.
5 © 2015 CA. ALL RIGHTS RESERVED.
6 © 2014 CA. ALL RIGHTS RESERVED.
6 © 2015 CA. ALL RIGHTS RESERVED.
7 © 2014 CA. ALL RIGHTS RESERVED.
2.5x more likely… to have advanced agile practices in place
2.5x more likely… to have broadly implemented DevOps
2x more likely… to leverage APIs for mobile app development
What ‘digital disrupters’ have in common1
2xHigher revenue growth
2.5xHigher profit growth
1.5xMore new-business
based revenue
1The most-advanced digital businesses are the 14% who scored highest on the Digital Effectiveness Index, based on a global survey by Freeform Dynamics sponsored by CA Technologies, July 2015.
7 © 2015 CA. ALL RIGHTS RESERVED.
8 © 2014 CA. ALL RIGHTS RESERVED.
“Our Customers Want…”
Better business decisions
Faster speed to market
Seize new market
opportunities
Frictionless security
Scale for growth
AGILE MANAGEMENTNavigate market shifts quicklyAgile best practices to help drive transformation
DEVOPSAccelerate development processes Flawless app performance in every customer engagement
SECURITYGive the right access to the right people at the right timeBuild security into apps from the get-go
The journey to digital transformation
8 © 2015 CA. ALL RIGHTS RESERVED.
9 © 2014 CA. ALL RIGHTS RESERVED.
AGILE MANAGEMENTScalable, enterprise-class SaaS agile platform
Most experienced agile coaching and consulting staff in the industry
DEVOPSSpeed and quality across all stages of application lifecycle
Solutions that enable collaboration across both dev and ops
End-to-end security covering apps, data and APIs
Apps APIs
BUSINESS INITIATIVE
DEV & TEST
DEPLOYOPERATE
MEASURE
PLAN
Identity management based on analytics delivers a frictionless user experience
How CA supports your digital transformation
9 © 2015 CA. ALL RIGHTS RESERVED.
SECURITY
10 © 2014 CA. ALL RIGHTS RESERVED.
Apps APIs DEV & TEST
DEPLOYOPERATE
MEASURE
PLAN
CA solutions to support your digital transformation
10 © 2015 CA. ALL RIGHTS RESERVED.
Identity & Access Management
API ManagementPayment Security
DEVOPSAPI ManagementContinuous DeliveryApplication Performance ManagementUnified Infrastructure Management
AGILE MANAGEMENTAgile & Transformation Consulting
Project & Portfolio Management
Agile Application Lifecycle Management
BUSINESS INITIATIVE
SECURITY
11 © 2014 CA. ALL RIGHTS RESERVED.
La Seguridad en la Economía de las Aplicaciones
Denyson MachadoSr. Director – Sales Security - Latam
12 © 2014 CA. ALL RIGHTS RESERVED.
Traditional Approach to Security
13 © 2014 CA. ALL RIGHTS RESERVED.
Future security approach must go beyond the perimeterBusinesses are more open than ever – and subject to attacks
14 © 2014 CA. ALL RIGHTS RESERVED.
Future security approach must go beyond the perimeterBusinesses are more open than ever – and subject to attacks
15 © 2014 CA. ALL RIGHTS RESERVED.
Future security approach must go beyond the perimeterBusinesses are more open than ever – and subject to attacks
16 © 2014 CA. ALL RIGHTS RESERVED.
Future security approach must go beyond the perimeterBusinesses are more open than ever – and subject to attacks
17 © 2014 CA. ALL RIGHTS RESERVED.
Future security approach must go beyond the perimeterBusinesses are more open than ever – and subject to attacks
18 © 2014 CA. ALL RIGHTS RESERVED.
Identity is the New Perimeter
19 © 2014 CA. ALL RIGHTS RESERVED.
REQUIREMENTS
THIS IS JOHN. HE IS YOUR CUSTOMER.
JOHN WANTS:
TO EASILY AND SECURELY CONNECT TO
YOUR APPS AND SERVICES
Multi-device Support & Social Login
ALL WITHOUT THINKING ABOUT
SECURITY
Seamless SSO & Authentication
A PERSONALIZEDEXPERIENCE
Customer Insight
Partner Federation
THE LATEST SERVICES
SecurityYou need to engage your customers faster and better
20 © 2014 CA. ALL RIGHTS RESERVED.
REQUIREMENTS
THIS IS SARA. SHE IS YOUR EMPLOYEE.
SARA WANTS:
TO GET HER ACCOUNTS SET
UP QUICKLY
Automated on/off-boarding
TO MANAGE HER OWN PROFILE INFO
Self-service
LOG IN ONCE
Seamless SSO & Authentication
EASILY GET ACCESS TO NEW SERVICES
Automated access requests
SecurityYou need to make your employees more productive
21 © 2014 CA. ALL RIGHTS RESERVED.
REQUIREMENTS
THIS IS TOM. HE IS THE CISO.
TOM WANTS:
TO PROTECT CORPORATE &
CUSTOMER INFO
Fine-grained controls for Admin
TO DETECT & PREVENT ATTACKS
Shared Account Management
TO PREVENT PRIVILEGE
ESCALATION
Privileged access governance
TO VALIDATE USER IDENTITIES
Risk-aware authentication
SecurityYou need to combat internal threats & external attacks
22 © 2014 CA. ALL RIGHTS RESERVED.
ENABLE THE BUSINESS
Cloud Services
On Premise Apps
Engage with your customers faster & better
Make your employees more productive
CustomersCitizens
Employees / Partners
Connected Apps / Devices
PROTECT THE BUSINESS
Strongly validate each user’s identity
Govern & control user access
Protect privileged identities
SecuritySecurity spend must do more than just SecureSell the business on business value
23 © 2014 CA. ALL RIGHTS RESERVED.
CA SECURE CLOUD
Mobile Security
AUTHENTICATION Strong, multi-factor credentials Risk analysis and scoring Behavioral profiling
IDENTITIES Provisioning & access governance Self-service Password management
ACCESS Single-Sign-On Web access management Web services security, federation
PRIVILEGED IDENTITIES Fine-grained access controls Shared account password mgt Hypervisor hardening
CA SECURE CLOUD
API MANAGEMENT API gateway, mobile access gateway Developer portal API Live Creator
Directory Services
IDENTITY as a SERVICE Identity management Authentication SSO
CA Identity Suite
CA Advanced Authentication
CA Single Sign-On
CA Privileged Access Manager
CA SaaS App Security CA API (Mobile) Gateways, CA API Portal
CA Mobile App Services CA Directory
SecurityCA Security & API Management PortfolioComprehensive & Proven Solution
24 © 2014 CA. ALL RIGHTS RESERVED.
SecuritySecurity Predictions
25 © 2014 CA. ALL RIGHTS RESERVED.
Increasingly public breaches will cause shift from IDM to Identity Access Security (IAS)
PREDICTION #1
Recent breaches (Target, SONY, Lowe’s) have IT executives running scared. As the financial & reputational damage of a breach increases, they will be increasing their security budgets to increase their controls over systems, data, and insider actions.
70% of Companies Report a Security Breach in Last 12 Months
Source: Ponemon Institute Source: Ponemon Institute
Security budgets will increase
in the next 3 years39%
REPORT: Cybercrime costs US $12.7M a yearThe cost of attacks on large companies is up by 10 percent
Average company now compromised every four days, with no end to the cybercrime wave in sight
Summary: Phishing, denial-of-service and virus attacks are now a standard part of doing business for most organizations.
26 © 2014 CA. ALL RIGHTS RESERVED.
Adobe152,000,000
AOL2,400,000
JP MorganChase76,000,000
CommunityHealth
Services
Gmail
Sony
Series12004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
AOL92,000,000
Ebay145,000,000
Home Depot56,000,000
Mozilla
JapanAirlines
Target70,000,000
StaplesUPS
Evernote50,000,000
NASDAQ
Niemen Marcus
Korea Credit Bureau
EuropeanCentralBank
Telcom
Telcom
Telcom
Telcom
Telcom
TelcomTelcom
TelcomTelcom Telcom
Telcom
Telcom
Telcom
LivingSocial50,000,000Massive
AmericanBusiness
Hack160,000,000
SonyPSN
77,000,000
UbiSoft
Umbuntu
Telcom
Court Ventures200,000,000
Zappos24,000,000
CompassBank
Citigroup
TJMaxx
94,000,000
VA26,500,000
Monster.com
KDDI
Fidelity Bank
US Military76,000,000
AOL20,000,000
CardsystemsSolutions
AT&T
Telcom
Telcom
JeffersonCounty
Telcom
Telcom
Apple
Telcom
NHS
VA DeptHealth
Telcom
US NatGuard
Telc
om
Telcom
Heartland130,000,000
RockYou!32,000,000
TelcomCheckFree
Telc
om
Telcom
US Military
Telcom
Telcom
AT&T
JP MorganTelcom Te
lcom
Telcom
Telcom
• * Source-
Security10 Years of Global Breach
27 © 2014 CA. ALL RIGHTS RESERVED.
Router implant
Infected routers discovered in Ukraine, Philippines, Mexico, and India
Kill chain started with a compromised privileged account– Probable spearfishing attack vector
Nation state sophistication– Rewrite of IOS firmware in place
– Protocol to download additional malware
– Bypass of MD5 hash boot integrity check
Success rate for targeted phishing attacks exceeds 95% after 5-7 attempts
SecurityCisco SYNful Knock BreachSophisticated Malware with a Very Familiar Pattern
28 © 2014 CA. ALL RIGHTS RESERVED.
Xceedium Confidential 28
Breaches almost always require an insider with privileged access -- Andras Cser, Forrester Research
SecurityWhy Does It Matter?
29 © 2014 CA. ALL RIGHTS RESERVED.
Network Perimeter
EXTERNAL THREATS
INTERNAL THREATS
C&C, Data/IPExfiltration
Wreak HavocElevate Privilege
Lateral Movement,Reconnaissance
Threat Actor
Trusted Insider
Gain/Expand Access
• Weak Authentication/Default Passwords
• Stolen/Compromised Credentials• Poor Password/Key Management• Shared Accounts/Lack of Attribution• Authentication = Access Control• No Limits on Lateral Movement• No Limits on Commands
• Lack of Monitoring/Analysis
SecurityPrivilege: Core of the Breach Kill Chain
30 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Privileged Access Manager Solution
31 © 2014 CA. ALL RIGHTS RESERVED.
CA Privileged Access Manager In Action
Vault & Manage Credentials
Hybrid Cloud EnvironmentPublicCloud
PrivateCloud
Traditional Data Center
Attribute Identity for Shared Accounts (e.g., Root/Admin)
Record Sessions and Metadata
Monitor and Enforce Policy
Federate Identity and Attributes (SSO)
Restrict Access to Authorized Systems
Positively Authenticate Users
Integrated Controls
And Unified
Policy ManagementPolicies
CredentialSafe® Session
Logs
FinanceDB:
adminPW: saints
SalesSrv: root
PW: cowboys
SalesSrv2: root
PW: bills
32 © 2014 CA. ALL RIGHTS RESERVED.
Security LATAM PartnerSummit10 Years of Global Breach
Of course there are exceptions when we talk
about privileged users..
33 © 2014 CA. ALL RIGHTS RESERVED.
The rise of the Application Economy will drive the need for an “identity dial-tone” to span all apps, helping to accelerate new app deployment
PREDICTION #2
There will be an Increased need for universal access to identity information across the enterprise. Apps of all kinds will need easy access to identity & entitlement info, and it will increasing be available thru identity system APIs. A common “identity dial-tone” will help simplify app development, and spur new innovative initiatives
Identity “dial-tone”
Employees Customers Partners
Cloud Apps Mobile Apps On-Prem Apps
34 © 2014 CA. ALL RIGHTS RESERVED.
SecuritySupporting identities that the user already trusts
35 © 2014 CA. ALL RIGHTS RESERVED.
SecurityAnyhow, Anywhere
36 © 2014 CA. ALL RIGHTS RESERVED.
SecuritySo you can allow mobile users to use a social identity…
37 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Advanced Authentication Solution
38 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Identity Suite Solution
39 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA API Management Solution
Throttling Prioritization Caching
Routing Traffic ControlTransformation
Security API – Enable The Data And Services
Composition Authentication Social SSOAPI KeysEntitlements
OAuth 1.x OAuth 2.0 OpenID Connect
Secure Access to the API
Token Service
Health Tracking
Workflow
Performance Global Staging
Reporting
Config Migration
Patch ManagementPolicy Migration
Manage the API Lifecycle
Developer Enrollment
Manage the Developer Community
API Docs
Forums
API Explorer
RankingsQuotas
Plans
Analytics
Developer Enrollment
40 © 2014 CA. ALL RIGHTS RESERVED.
Universal authentication comes to your pocket or purse
PREDICTION #3
There will be increased focus on authentication, driven by factors such as Obama’s executive order (for multi-factor authentication), chip and pin technology, etc. Many authentication trends will begin to converge – biometrics, geolocation, context, etc. Organizations will strive for “zero-touch authentication” to deliver as near a password-free an experience for their customers and employees as possible. Increasingly, the phone will be used as a universal authenticator.
Device as universal authenticator
Passwords
Conduct a transaction
Control a connected device (eg open a door)
Connect to an app
41 © 2014 CA. ALL RIGHTS RESERVED.
42 © 2014 CA. ALL RIGHTS RESERVED.
43 © 2014 CA. ALL RIGHTS RESERVED.
SecurityYou will need to support secure cross-device sign on
44 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Mobile API Gateway
45 © 2014 CA. ALL RIGHTS RESERVED.
Mobility & IoT drives the emergence of API-first architectures
PREDICTION #4
Apps (esp mobile apps) need to have reduced delivery times. But, traditional middleware is heavy and difficult to use to build these apps on. The rise of mobile and IoT will drive a move towards lighter-weight, API-first architectures in order to more easily connect these (and other devices) into the digital ecosystem.
APIs
LIGHTER-WEIGHT, API-BASED ARCHITECTURES
Developers
Customers
Employees
CloudServices
On-PremiseWeb Mobile loT
IDENTITIES DEVICE TYPES APP TYPES
Today there are 1.5 connected devices per person in the world. By 2020, there will be 8 devices per person
Biztech Magazine
46 © 2014 CA. ALL RIGHTS RESERVED.
SecurityWhat’s an API?
47 © 2014 CA. ALL RIGHTS RESERVED.
SecurityAPIs – A few years ago…
48 © 2014 CA. ALL RIGHTS RESERVED.
"alerts": [{“type": ”FLW”
"description": ”Flood Watch"
Integration
Speed Monetization
Experience
Internet of Things
SecurityAPIs – Today…
49 © 2014 CA. ALL RIGHTS RESERVED.
Internet of Things = New Risks
Luxury toilet that can be controlled via Android appConnection to the any toilet is done via the Bluetooth of the device
Toilet Attack?
SecurityIoT = New Risks
51 © 2014 CA. ALL RIGHTS RESERVED.
SecurityAPIs are also the new Perimeter
52 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA API Management Solution
53 © 2014 CA. ALL RIGHTS RESERVED.
Increased board visibility into corporate security strategy
PREDICTION #5
Corporate executives & boards will be increasingly held accountable for breaches that damage their corporate brand, so their level of involvement in security strategy will increase. Security will shift from an “IT problem” to an “Executive problem”. Concerns over “denial of business” (DoB) will drive increased Board oversight.
Identify
Protect
DetectRespond
Recover
Security Strategy & Infrastructure(example: NIST Cybersecurity Infrastructure)
Corporate & Customer Info
Board
54 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Security & APIM Solution
55 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Security & APIM Solution
56 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Security & APIM Solution
57 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Security & APIM Solution
58 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Security & APIM Solution
59 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Security & APIM Solution
60 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Security & APIM Solution
61 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Security & APIM Solution
62 © 2014 CA. ALL RIGHTS RESERVED.
SecurityCA Security & APIM Solution
63 © 2014 CA. ALL RIGHTS RESERVED.
64 © 2014 CA. ALL RIGHTS RESERVED.
Our promise…
To consistently deliver a superior experience by putting your organization at the center of all we do. The ultimate measure of our success is through your success
and earning your trust as a strategic partner.
Invest to build long-term
relationships
Deliver innovative business outcomes
Commit to each customer’s
success
64 © 2015 CA. ALL RIGHTS RESERVED.