Securely Enable the Open Enterprise

Transcription

1 Securely Enable the Open Enterprise Shirief Nosseir Security Business Lead Eastern & Africa 17 June

2 Key initiatives for IT security organizations DELIVER SECURE NEW BUSINESS SERVICES SECURE THE MOBILE, CLOUD-CONNECTED ENTERPRISE Enable the Business Social Logins Internet of Things Mobility Protect the Business Big Data Collaboration 2 PROTECT AGAINST INSIDER THREATS AND TARGETED ATTACKS Cloud Insider Targeted Threat Attacks

3 Some of our security credentials CA Security Solutions 150+ million , Billion / month 3

4 Key initiatives for IT security organizations DELIVER SECURE NEW BUSINESS SERVICES SECURE THE MOBILE, CLOUD-CONNECTED ENTERPRISE Enable the Business Social Logins Internet of Things Mobility Protect the Business Big Data Collaboration 4 PROTECT AGAINST INSIDER THREATS AND TARGETED ATTACKS Cloud Insider Targeted Threat Attacks

5 Life without API Management Enterprise Applications & Data 6

6 Life without API Management Enterprise Applications & Data Unmanageable Security Performance 7 Maintenance

7 Web API is the New Web Interface Enterprise Applications & Data Throttling Security Caching Access Control Metering / SLA Transformation Mediation Developer Mgt 8

8 Brave New World: Transform Backend Silos Into APIs Enterprise Applications & Data Throttling Security Caching Access Control Metering / SLA Transformation Mediation Cloud Services Developer Mgt Internet of Things Mobile Apps Social External Registration Developers 9 Partners / Divisions

9 Enabling Developers To Find & Use Your Services Layer 7 API Developer Portal Mobile Developers < Design Time < Mobile / IoT Apps Layer 7 API Gateway > Runtime > 10

10 Decentralized National Healthcare Problem: the government needed to reduce healthcare admin & overhead costs Solution: decentralized solution that securely pulls patient information from healthcare providers nationwide, and assembles them to create a complete patient record on demand Results: Reduce costs Improve quality of healthcare Protect patient record privacy 11

11 Telco: Publishing Telecom APIs Problem: publicly exposing Telecom APIs presents some unique challenges around how they get packaged, secured and managed for easy consumption Solution: policy-based controls allowed defining the identity and security for their APIs; track usage; monitor interface health; and update APIs without breaking client applications Results: an agile IT platform on which to develop new offerings faster and at less cost by reusing/recomposing existing services 12

12 Advanced authentication & fraud detection Security Convenience Cost Layer 1 Layer 2 Invisible Risk-Based Authentication Strong / Appropriate Authentication 14

13 Advanced authentication & fraud detection Security Convenience Cost OTP can be delivered by SMS, voice or Layer 1 Layer 2 Invisible Risk-Based Authentication Strong / Appropriate Authentication 15

14 Are all soft tokens secure? Key Rule: Hex, Begins and Ends with 1 Standard Software Key Container Protected Key: 1E459FC479C3B41 Brute Force Library Attack 6 digit PIN, 1 million results A2B199C7CD39J51 156F85A750265BA 17FA3FF43B82C6D C1399D66A114E65 1E459FC479C3B41 B4D3A1E75294A4D Pate ted Cryptographic Ca ouflage ArcotID Software Key Container Protected Key: 1E459FC479C3B41 Brute Force Library Attack 1CE59A451B257C1 1DC1A4596B79B21 159CA7C8439BA31 1A964942B5AC5B1 1E459FC479C3B ABC59DE C2A7EF64DA1 16 Each is a plausible result The only way to determine correct key is to sign a challenge and send it to the AuthMinder Authentication Server

15 CA Advanced Authentication endorsements Si e the i e tio of pu li key ryptography 25 years ago, people have been struggling to secure the private key without the assistance of hardware. Dr. Martin E.Hellman Professor Emeritus Stanford University Inventor of PKI Dr. Taher Elgamal PhD Stanford Inventor of SSL while at Netscape Arcot s innovative Cryptographic Camouflage* has solved this problem. Finally there is a cost-effective and convenient means to strongly authenticate users and transactions over the internet without the need for cumbersome hardware. * patent 7,170,058 Perhaps o e of the eakest li ks i a essi g i porta t internet assets is a strong tie between the user and the areas they have the right to access. The use of a simple user namepassword mechanism is truly a weak link. What is unique about Arcot s approach is that it is both strong and people friendly.. 17

16 CA AuthMinder Flexibility Authentication Methods ArcotID PKI ArcotID OTP Q&A ID Proof OATH Policy Server Business Rules Config OTPSMS, CAP/ DPA Callout LDAP Mainframe Other Proprietary Notifications, Alerts, Reports AuthN Engine Authentication Interfaces SiteMinder and other WAMS SAML Challenge/ Response RADIUS 18 OpenID Custom Response

17 Optimized Customer Experience A key Differentiator Application Mobile Browser Rich Mobile App Customers Next Cool Thing Advanced Authentication Security Policy Security Policies 20 Application Session Management API Management Partners Identity Stores Web Access Management Employees Application Application

18 Thank You Shirief Nosseir Security Business Lead Eastern & Slideshare.net/CAinc linkedin.com/company/ca-technologies ca.com