SlideShare a Scribd company logo

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan, Director of Product Management & Security, CA Technologies @ Gartner Catalyst

Download as PPTX, PDF
CA API Management
CA API Management

Today’s enterprise mobility solutions emphasize heavy-handed IT governance of devices and applications that impose a burden on developers and/or users. However, managing data and applications using high performance mobile-optimized infrastructure can enable secure, scalable apps while minimizing the effort required by developers and allowing them to focus on their strengths. Come learn how to facilitate the best of both worlds – multi-layer mobile security using modern standards and a fantastic user experience.

Technology
1 of 21
Balancing Security and Developer Enablement in Enterprise Mobility Jaime Ryan Senior Director, Product Management & Strategy Gartner Catalyst August 12, 2014
“By 2015 mobile app development projects will outnumber native PC projects by a ratio of 4-to-1.”
3 © 2014 CA. ALL RIGHTS RESERVED. Mobility Adoption is Only Accelerating… Apple App Store: 44B downloads by 2016 App Proliferation > 75% of enterprises support personally- owned mobile devices Bring Your Own Device Tablets will be the primary computing device by 2017 Rapid Adoption
4 © 2014 CA. ALL RIGHTS RESERVED. ... It’s An App, App, App World Average apps per device 41 Business apps deployed per device by 2015 25 Mobile app downloads by 2016 44B Apps Are A Bigger Challenge Than Devices
5 © 2014 CA. ALL RIGHTS RESERVED. Different mobile apps require different security solutions Web API Custom App COTS AppWeb Browser 3rd Party • Access Management • Federation • API Security/Management • SDK: Advanced Auth, SSO • App Wrapping
6 © 2014 CA. ALL RIGHTS RESERVED. End-to-end Mobile Security App Wrapping Web API Identity / Device Management Adaptation Optimize Traffic Protect Data Notification Services Centralized Security Policy Mobile SDK Web Access Enterprise App Store Browser COTS Mobile Apps Custom Mobile Apps Developer Portal
7 © 2014 CA. ALL RIGHTS RESERVED. Device Management Application Development Application Management & Security API Management & Security Content Management & Security Apps ContentDevice Identity & Access Management Mobile Services Management* CA Mobility Strategy
8 © 2014 CA. ALL RIGHTS RESERVED. What’s Enabling Mobile App to Enterprise Connectivity? APIs
9 © 2014 CA. ALL RIGHTS RESERVED. The challenge - how do you bridge the gap? Security/IT Administrator - Control access to assets - Focusing on restricting access - Don’t understand app dev requirements App Development & UX - Get to market quickly - Measured on number of downloads - Security is something that obstructs UX - Improve user app experience - Don’t have time for evolving security standards
10 © 2014 CA. ALL RIGHTS RESERVED. Mobile Access Gateway Lightweight Secure Mobile Backend for Enterprise:  enable enterprises to develop more apps faster that leverage their existing data and application assets  provide a centrally controlled way of exposing backend data to mobile developers (design time) and apps (runtime) Securing mobile apps Increasing developer velocity
11 © 2014 CA. ALL RIGHTS RESERVED. Mobile Access Gateway Features
12 © 2014 CA. ALL RIGHTS RESERVED. Mobile Access Gateway - Features Optimization: Handle Scale • Cache calls to backend applications • Aggregated mobile requests • Compress traffic to minimize bandwidth costs and improve user experience • Pre-fetch content for hypermedia-based API calls Adaptation: Translate & Orchestrate Data & APIs • Legacy data source as RESTful APIs • XML and JSON transforms • Recompose & virtualize APIs to specific mobile identities, apps and devices • Orchestrate API mashups with configurable workflow Integration: Centralize Cloud Connectivity • Apple Push Notifications Service • Android Cloud to Device Messaging Framework • Proxy and manage app interactions with social networks Identity: Extending Enterprise Identity to Mobile • Mobile SSO for Android, iOS and Adobe PhoneGap • SM Session Cookie managed by mobile SDK • Granular access policies at user, app and device levels • OAuth 2.0 & OpenID Connect • Mobile Social Login (SalesForce, Gmail, LinkedIn, & Facebook) Security: Mobile Application Firewalling • Protect REST and SOAP APIs against DoS and API attacks • Proxy API streaming protocols like HTML5 Websocket and XMPP messaging • Enforce FIPS 140-2 grade data privacy and integrity • Validate data exchanges, including all JSON, XML, header and parameter content
13 © 2014 CA. ALL RIGHTS RESERVED. Mobile SDK – Simplified & secure consumption of APIs Layer 7 Mobile Single Sign On Solution is a complete end-to-end standards-based security solution.  Secure provisioning through CA Layer 7 Mobile Access Gateway  Leverage the underlying security in the mobile operating systems to create in effect a secure sign-on container  Client-side libraries implementing common security aspects – Easy-to-use device API for adding app to SSO session and set up mutual SSL – Single API call to leverage cryptographic security, OAuth, OpenID Connect, and PKI – iOS 6/7, Android 4.x & Adobe PhoneGap API Portal IdM
14 © 2014 CA. ALL RIGHTS RESERVED. Features  Cross app SSO – Provide a secure single sign on container by leveraging device OS security features  PKI Provisioning – Provide secure transfer, storage and pinning of certs  Secure transport – Configuration of secure communication (Mutual SSL)  Multi-Layered Security – Use certificates to provide additional trust to authentication
15 © 2014 CA. ALL RIGHTS RESERVED. Mobile SDK Benefits  Single Sign-On for Mobile apps – Simplified & Consistent UX across all Enterprise apps – Remove password typing on devices (as much as possible) – Access grant without browser redirection for authentication – Support for social login (Salesforce, LinkedIn, Google, Facebook) – Support for proprietary SSO tokens (SiteMinder)  Secure Transport – Configure mutual SSL for API calls ensuring apps use secure access to enterprise data  Easy to use SSO admin console – SSO Admin console allowing easy configuration and management of Users, Apps, and Devices – SSO Self Service portal – providing a simple UI where Users can manage their enterprise app entitlements and token sharing  Improved Developer eXperience – Simple device API for apps to participate in SSO session & decorate API calls with appropriate security mechanism – Easily benefit from cryptographic based security leveraging standards OAuth, OpenID Connect, JWT and PKI
16 © 2014 CA. ALL RIGHTS RESERVED. Native SDK For Mobile Developers + MAG Enterprise Network iPhone Android iPad App-sharable Secure Key Store API Servers Strong Security for Mobile Apps  Cross-platform and built for a consumer or BYOD world  100% Standards-based using OAuth+OpenID Connect  X-app SSO & secure channel  X.509 Certificate provisioning for strong auth and transaction signing
17 © 2014 CA. ALL RIGHTS RESERVED. Three entities enable fine-grained API security All three are managed by the SDK+MAG
18 © 2014 CA. ALL RIGHTS RESERVED. Protocol Strategy A B C username/password Access Token/ Refresh Token Per app Authorization Server OAuth + OpenID Connect + PKI  Profiled for mobile  Clear distinction between device, user and app MAG Signed Cert Certificate Signing Request ID Token (JWT Or SM Session Cookie
19 © 2014 CA. ALL RIGHTS RESERVED. Mobile Security Challenges  Secure access to enterprise data while maintaining usability (UX & DX)  Passwords are cumbersome on mobile devices  Hard for developers to keep track of the latest standards and to get security right  Multiple implementations, per app basis, leads to confusing UX  User personalization of apps difficult without mobile identity  Native apps need to integrate with existing enterprise identity governance  Mobile browser is not a trusted party  Bootstrapping trust between users, devices, apps and data centers  Enterprise access policies enforcement per app and user is non-trivial
20 © 2014 CA. ALL RIGHTS RESERVED. When is the CA Layer 7 Mobile Access Gateway relevant? Are you: - exposing backend APIs? - writing mobile apps that consume the exposed APIs - requiring mobile SSO for enterprise apps? - requiring mutual SSL for secure consumption of APIs for consumer or employee apps? - integrating cloud services into mobile apps? - integrating backend or legacy data into mobile apps? - requiring location based access control?
Senior Director, Product Management & Strategy Jaime.Ryan@ca.com JRyanL7 slideshare.net/CAinc linkedin.com/company/ca-technologies ca.com Jaime Ryan

Recommended

5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer Apps5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer AppsCA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Single Sign-On for Mobile
Single Sign-On for MobileSingle Sign-On for Mobile
Single Sign-On for MobileCA API Management
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerRajat Vijayvargiya
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 

Recommended

5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer Apps5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer AppsCA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Single Sign-On for Mobile
Single Sign-On for MobileSingle Sign-On for Mobile
Single Sign-On for MobileCA API Management
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerRajat Vijayvargiya
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointCA API Management
 
Trends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonTrends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonCA API Management
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...CA API Management
 
Mobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelMobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelCA Technologies
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API ManagementJames Farley-Sutton
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseCA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management SolutionCA API Management
 
CA API Gateway
CA API GatewayCA API Gateway
CA API GatewayJames Farley-Sutton
 
Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application EconomyCA Technologies
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...CA API Management
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...Akana
 
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...apidays
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption PatternsAkana
 
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014CA API Management
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 

More Related Content

What's hot

API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointCA API Management
 
Trends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonTrends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonCA API Management
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...CA API Management
 
Mobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelMobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelCA Technologies
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseCA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management SolutionCA API Management
 
Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application EconomyCA Technologies
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...CA API Management
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...Akana
 
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...apidays
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption PatternsAkana
 
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014CA API Management
 

What's hot (20)

API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePoint
 
Trends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonTrends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop London
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
 
Mobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelMobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next Level
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the Enterprise
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIs
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management Solution
 
CA API Gateway
CA API GatewayCA API Gateway
CA API Gateway
 
Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
 
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption Patterns
 
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
 

Viewers also liked

Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataCA API Management
 
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...CA API Management
 
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...CA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer appsCA API Management
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
The New Governance - Scott Morrison CTO Layer 7 Technologies
The New Governance - Scott Morrison CTO Layer 7 TechnologiesThe New Governance - Scott Morrison CTO Layer 7 Technologies
The New Governance - Scott Morrison CTO Layer 7 TechnologiesCA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 

Viewers also liked (15)

Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your Data
 
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
 
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
 
Layer 7 and Oracle -
Layer 7 and Oracle - Layer 7 and Oracle -
Layer 7 and Oracle -
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
 
The New Governance - Scott Morrison CTO Layer 7 Technologies
The New Governance - Scott Morrison CTO Layer 7 TechnologiesThe New Governance - Scott Morrison CTO Layer 7 Technologies
The New Governance - Scott Morrison CTO Layer 7 Technologies
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
 
Oracle API Gateway
Oracle API GatewayOracle API Gateway
Oracle API Gateway
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 

Similar to Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan, Director of Product Management & Security, CA Technologies @ Gartner Catalyst

Enterprise Mobility: winning strategies to get your organization ready for th...
Enterprise Mobility: winning strategies to get your organization ready for th...Enterprise Mobility: winning strategies to get your organization ready for th...
Enterprise Mobility: winning strategies to get your organization ready for th...Luca Rossetti
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application PlatformNugroho Gito
 
HTML5 Mobile Web Framework - High Level Design
HTML5 Mobile Web Framework - High Level DesignHTML5 Mobile Web Framework - High Level Design
HTML5 Mobile Web Framework - High Level DesignThanh Nguyen
 
Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation Delivery Centric
 
Mobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityMobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityCA Technologies
 
Creating the Borderless Workplace
Creating the Borderless WorkplaceCreating the Borderless Workplace
Creating the Borderless WorkplaceCA Technologies
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 
Kony Mobility Platform
Kony Mobility PlatformKony Mobility Platform
Kony Mobility PlatformVeeresh Nirni
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014Andrew Ames
 
Cloud Mobile App Development: Leveraging the Power of Cloud Computing
Cloud Mobile App Development: Leveraging the Power of Cloud ComputingCloud Mobile App Development: Leveraging the Power of Cloud Computing
Cloud Mobile App Development: Leveraging the Power of Cloud ComputingChetu
 
Mobile Application Framework - OFM Canberra September 2014
Mobile Application Framework - OFM Canberra September 2014Mobile Application Framework - OFM Canberra September 2014
Mobile Application Framework - OFM Canberra September 2014Joelith
 
Ibm mobile first platform presentation refresh 05 18-mc
Ibm mobile first platform presentation refresh 05 18-mcIbm mobile first platform presentation refresh 05 18-mc
Ibm mobile first platform presentation refresh 05 18-mcSaranga Tripathy
 
Red Hat Mobile
Red Hat MobileRed Hat Mobile
Red Hat MobileRed Hat
 
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCloudIDSummit
 
Powering your Apps with Cloud Services
Powering your Apps with Cloud ServicesPowering your Apps with Cloud Services
Powering your Apps with Cloud ServicesXpand IT
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesSumana Mehta
 
Enterprise Mobile Development Best Practices for 2015
Enterprise Mobile Development Best Practices for 2015Enterprise Mobile Development Best Practices for 2015
Enterprise Mobile Development Best Practices for 2015AnyPresence
 

Similar to Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan, Director of Product Management & Security, CA Technologies @ Gartner Catalyst (20)

Enterprise Mobility: winning strategies to get your organization ready for th...
Enterprise Mobility: winning strategies to get your organization ready for th...Enterprise Mobility: winning strategies to get your organization ready for th...
Enterprise Mobility: winning strategies to get your organization ready for th...
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
 
HTML5 Mobile Web Framework - High Level Design
HTML5 Mobile Web Framework - High Level DesignHTML5 Mobile Web Framework - High Level Design
HTML5 Mobile Web Framework - High Level Design
 
Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation
 
Mobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityMobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App Security
 
Creating the Borderless Workplace
Creating the Borderless WorkplaceCreating the Borderless Workplace
Creating the Borderless Workplace
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application Security
 
Kony Mobility Platform
Kony Mobility PlatformKony Mobility Platform
Kony Mobility Platform
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
 
Cloud Mobile App Development: Leveraging the Power of Cloud Computing
Cloud Mobile App Development: Leveraging the Power of Cloud ComputingCloud Mobile App Development: Leveraging the Power of Cloud Computing
Cloud Mobile App Development: Leveraging the Power of Cloud Computing
 
Mobile Application Framework - OFM Canberra September 2014
Mobile Application Framework - OFM Canberra September 2014Mobile Application Framework - OFM Canberra September 2014
Mobile Application Framework - OFM Canberra September 2014
 
Ibm mobile first platform presentation refresh 05 18-mc
Ibm mobile first platform presentation refresh 05 18-mcIbm mobile first platform presentation refresh 05 18-mc
Ibm mobile first platform presentation refresh 05 18-mc
 
Red Hat Mobile
Red Hat MobileRed Hat Mobile
Red Hat Mobile
 
Going Offline with Salesforce1 Mobile SDK
Going Offline with Salesforce1 Mobile SDKGoing Offline with Salesforce1 Mobile SDK
Going Offline with Salesforce1 Mobile SDK
 
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
 
Powering your Apps with Cloud Services
Powering your Apps with Cloud ServicesPowering your Apps with Cloud Services
Powering your Apps with Cloud Services
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity services
 
IBM MobileFirst Platform v7 Tech Overview
IBM MobileFirst Platform v7 Tech OverviewIBM MobileFirst Platform v7 Tech Overview
IBM MobileFirst Platform v7 Tech Overview
 
Enterprise Mobile Development Best Practices for 2015
Enterprise Mobile Development Best Practices for 2015Enterprise Mobile Development Best Practices for 2015
Enterprise Mobile Development Best Practices for 2015
 

More from CA API Management

Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
 
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ... Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...CA API Management
 
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014CA API Management
 
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...CA API Management
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?CA API Management
 
Your New Digital Business & APIs
Your New Digital Business & APIs Your New Digital Business & APIs
Your New Digital Business & APIs CA API Management
 
Mapping the API Landscape - Mike Amundsen, Director of API Architecture
Mapping the API Landscape - Mike Amundsen, Director of API ArchitectureMapping the API Landscape - Mike Amundsen, Director of API Architecture
Mapping the API Landscape - Mike Amundsen, Director of API ArchitectureCA API Management
 
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...CA API Management
 
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...CA API Management
 

More from CA API Management (10)

Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ... Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
 
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
 
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?
 
Your New Digital Business & APIs
Your New Digital Business & APIs Your New Digital Business & APIs
Your New Digital Business & APIs
 
Mapping the API Landscape - Mike Amundsen, Director of API Architecture
Mapping the API Landscape - Mike Amundsen, Director of API ArchitectureMapping the API Landscape - Mike Amundsen, Director of API Architecture
Mapping the API Landscape - Mike Amundsen, Director of API Architecture
 
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
 
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
 

Recently uploaded

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan, Director of Product Management & Security, CA Technologies @ Gartner Catalyst

  • 1. Balancing Security and Developer Enablement in Enterprise Mobility Jaime Ryan Senior Director, Product Management & Strategy Gartner Catalyst August 12, 2014
  • 2. “By 2015 mobile app development projects will outnumber native PC projects by a ratio of 4-to-1.”
  • 3. 3 © 2014 CA. ALL RIGHTS RESERVED. Mobility Adoption is Only Accelerating… Apple App Store: 44B downloads by 2016 App Proliferation > 75% of enterprises support personally- owned mobile devices Bring Your Own Device Tablets will be the primary computing device by 2017 Rapid Adoption
  • 4. 4 © 2014 CA. ALL RIGHTS RESERVED. ... It’s An App, App, App World Average apps per device 41 Business apps deployed per device by 2015 25 Mobile app downloads by 2016 44B Apps Are A Bigger Challenge Than Devices
  • 5. 5 © 2014 CA. ALL RIGHTS RESERVED. Different mobile apps require different security solutions Web API Custom App COTS AppWeb Browser 3rd Party • Access Management • Federation • API Security/Management • SDK: Advanced Auth, SSO • App Wrapping
  • 6. 6 © 2014 CA. ALL RIGHTS RESERVED. End-to-end Mobile Security App Wrapping Web API Identity / Device Management Adaptation Optimize Traffic Protect Data Notification Services Centralized Security Policy Mobile SDK Web Access Enterprise App Store Browser COTS Mobile Apps Custom Mobile Apps Developer Portal
  • 7. 7 © 2014 CA. ALL RIGHTS RESERVED. Device Management Application Development Application Management & Security API Management & Security Content Management & Security Apps ContentDevice Identity & Access Management Mobile Services Management* CA Mobility Strategy
  • 8. 8 © 2014 CA. ALL RIGHTS RESERVED. What’s Enabling Mobile App to Enterprise Connectivity? APIs
  • 9. 9 © 2014 CA. ALL RIGHTS RESERVED. The challenge - how do you bridge the gap? Security/IT Administrator - Control access to assets - Focusing on restricting access - Don’t understand app dev requirements App Development & UX - Get to market quickly - Measured on number of downloads - Security is something that obstructs UX - Improve user app experience - Don’t have time for evolving security standards
  • 10. 10 © 2014 CA. ALL RIGHTS RESERVED. Mobile Access Gateway Lightweight Secure Mobile Backend for Enterprise:  enable enterprises to develop more apps faster that leverage their existing data and application assets  provide a centrally controlled way of exposing backend data to mobile developers (design time) and apps (runtime) Securing mobile apps Increasing developer velocity
  • 11. 11 © 2014 CA. ALL RIGHTS RESERVED. Mobile Access Gateway Features
  • 12. 12 © 2014 CA. ALL RIGHTS RESERVED. Mobile Access Gateway - Features Optimization: Handle Scale • Cache calls to backend applications • Aggregated mobile requests • Compress traffic to minimize bandwidth costs and improve user experience • Pre-fetch content for hypermedia-based API calls Adaptation: Translate & Orchestrate Data & APIs • Legacy data source as RESTful APIs • XML and JSON transforms • Recompose & virtualize APIs to specific mobile identities, apps and devices • Orchestrate API mashups with configurable workflow Integration: Centralize Cloud Connectivity • Apple Push Notifications Service • Android Cloud to Device Messaging Framework • Proxy and manage app interactions with social networks Identity: Extending Enterprise Identity to Mobile • Mobile SSO for Android, iOS and Adobe PhoneGap • SM Session Cookie managed by mobile SDK • Granular access policies at user, app and device levels • OAuth 2.0 & OpenID Connect • Mobile Social Login (SalesForce, Gmail, LinkedIn, & Facebook) Security: Mobile Application Firewalling • Protect REST and SOAP APIs against DoS and API attacks • Proxy API streaming protocols like HTML5 Websocket and XMPP messaging • Enforce FIPS 140-2 grade data privacy and integrity • Validate data exchanges, including all JSON, XML, header and parameter content
  • 13. 13 © 2014 CA. ALL RIGHTS RESERVED. Mobile SDK – Simplified & secure consumption of APIs Layer 7 Mobile Single Sign On Solution is a complete end-to-end standards-based security solution.  Secure provisioning through CA Layer 7 Mobile Access Gateway  Leverage the underlying security in the mobile operating systems to create in effect a secure sign-on container  Client-side libraries implementing common security aspects – Easy-to-use device API for adding app to SSO session and set up mutual SSL – Single API call to leverage cryptographic security, OAuth, OpenID Connect, and PKI – iOS 6/7, Android 4.x & Adobe PhoneGap API Portal IdM
  • 14. 14 © 2014 CA. ALL RIGHTS RESERVED. Features  Cross app SSO – Provide a secure single sign on container by leveraging device OS security features  PKI Provisioning – Provide secure transfer, storage and pinning of certs  Secure transport – Configuration of secure communication (Mutual SSL)  Multi-Layered Security – Use certificates to provide additional trust to authentication
  • 15. 15 © 2014 CA. ALL RIGHTS RESERVED. Mobile SDK Benefits  Single Sign-On for Mobile apps – Simplified & Consistent UX across all Enterprise apps – Remove password typing on devices (as much as possible) – Access grant without browser redirection for authentication – Support for social login (Salesforce, LinkedIn, Google, Facebook) – Support for proprietary SSO tokens (SiteMinder)  Secure Transport – Configure mutual SSL for API calls ensuring apps use secure access to enterprise data  Easy to use SSO admin console – SSO Admin console allowing easy configuration and management of Users, Apps, and Devices – SSO Self Service portal – providing a simple UI where Users can manage their enterprise app entitlements and token sharing  Improved Developer eXperience – Simple device API for apps to participate in SSO session & decorate API calls with appropriate security mechanism – Easily benefit from cryptographic based security leveraging standards OAuth, OpenID Connect, JWT and PKI
  • 16. 16 © 2014 CA. ALL RIGHTS RESERVED. Native SDK For Mobile Developers + MAG Enterprise Network iPhone Android iPad App-sharable Secure Key Store API Servers Strong Security for Mobile Apps  Cross-platform and built for a consumer or BYOD world  100% Standards-based using OAuth+OpenID Connect  X-app SSO & secure channel  X.509 Certificate provisioning for strong auth and transaction signing
  • 17. 17 © 2014 CA. ALL RIGHTS RESERVED. Three entities enable fine-grained API security All three are managed by the SDK+MAG
  • 18. 18 © 2014 CA. ALL RIGHTS RESERVED. Protocol Strategy A B C username/password Access Token/ Refresh Token Per app Authorization Server OAuth + OpenID Connect + PKI  Profiled for mobile  Clear distinction between device, user and app MAG Signed Cert Certificate Signing Request ID Token (JWT Or SM Session Cookie
  • 19. 19 © 2014 CA. ALL RIGHTS RESERVED. Mobile Security Challenges  Secure access to enterprise data while maintaining usability (UX & DX)  Passwords are cumbersome on mobile devices  Hard for developers to keep track of the latest standards and to get security right  Multiple implementations, per app basis, leads to confusing UX  User personalization of apps difficult without mobile identity  Native apps need to integrate with existing enterprise identity governance  Mobile browser is not a trusted party  Bootstrapping trust between users, devices, apps and data centers  Enterprise access policies enforcement per app and user is non-trivial
  • 20. 20 © 2014 CA. ALL RIGHTS RESERVED. When is the CA Layer 7 Mobile Access Gateway relevant? Are you: - exposing backend APIs? - writing mobile apps that consume the exposed APIs - requiring mobile SSO for enterprise apps? - requiring mutual SSL for secure consumption of APIs for consumer or employee apps? - integrating cloud services into mobile apps? - integrating backend or legacy data into mobile apps? - requiring location based access control?
  • 21. Senior Director, Product Management & Strategy Jaime.Ryan@ca.com JRyanL7 slideshare.net/CAinc linkedin.com/company/ca-technologies ca.com Jaime Ryan

Editor's Notes

  1. Two sides Two constituencies Leads to confrontation
  2. Users / General Secure access to enterprise data while maintaining usability (UX & DX) Passwords are cumbersome on mobile devices Developers: Hard for developers to keep track of the latest standards and to get security right Multiple implementations, per app basis, leads to confusing UX User personalization of apps difficult without mobile identity Native apps need to integrate with existing enterprise identity governance Mobile browser is not a trusted party Enterprise architect Bootstrapping trust between users, devices, apps and data centers Enterprise access policies enforcement per app and user is non-trivial API Security http://en.wikipedia.org/wiki/File:Professional_System_Administrator.jpg
  3. We segmented the MAG features in 5 groups of features. Identity & Access Data & API Security Backend Adaptation Optimization for Mobile Orchestration with Outside Cloud & mobile Services
  4. Caching, compression and aggregation of requests for mobile use cases Recompose existing services, existing message formats, and existing protocols into new Web APIs that will appeal to today’s developer Centrally manage connectivity to SaaS and other outbound connections (social networks, push notifications, etc) Reuse an existing investment in IAM systems, or simplify access using social login; modernize by adding Oauth/OpenID Connect frontend Secure data and applications; protocol, threat protection, encryption, signing, rate limiting, token validation Set up all these backend systems, put security in place – now how does the developer build clients?
  5. Use the mobile SDK that does secure provisioning to and through that MAG Leverage built-in security on devices – native keychains Client-side libraries to implement complex interactions
  6. The solution provides several hooks for client or server integration with: Additional sources of trust like biometrics, CAC, SIM MDM solutions to provided jailbreak detection Location data providers
  7. Additional point: How do you leverage your existing identity infrastructure in mobile apps? Layer 7 Gateway integrates with a number of identity solutions. The MSSO will help you surface that in a secure and mobile friendly manner. CA SiteMinder Oracle Access Manager Oracle Entitlements Server IBM Tivoli Access Manager IBM Tivoli FIM Novell Access Manager Sun OpenSSO Ping Federate Microsoft Active Directory Microsoft ADFS
  8. What’s important for a system that is managing apps that consume APIs? You must track a number of entities to make sure you are making the right access control decisions to the APIs. You may find yourself in a position where you want to revoke access to an particular App B but not App A. Maybe its only when the app is running on a specific device you need to revoke access. The good news is that we have standards that cover some of this ground. OAuth 2.0 will help you with provisioning access tokens, on a per app basis. Usually today an App would need to register upfront to get a client id & secret. In future profiles like Dynamic Client Registration will simplify this process. But its important to keep in mind that you need to be able to uniquely identify an app. OpenID Connect will enable you to track a user session through a user token, a Jason Web Token. This is ideal for creating single sign on sessions. PKI as technology has been around for some time and is the basis for many strong auth systems. The key benefit is tapping into crypto-based security for authentication. This is a requirement in many sectors such as financial, banking, and US Federal. The problem with PKI is its hard to deploy and leverage for app developers who nearly always lack the skills and tooling to use it effectively.