Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan, Director of Product Management & Security, CA Technologies @ Gartner Catalyst


Published on

Today’s enterprise mobility solutions emphasize heavy-handed IT governance of devices and applications that impose a burden on developers and/or users. However, managing data and applications using high performance mobile-optimized infrastructure can enable secure, scalable apps while minimizing the effort required by developers and allowing them to focus on their strengths. Come learn how to facilitate the best of both worlds – multi-layer mobile security using modern standards and a fantastic user experience.

Published in: Technology
  • Login to see the comments

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan, Director of Product Management & Security, CA Technologies @ Gartner Catalyst

  1. 1. Balancing Security and Developer Enablement in Enterprise Mobility Jaime Ryan Senior Director, Product Management & Strategy Gartner Catalyst August 12, 2014
  2. 2. “By 2015 mobile app development projects will outnumber native PC projects by a ratio of 4-to-1.”
  3. 3. 3 © 2014 CA. ALL RIGHTS RESERVED. Mobility Adoption is Only Accelerating… Apple App Store: 44B downloads by 2016 App Proliferation > 75% of enterprises support personally- owned mobile devices Bring Your Own Device Tablets will be the primary computing device by 2017 Rapid Adoption
  4. 4. 4 © 2014 CA. ALL RIGHTS RESERVED. ... It’s An App, App, App World Average apps per device 41 Business apps deployed per device by 2015 25 Mobile app downloads by 2016 44B Apps Are A Bigger Challenge Than Devices
  5. 5. 5 © 2014 CA. ALL RIGHTS RESERVED. Different mobile apps require different security solutions Web API Custom App COTS AppWeb Browser 3rd Party • Access Management • Federation • API Security/Management • SDK: Advanced Auth, SSO • App Wrapping
  6. 6. 6 © 2014 CA. ALL RIGHTS RESERVED. End-to-end Mobile Security App Wrapping Web API Identity / Device Management Adaptation Optimize Traffic Protect Data Notification Services Centralized Security Policy Mobile SDK Web Access Enterprise App Store Browser COTS Mobile Apps Custom Mobile Apps Developer Portal
  7. 7. 7 © 2014 CA. ALL RIGHTS RESERVED. Device Management Application Development Application Management & Security API Management & Security Content Management & Security Apps ContentDevice Identity & Access Management Mobile Services Management* CA Mobility Strategy
  8. 8. 8 © 2014 CA. ALL RIGHTS RESERVED. What’s Enabling Mobile App to Enterprise Connectivity? APIs
  9. 9. 9 © 2014 CA. ALL RIGHTS RESERVED. The challenge - how do you bridge the gap? Security/IT Administrator - Control access to assets - Focusing on restricting access - Don’t understand app dev requirements App Development & UX - Get to market quickly - Measured on number of downloads - Security is something that obstructs UX - Improve user app experience - Don’t have time for evolving security standards
  10. 10. 10 © 2014 CA. ALL RIGHTS RESERVED. Mobile Access Gateway Lightweight Secure Mobile Backend for Enterprise:  enable enterprises to develop more apps faster that leverage their existing data and application assets  provide a centrally controlled way of exposing backend data to mobile developers (design time) and apps (runtime) Securing mobile apps Increasing developer velocity
  11. 11. 11 © 2014 CA. ALL RIGHTS RESERVED. Mobile Access Gateway Features
  12. 12. 12 © 2014 CA. ALL RIGHTS RESERVED. Mobile Access Gateway - Features Optimization: Handle Scale • Cache calls to backend applications • Aggregated mobile requests • Compress traffic to minimize bandwidth costs and improve user experience • Pre-fetch content for hypermedia-based API calls Adaptation: Translate & Orchestrate Data & APIs • Legacy data source as RESTful APIs • XML and JSON transforms • Recompose & virtualize APIs to specific mobile identities, apps and devices • Orchestrate API mashups with configurable workflow Integration: Centralize Cloud Connectivity • Apple Push Notifications Service • Android Cloud to Device Messaging Framework • Proxy and manage app interactions with social networks Identity: Extending Enterprise Identity to Mobile • Mobile SSO for Android, iOS and Adobe PhoneGap • SM Session Cookie managed by mobile SDK • Granular access policies at user, app and device levels • OAuth 2.0 & OpenID Connect • Mobile Social Login (SalesForce, Gmail, LinkedIn, & Facebook) Security: Mobile Application Firewalling • Protect REST and SOAP APIs against DoS and API attacks • Proxy API streaming protocols like HTML5 Websocket and XMPP messaging • Enforce FIPS 140-2 grade data privacy and integrity • Validate data exchanges, including all JSON, XML, header and parameter content
  13. 13. 13 © 2014 CA. ALL RIGHTS RESERVED. Mobile SDK – Simplified & secure consumption of APIs Layer 7 Mobile Single Sign On Solution is a complete end-to-end standards-based security solution.  Secure provisioning through CA Layer 7 Mobile Access Gateway  Leverage the underlying security in the mobile operating systems to create in effect a secure sign-on container  Client-side libraries implementing common security aspects – Easy-to-use device API for adding app to SSO session and set up mutual SSL – Single API call to leverage cryptographic security, OAuth, OpenID Connect, and PKI – iOS 6/7, Android 4.x & Adobe PhoneGap API Portal IdM
  14. 14. 14 © 2014 CA. ALL RIGHTS RESERVED. Features  Cross app SSO – Provide a secure single sign on container by leveraging device OS security features  PKI Provisioning – Provide secure transfer, storage and pinning of certs  Secure transport – Configuration of secure communication (Mutual SSL)  Multi-Layered Security – Use certificates to provide additional trust to authentication
  15. 15. 15 © 2014 CA. ALL RIGHTS RESERVED. Mobile SDK Benefits  Single Sign-On for Mobile apps – Simplified & Consistent UX across all Enterprise apps – Remove password typing on devices (as much as possible) – Access grant without browser redirection for authentication – Support for social login (Salesforce, LinkedIn, Google, Facebook) – Support for proprietary SSO tokens (SiteMinder)  Secure Transport – Configure mutual SSL for API calls ensuring apps use secure access to enterprise data  Easy to use SSO admin console – SSO Admin console allowing easy configuration and management of Users, Apps, and Devices – SSO Self Service portal – providing a simple UI where Users can manage their enterprise app entitlements and token sharing  Improved Developer eXperience – Simple device API for apps to participate in SSO session & decorate API calls with appropriate security mechanism – Easily benefit from cryptographic based security leveraging standards OAuth, OpenID Connect, JWT and PKI
  16. 16. 16 © 2014 CA. ALL RIGHTS RESERVED. Native SDK For Mobile Developers + MAG Enterprise Network iPhone Android iPad App-sharable Secure Key Store API Servers Strong Security for Mobile Apps  Cross-platform and built for a consumer or BYOD world  100% Standards-based using OAuth+OpenID Connect  X-app SSO & secure channel  X.509 Certificate provisioning for strong auth and transaction signing
  17. 17. 17 © 2014 CA. ALL RIGHTS RESERVED. Three entities enable fine-grained API security All three are managed by the SDK+MAG
  18. 18. 18 © 2014 CA. ALL RIGHTS RESERVED. Protocol Strategy A B C username/password Access Token/ Refresh Token Per app Authorization Server OAuth + OpenID Connect + PKI  Profiled for mobile  Clear distinction between device, user and app MAG Signed Cert Certificate Signing Request ID Token (JWT Or SM Session Cookie
  19. 19. 19 © 2014 CA. ALL RIGHTS RESERVED. Mobile Security Challenges  Secure access to enterprise data while maintaining usability (UX & DX)  Passwords are cumbersome on mobile devices  Hard for developers to keep track of the latest standards and to get security right  Multiple implementations, per app basis, leads to confusing UX  User personalization of apps difficult without mobile identity  Native apps need to integrate with existing enterprise identity governance  Mobile browser is not a trusted party  Bootstrapping trust between users, devices, apps and data centers  Enterprise access policies enforcement per app and user is non-trivial
  20. 20. 20 © 2014 CA. ALL RIGHTS RESERVED. When is the CA Layer 7 Mobile Access Gateway relevant? Are you: - exposing backend APIs? - writing mobile apps that consume the exposed APIs - requiring mobile SSO for enterprise apps? - requiring mutual SSL for secure consumption of APIs for consumer or employee apps? - integrating cloud services into mobile apps? - integrating backend or legacy data into mobile apps? - requiring location based access control?
  21. 21. Senior Director, Product Management & Strategy JRyanL7 Jaime Ryan