Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely Leverage IoT

20. 20 © 2014 CA. ALL RIGHTS RESERVED. Dumb Things Collect Data Do Something Quantified Self Track exercise, calories consumed, sleeping habits Suggestion-based fitness Create customized workouts, social running routes, sleep suggestions Surveillance Capture images/video – home, retail, gambling Security Unlock door based on Bluetooth or NFC proximity Agricultural Sensors Track conditions in soil, air, supply chain Industrial Farm Equipment Increase/decrease irrigation, feed, pesticides Smart Parking Record and plot empty parking spaces Connected Meters Email driver when it’s time to pay for more time Disease Tracking Wearables Sensors in underwear, pacemakers, Notification and Medication Administration Remind patient to take medications; notify emergency medical personnel prior to seizure Manage Retail Inventory Location of items in-store, automatically updated inventory Ordering/Loss Prevention Place new order upon low inventory; alert staff if removed from store Energy Usage Tracking Identify power-guzzling appliances, collect meter readings Home Automation Turn on lights, manage AC/heating, regulate power

23. 23 © 2014 CA. ALL RIGHTS RESERVED. Smart Things  Bridge the gap between dumb things  Allow for human interaction and decision-making  Create/enforce policy - IFTTT  Portal/UI into the world of data  App-based Laptops, desktops, tablets, phones, smartwatches

24. 24 © 2014 CA. ALL RIGHTS RESERVED. What does the architecture look like? Cloud Sensors & Actuators Mobile/App Marketplace Mobile/App Server Gateway Server Gateway Overlapping Domains of Interest (Clustered Graphs) Mobile/App Mobile/App Mobile/App Domain A Domain B Domain C = A ∩ B Domain E = C ∩ …

39. 39 © 2014 CA. ALL RIGHTS RESERVED. What are the concerns? IDENTITY CUSTODY PRIVACY • How do we make sure we retain control? • How do we authenticate ourselves in person and online? • How do we delegate information to interested parties? • Who has our information? • What information do they have? • What do they need? • Who do we trust? Why? • How does information get from one place to another? • Are those pathways secure? • What role do we play?

46. 46 © 2014 CA. ALL RIGHTS RESERVED. Developer Management Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Operations Management Throttling Prioritization Caching Routing Traffic ControlTransformation Security Interface Management Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenID Connect Identity Management Key Functional Areas of API Management Token Service

48. Senior Director, Prouct Management & Strategy Jaime.Ryan@ca.com @JRyanL7 https://www.facebook.com/Layer7 linkedin.com/company/ca-technologies ca.com Jaime Ryan

49. 49 © 2014 CA. ALL RIGHTS RESERVED. References  http://techcrunch.com/2014/04/14/google-acquires-titan-aerospace-the-drone-company-pursued-by-facebook/  http://www.cnet.com/news/google-buys-solar-powered-drone-company-titan-aerospace/  http://finance.yahoo.com/news/facebooks-feature-users-thoroughly-creeped-005800620.html  http://www.foxnews.com/leisure/2013/09/04/hackers-find-weaknesses-in-car-computer-systems/  http://www.mirror.co.uk/news/technology-science/technology/spies-can-listen-your-iphone-3670347  http://www.theblaze.com/stories/2013/08/02/report-fbi-can-remotely-turn-on-phone-microphones-for-spying/  http://www.theblaze.com/stories/2011/04/18/can-your-smartphone-use-your-microphone-camera-to-gather-data-yes/  http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/  cow: https://www.flickr.com/photos/julochka/  milk: https://www.flickr.com/photos/crazytales562/  https://security.google.com/settings/security/permissions?pli=1  https://www.facebook.com/help/405183566203254/  http://www.businessinsider.com/facebook-app-privacy-controls-2012-10

50. 50 © 2014 CA. ALL RIGHTS RESERVED. Copyright © 2014 CA. The Nike logo is either a registered trademark or trademark of Nike Corporation in the United States and/or other countries. The Sonos logo is either a registered trademark or trademark of Sonos Corporation in the United States and/or other countries. The Google logo is either a registered trademark or trademark of Google Corporation in the United States and/or other countries. The Facebook logo is either a registered trademark or trademark of Facebook Corporation in the United States and/or other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. Certain information in this publication may outline CA’s general product direction. However, CA may make modifications to any CA product, software program, method or procedure described in this publication at any time without notice, and the development, release and timing of any features or functionality described in this publication remain at CA’s sole discretion. CA will support only the referenced products in accordance with (i) the documentation and specifications provided with the referenced product, and (ii)CA’s then-current maintenance and support policy for the referenced product. Notwithstanding anything in this publication to the contrary, this publication shall not: (i) constitute product documentation or specifications under any existing or future written license agreement or services agreement relating to any CA software product, or be subject to any warranty set forth in any such written agreement; (ii) serve to affect the rights and/or obligations of CA or its licensees under any existing or future written license agreement or services agreement relating to any CA software product; or (iii) serve to amend any product documentation or specifications for any CA software product. THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connection with this presentation, including, without limitation, lost profits, lost investment, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages.

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely Leverage IoT

CA API Management

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely Leverage IoT