Layer 7: Cloud Security For The Public Sector

Presentation by Layer 7 Public Sector CTO Adam Vincent on Cloud risks, threats and security for the public sector.

Cloud Security for Public Sector
Tower Club
Presented by: Adam Vincent, CTO Public Sector, Layer 7 Technologies
avincent@gov.layer7tech.com

In the Cloud

Risks to Cloud Consumers:

• Security and Privacy – how can I be
sure that my data and applications will be
secure?

• Business Continuity – what happens if
my Internet provider or cloud provider
goes down?

• Business Value – how can I be sure my
cloud service provider is meeting my
SLA?

• Compliance – how can I ensure
regulatory/legal compliance?

“Sharing the Cloud”

2
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com

Traditional Information Assurance - Multi-Tenant

Multi-Tenant Cloud Environments

= Problem

Cloud Consumers

3
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com

Introducing New Risk: Cloud Attack Surface

Enterprise Enterprise Enterprise

Perimeter Zone
Internet Zone Perimeter Zone
Internet Zone Perimeter Zone
Internet Zone
Traditional Software/OS
&
Perimeter Defense ApplicationZone
Perimeter Zone ApplicationZone
Perimeter Zone ApplicationZone
Perimeter Zone

Virtual Server Zone
Application Zone Virtual Server Zone
Application Zone Virtual Server Zone
Application Zone

Cloud API’s & Governance
Shared API’s & Cloud Governance
vulnerabilities

Hypervisor Exploitation Shared Hypervisor

Hardware Exploitation Shared Hardware
& Supply Chain

Insider Threat Shared People

4
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com

Introducing New Risk: When the Cloud Attacks

Leveraging the Cloud Nefariously:

• Denial of Service – how can I be
sure that my cloud is not being used to
launch a DoS?

• Cryptographic Analysis– how can I
be sure that my cloud isn’t working
towards breaking someone's
encryption?

• Command & Control – how can I
ensure that my cloud is not providing
an adversary a platform to monitor and
control a cyber attack?
“Responsibility for Good not Evil”

5
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com

Example: Thunderclap Proof of Concept
Thunderclap – “Cloud Computing – A Weapon of Mass Destruction? (DEFCON
2010)”
• Proof of Concept showing how DDoS attack could be run from the cloud

Value Proposition (my interpretation)
• Performance: Massive Bandwidth & Power = Plentiful
• Up Front Cost: Stolen Credit Card Number = Free
• Time: Little to none once initial R&D is completed = Time for hobbies
• Value: Charge $$$ to highest bidder = Make massive profit

Conclusion: Not a bad business model!

6
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com

Conclusions
 Cloud provides a powerful & agile capability for small, medium, and large businesses.
 Cloud Consumers
- Connect: “your cloud capabilities” to current information assurance/cyber defense
solutions & requirements
- Protect: “your cloud capabilities” from the threat of shared governance, API’s,
networks, virtualization platforms, and hardware
 Cloud Providers
- Control: “your cloud infrastructure” with detection and discovery to ensure that it
isn't being abused, directed against others, compromised or used for free

Layer 7 Technologies:
CloudSpan products: CloudConnect, CloudProtect and CloudControl help
organizations at each stage of their cloud adoption curve, from consuming SaaS
services, to running applications securely in the cloud, to becoming a provider of
cloud and SaaS services.
7
Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com

Do you want to drive new software developers and apps into your API ecosystem? Would you like to build awareness and engagement in the developer community? Software competitions enable you to leverage outside talent and find creative solutions to your problems. Using the tools you provide (like APIs, SDKs and/or datasets), competing developers can work individually or in teams to build applications that meet your unique requirements and enhance the value of your platform. The social nature of these app competitions drives engagement with your product and helps to foster a community around your brand. This webinar featuring ChallengePost and Layer 7 Technologies will give you a how-to guide for setting up an app challenge.

Security As A Service

George Fares

Cloud Escrow van Escrow Alliance

EscrowDirect.eu

Met Cloud is uw IT omgeving volledig in handen van uw leveranciers. Licenties, gevirtualiseerde platforms, infrastructuur en de toegang to uw meest bedrijfskritische applicaties en data. De flexibiliteit van Cloud komt met een risico. Het risico om uw kritische applicaties en data te verliezen wordt voorkomen met Cloud Escrow. Cloud Escrow levert beschikbaarheid van kritische applicaties. De oplossing is een Cloud Escrow die data, applicaties, instellingen en onderliggende afhankelijkheden opslaat in een beveiligde digitale toegankelijke escrow uitwijk omgeving. Cloud Escrow is veel meer dan alleen de bescherming van broncode zoals bekend uit bestaande software escrow. Met Cloud Escrow wordt een regeling opgezet waarbij alle benodigde facetten worden geregeld ter voorkoming van het voorgoed wegvallen van uw “Cloud IT omgeving”. De Cloud Escrowregeling is beschikbaar sinds 6 oktober 2011

John Merline - How make your cloud SASE

AWS Chicago

Strategy Cloud and Security as a Service

Aberla

SaaS Challenges & Security Concerns

Kannan Subbiah

Cisco Collaboration-Spark Presentation

Simplex

Get work done whether you are together or apart. Cisco Spark is everything a team needs for messages, meetings and calls, all available at the touch of a finger. Cisco Spark is always and everywhere available and the only one backed by Cisco security and reliability. Presentation of Cisco Spark and Collaboration during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.

Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting cloud services for their businesses, measures need to be developed so that organizations can be assured of security in their businesses and can choose a suitable vendor for their computing needs. Cloud computing depends on the internet as a medium for users to access the required services at any time on pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities from illegal users have threatened this technology such as data misuse, inflexible access control and limited monitoring. The occurrence of these threats may result into damaging or illegal access of critical and confidential data of users. In this paper we identify the most vulnerable security threats/attacks in cloud computing, which will enable both end users and vendors to know a bout the k ey security threats associated with cloud computing and propose relevant solution directives to strengthen security in the Cloud environment. We also propose secure cloud architecture for organizations to strengthen the security.

Cloud Access Security Brokers - CASB

Samrat Das

PCI and the Cloud

CloudPassage

Join the discussion with Andrew Hay, Chief Evangelist of CloudPassage and Dave Shackleford, Senior Vice President, Research and Chief Technology Officer of IANS. In this presentation, we will discuss: - How compliance is affected by using private, hybrid, and public cloud environments - What to consider when researching providers who offer "PCI-compliant" clouds - Recommendations for improving compliance and security posture in the cloud

Architect secure cloud services.

How SASE can help you move securely from the PSN with VMware and Breeze Networks

Articulate Marketing

Trend micro v2JD Sherry

Ot ics cyberattaques dans les organisations industrielles

What Comes After VPN?

Many IT teams used an “M&M” approach to design network security: create a hard shell or perimeter around the soft interior. For remote users, traditional L3 VPNs extend that perimeter, placing remote users' endpoints directly onto the enterprise network. This puts the enterprise's network and data at risk from a range of threats - compromised credentials can lead to unintended exposure, as attackers move laterally throughout the network environment.

Ea2009 Cloud Computing Discussion

Marc Caltabiano

Cloud vs. On-Premises Security: Can you afford not to switch?

As the cloud transforms enterprise IT, it brings a lot more savings than cold hard cash. No question, reducing infrastructure costs is the #1 attraction to cloud. But there are two other cost dimensions with huge impact on security that must not be ignored. The payoffs depend on whether you approach security with a cloud vs. on-premises model. An organization’s choices are crucial – both for enterprise security and for the roles of its stakeholders.

Cisco Meraki Overview

SSISG

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

Alert Logic

With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Misha Govshteyn, VP of Emerging Products at Alert Logic will present a new approach for a an IDS solution in a public cloud.

The Context Aware Network A Holistic Approach to BYOD

Palo Alto Networks: Protection for Security & Compliance

Companies moving workloads to the AWS Cloud may look for additional help maintaining PCI Compliance, improving workload visibility, and creating consistent security across their IT environment. Palo Alto Networks’ VM-Series with GlobalProtect helps organizations segment and monitor network traffic coming from thousands of remote data collection devices, helping them ensure PCI Compliance. Join our upcoming webinar to hear Palo Alto Networks and AWS discuss best practices for creating consistent security across hybrid IT environments using VM-Series with GlobalProtect, and how Warren Rogers leveraged it to help achieve PCI Compliance. Leverage VM-Series as a subscription through the AWS Marketplace or as a Bring-Your-Own-License to exert positive control over applications, prevent threats within your application flows, and provide consistent security to your IT environment. Join us to learn: • Best practices for enabling application-level segmentation policies for services like Amazon Virtual Private Clouds • How to help protect your AWS workload deployment from cyber threats while maintaining data segmentation • How Warren Rogers implemented policies to control and monitor user activity within each defined group Who Should Attend: Directors, Security Managers, Security Engineers, Security Architects, IT System Administrators, System Administrators, IT Administrators, IT Managers, IT Architects, IT Security Engineers, Business Decision Makers

Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber

In the presentation, we plan to announce the full version of a new open source tool called "Cloudefigo" and explain how it enables accelerated security lifecycle. We demonstrate how to launch a pre-configured, already patched instance into an encrypted storage environment automatically while evaluating their security and mitigating them automatically if a vulnerability is found. In the live demo, we leverage Amazon Web Services EC2 Cloud-Init scripts and object storage for provisioning automated security configuration, integrating encryption, including secure encryption key repositories for secure server's communication. The result of those techniques is cloud servers that are resilient, automatically configured, with the reduced attack surface.

Aws IoT and robotics reinvent attendee guide 2021

Anthony Charbonnier

Meraki Company Presentation

Gautham Sajith

Rethinking Cybersecurity for the Digital Transformation Era

Governance 2.0: A New Look at SOA Governance in The Age of Cloud and Mobile

As enterprises extend their IT reach into the cloud and across mobile devices, the need for controlling who gets access to what information becomes more complex. As application data and functionality gets exposed over the Internet enterprises are going to face greater compliance scrutiny, new challenges in identity verification, increased emphasis in SLA conformance, monitoring challenges that span cloud applications and application, policy and interface lifecycle needs that extend to mobile devices and SaaS integrations. This Webinar given by Layer 7 Technologies and HP Software will look at new approaches and best practices for handling Governance across SOA, Mobile and Cloud. Visit www.layer7tech.com to learn more.

CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

CloudIDSummit

What's hot

2012 10 cloud security architectureVladimir Jirasek

Cloud security and security architecture

Vladimir Jirasek

SECURE CLOUD ARCHITECTURE

acijjournal

Cloud Access Security Brokers - CASB

Samrat Das

PCI and the Cloud

CloudPassage

Architect secure cloud services.

How SASE can help you move securely from the PSN with VMware and Breeze Networks

Articulate Marketing

Trend micro v2JD Sherry

Ot ics cyberattaques dans les organisations industrielles

What Comes After VPN?

Ea2009 Cloud Computing Discussion

Marc Caltabiano

Cloud vs. On-Premises Security: Can you afford not to switch?

Cisco Meraki Overview

SSISG

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

Alert Logic

The Context Aware Network A Holistic Approach to BYOD

Palo Alto Networks: Protection for Security & Compliance

Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber

Aws IoT and robotics reinvent attendee guide 2021

Anthony Charbonnier

Meraki Company Presentation

Gautham Sajith

Rethinking Cybersecurity for the Digital Transformation Era

What's hot (20)

2012 10 cloud security architecture

Cloud security and security architecture

SECURE CLOUD ARCHITECTURE

Cloud Access Security Brokers - CASB

PCI and the Cloud

Architect secure cloud services.

How SASE can help you move securely from the PSN with VMware and Breeze Networks

Trend micro v2

Ot ics cyberattaques dans les organisations industrielles

What Comes After VPN?

Ea2009 Cloud Computing Discussion

Cloud vs. On-Premises Security: Can you afford not to switch?

Cisco Meraki Overview

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

The Context Aware Network A Holistic Approach to BYOD

Palo Alto Networks: Protection for Security & Compliance

Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber

Aws IoT and robotics reinvent attendee guide 2021

Meraki Company Presentation

Rethinking Cybersecurity for the Digital Transformation Era

Viewers also liked

Governance 2.0: A New Look at SOA Governance in The Age of Cloud and Mobile

CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

CloudIDSummit

Layer 7: Building Multi Enterprise SOA

Effective Emails That Give a Response Every Time

Enoch James

Successful Enterprise Single Sign-on: Addressing Deployment Challenges

Hitachi ID Systems, Inc.

Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise

Janine Anthony Bowen, Esq.

Take a fresh approach to IT security and management, designed specifically for mobile Overview Twenty years ago, laptops revolutionized how the enterprise conducted business. But with the laptop came a host of new security and manageability challenges that we are arguably still trying to work out. Now, mobile computing promises to be exponentially more disruptive. It is a mistake to think you can apply yesterday’s laptop thinking to today’s mobile devices and still maintain a secure infrastructure. Mobile devices are radically different from laptops and they are evolving at a completely different pace, so they demand a fresh approach.

Viewers also liked (6)

Governance 2.0: A New Look at SOA Governance in The Age of Cloud and Mobile

CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

Layer 7: Building Multi Enterprise SOA

Effective Emails That Give a Response Every Time

Successful Enterprise Single Sign-on: Addressing Deployment Challenges

Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise

Similar to Layer 7: Cloud Security For The Public Sector

Enhancing your Cyber Skills through a Cyber Range

scoopnewsgroup

VMware Zimbra vs. Novell GroupwiseMike K

Cloud computing security john abrena - chicago tour

Ramon Ray

Cloud Security: Perception Vs. Reality

Internap

Appistry Cloud Computing for Government Featuring FedExAppistry

BayThreat Why The Cloud Changes Everything

CloudPassage

Subtitle: How I Learned to Stop Worrying and Get DevOps to Love Security These slides are from a talk delivered by Rand Wacker at BayThreat 2011. ABSTRACT: Take a look around, you might be surprised who is running servers in the cloud; you might be even more surprised about what they are running. Unfortunately, these people rarely if ever thought to tell the security teams, and that means big problems for us all. Securing servers in the cloud is different, very different, than in a traditional data center, but all the same risks are there. Lets start by understanding who is using the cloud, why it is so different, and what works and doesn't work from our typical security toolbox. Then lets try to solve some of those problems and come up with some best practices to help us and those we work with do what they need…securely.

EclipseCon Europe 2011 m2m workshop

Thibault Cantegrel

The Complexities of Cloud Computing - The Rules are New, But is the Game

null Bangalore meet - Cloud Computing and Security

n|u - The Open Security Community

Cloud computingvdvennen

The Move to the Cloud for Regulated Industriesdirkbeth

IIA2013 PPT SLIDES DECK

Bhavesh Bhagat, CGEIT, CISM (LION)

Vr storm cips_03nov2010National Research Council Canada

Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance

UNIT4 IT Solutions

Cw13 securing your journey to the cloud by rami naccache-trend microTheInevitableCloud

Ippeis Cloud Computing Presentation(Tokyo2.0)

ippei_suzuki

Secure & Automate AWS Deployments with Next-Generation on Security

Building seamless, consistent security policies across on-premises and cloud IT environments can be challenging without comprehensive workload visibility. Palo Alto Networks provides organizations with the visibility and automation needed to create and update security policies in your cloud environment in real time. Learn how you can gain greater control over your applications, automatically create consistent and uniform security policies, and prevent known and unknown threats within application flows. Michael South, AWS Security Acceleration Business Development Matt McLimans, Public Cloud Consultant Engineer, Palo Alto Networks Mark Nunnikhoven, Vice President of Cloud Research at Trend Micro

Delivering infrastructure, security, and operations as code with AWS - DEM10-...

The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools you can use to first deploy the AWS infrastructure (as code), add the VM-Series to protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub finding (operations as code). A brief demonstration concludes the session. This presentation is brought to you by AWS partner, Palo Alto Networks.

2021 01-27 reducing risk of ransomware webinar

AlgoSec

Micro-segmentation protects your network by limiting the lateral movement of ransomware and other threats in your network. Yet successfully implementing a defense-in-depth strategy using micro-segmentation may be complicated. In this second webinar in a series of two webinars about ransomware, Yitzy Tannenbaum, Product Marketing Manager from AlgoSec and Jan Heijdra, Cisco Security Specialist, will provide a blueprint to implementing micro-segmentation using Cisco Secure Workload (formerly Cisco Tetration) and AlgoSec Network Security Policy Management. Join our live webinar to learn: • Why micro-segmentation is critical to fighting ransomware • Understand your business applications to create your micro-segmentation policy • Validate your micro-segmentation policy is accurate • Enforce these granular policies on workloads and summarized policies across your infrastructure • Use risk and vulnerability analysis to tighten your workload and network security • Identify and manage security risk and compliance in your micro-segmented environment

Cloud Computing by D Douglas Chalk

krishnaontop

Similar to Layer 7: Cloud Security For The Public Sector (20)

Enhancing your Cyber Skills through a Cyber Range

VMware Zimbra vs. Novell Groupwise

Cloud computing security john abrena - chicago tour

Cloud Security: Perception Vs. Reality

Appistry Cloud Computing for Government Featuring FedEx

BayThreat Why The Cloud Changes Everything

EclipseCon Europe 2011 m2m workshop

The Complexities of Cloud Computing - The Rules are New, But is the Game

null Bangalore meet - Cloud Computing and Security

Cloud computing

The Move to the Cloud for Regulated Industries

IIA2013 PPT SLIDES DECK

Vr storm cips_03nov2010

Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance

Cw13 securing your journey to the cloud by rami naccache-trend micro

Ippeis Cloud Computing Presentation(Tokyo2.0)

Secure & Automate AWS Deployments with Next-Generation on Security

Delivering infrastructure, security, and operations as code with AWS - DEM10-...

2021 01-27 reducing risk of ransomware webinar

Cloud Computing by D Douglas Chalk

More from CA API Management

Api architectures for the modern enterprise

Extend your legacy SOA/ESB infrastructure to Mobile & IoT This webinar recording provides a use-case driven discussion around appropriate use of existing middleware infrastructure as well as its shortcomings. It dives deep into how APIs can not only complement an ESB or SOA infrastructure but also fill existing gaps. Watch this webinar recording to learn about: - Strengths and weaknesses of your existing ESB/SOA infrastructure - Architecture strategy: extend and add value to legacy middleware with APIs - Integration / API use cases in Retail, Manufacturing and Telecom - The API360 approach to digital strategy

Mastering Digital Channels with APIs

Takeaways from API Security Breaches Webinar

Examining today's biggest API breaches to mitigate API security vulnerabilities Data breaches have become the top news story. And APIs are quickly becoming the hacker's new favorite attack vector. They offer a direct path to critical information and business services that can be easily stolen or disrupted. And your private APIs can be exploited just as easily as a public API. So what measures can you take to strengthen your security position? This webinar explores recent API data breaches, the top API security vulnerabilities that are most impactful to today's enterprise and the protective measures that need to be taken to mitigate API and business exposure. You Will Learn -Recent breaches in the news involving APIs -Top attacks that compromise your business -Mitigating steps to protect your business from attacks and unauthorized access -API Management solutions that both enable and protect your business Learn about API Security at http://www.ca.com/api

API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...

At some point, we all need to design and implement APIs for the Web. What makes Web APIs different than typical component APIs? How can you leverage the power of the Internet when creating your Web API? What characteristics to many "great" Web APIs share? Is there a consistent process you can use to make sure you design a Web API that best fits your needs both now and in the future? In this session Mike Amundsen describes a clear methodology for designing Web APIs (based on the book "RESTful Web APIs" by Richardson and Amundsen) that allows you to map key aspects of your business into a usable, scalable, and flexible interface that will reach your goals while creating a compelling API for both server and client developers. Whether you are looking to implement a private, partner, or public API, these principles will help you focus on the right metrics and design goals to create a successful API.

Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...

Liberating the API Economy with Scale-Free Networks The Web exhibits a feature found in many complex systems known as "Scale-Free" or "Power-Law" networks, sometimes called the "long tail" Most people think of the "long tail" as an economic and/or social property. However, it also represents physical and informational properties fundamental to the way the Web works. But the steady increase in major service outages indicate that many current Web APIs, services, and even client applications ignore this basic "law of the Web." This talk explores the "Scale-Free" rule of complex systems and offers clear and simple advice to those planning to build and/or consume APIs for the Web. Such as what to avoid, what to plan for, what to build, and how to identify & steer clear of clients and services that fail to abide by the rules and, in the process, are making it harder for all of us to liberate the API Economy.

API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...

APIs are everywhere: powering mobile apps, enabling cloud computing, connecting people through social networks and helping to create the Internet of Things. Organizations of every kind are evaluating how they can leverage APIs and replicate the success of companies like Amazon, Google and Salesforce. Join this webinar to learn about the #API360 model for enterprise API success. This model covers the full spectrum of considerations for companies looking to succeed with APIs for the long haul. You will also hear more about the upcoming #API360 Summit that will take place in Dallas on February 26. You Will Learn • How leading Web companies have used APIs to boost revenues and market share • How to create an enterprise API strategy that will yield real business results • How to institutionalize best practices that will allow your APIs to evolve and grow

API Monetization: Unlock the Value of Your Data

Securely Open data as APIs to internal groups and third parties to generate revenue In today's application economy, organizations are leveraging APIs to create new revenue streams. To monetize its information, the enterprise needs a way to transform data into APIs, enforce SLAs and implement a standardized fulfillment process with flexible and integrated billing systems. This webinar will explored how enterprises can overcome these monetization challenges, using an API management solution that securely opens data to internal groups and third parties as APIs, in order to generate revenue.

Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...

The Information Age, 100 years on The rise of the computer and the digital revolution is responsible for an explosion of devices, data, and connectedness. These are all enabling what is called the dawning of the Information Age. And software designers, developers, and architects all share an important responsibility for shaping and guiding the world’s progress through this axial age into the future. However, more than 100 years ago, the work of organizing the world’s information into a single all-encompassing taxonomy had already begun. Partially influenced by the positivist doctrine of Auguste Comte, leading thinkers of the early 20th century such as the librarian Paul Otlet in Belgium, museum curator Patrick Geddes in Scotland, and educator Melvil Dewey in the US were each working to design universal classification systems that would encompass and coordinate the explosion of information appearing in libraries, museums, newspapers, magazines, and eventually even radio, movies, and television. What did we learn in the last century? What have we forgotten? How does their work affect our current trajectory in transforming the work of software and systems design and development? What can we take from Dewey, Otlet, and Geddes with us in to the next 100 years of the Information Age.

Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...

Identity on the Internet is changing. Social networking has kicked off a massive change in how we integrate identity across applications. This is much more than a simple redesign of security tokens and protocols; instead it is a radical redistribution of power and control over entitlements, shifting it away from the centralized control of a cabal of directory engineers and out to the users themselves. There are compelling reasons for this shift: it enables scaling of identity administration, and it promotes rapid and agile integration of applications. These are goals shared by the enterprise, but this change has significant implications on infrastructure, people and process. Join us to learn how you can bring modern identity management into the enterprise.

Enabling the Multi-Device Universe

Moving beyond conventional single sign-on to seamless cross-device access with APIs People are carrying more devices every day – with the average being 2.9 per person. Meanwhile, multitasking has gone into overdrive, as users quickly move from laptop to phone to tablet, expecting a seamless experience when accessing their favorite apps. And this expectation is not just limited to leisure and personal use – it extends to business applications. Security has broken this seamless workflow and inhibited the mobile “stickiness” businesses are striving to achieve. This webinar with Scott Morrison and Leif Bildoy of CA Technologies will demonstrate how the right combination of identity functionality and secure APIs can help your organization to overcome these challenges and enable the multi-device universe. You Will Learn • What challenges must be overcome when supporting multiple mobile app types • How SSO is evolving past mobile app access to device access • Why the right implementation of identity and APIs will create consumer stickiness • How the Internet of Things (IoT) is creating new business opportunities

Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...

The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...

APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...

Adapting to Digital Change: Use APIs to Delight Customers & Win

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...

Today’s enterprise mobility solutions emphasize heavy-handed IT governance of devices and applications that impose a burden on developers and/or users. However, managing data and applications using high performance mobile-optimized infrastructure can enable secure, scalable apps while minimizing the effort required by developers and allowing them to focus on their strengths. Come learn how to facilitate the best of both worlds – multi-layer mobile security using modern standards and a fantastic user experience.

5 steps end to end security consumer appsCA API Management

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

By now you’ve bought into the idea of using APIs to integrate cloud, mobile devices and the enterprise. But are building safe APIs? One insecure API can increase your organization’s risk profile exponentially. Securing APIs is not like securing the web—a point lost on many developers coming from a web-centric background. Learn what good practices to put in place and the common security anti-patterns you must avoid to ensure your company’s APIs are reliable, safe and secure. You will learn: • The top ways hackers exploit APIs in the wild • Common identity pitfalls and how to avoid them • Why OAuth scopes are essential to master • How to keep web developers from bringing bad habits with them

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...

The Internet of Things (IoT) promises to improve our productivity and day-to-day lives by connecting a vast range of devices – from cell phones, to cars, to domestic appliances and even to drones. APIs represent the key technology that will make it possible to integrate and leverage information from all these “things”. There are obvious security and privacy concerns associated with using APIs to expose data and functionality from one device to many others. So, how can we make sure hackers cannot exploit the unprecedented connectivity created by IoT? This webinar will explore key IoT use cases and explain how to address the API security requirements for these use cases.

Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...

The VIP networking lunch will feature a presentation by Keith Junius, Solution Architect, from Veda on ‘Implementing an API Management Platform’. Attendees will hear about how Veda has modernized their B2B API platform by deploying SOA Gateways. Join Layer 7 at this lunch to learn about: • Design considerations for API management platforms • Technical and business challenges faced across the whole system lifecycle • The soft skills required to achieve a successful outcome • Lessons learned during and after the project • Benefits realized by the new platform

Using APIs to Create an Omni-Channel Retail Experience

Today, tech-savvy consumers are always connected, using their mobile devices to compare prices, read user-generated reviews and pay for products - and many leading e-tailers already connect their customers to this information. The any time, any place connectivity enabled by mobile devices empowers all retailers to offer the kinds of enhanced shopping experiences modern consumers are becoming accustomed to. To truly satisfy the needs of these well-informed, mobile consumers, retail organizations will need ways to create unified shopping experiences across all channels – from brick-and-mortar stores to the Web to mobile. Increasingly, offering a compelling mobile experience will become the cornerstone upon which these omni-channel shopping experiences are built. In this webinar, you will learn how APIs can: • Help deliver a consistent retail experience across multiple channels • Connect retailers with social data • Extend legacy systems to mobile apps • Enable organizations to make real-time use of contextual data and buying patterns

More from CA API Management (20)

Api architectures for the modern enterprise

Mastering Digital Channels with APIs

Takeaways from API Security Breaches Webinar

API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...

Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...

API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...

API Monetization: Unlock the Value of Your Data

Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...

Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...

Enabling the Multi-Device Universe

Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...

The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...

APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...

Adapting to Digital Change: Use APIs to Delight Customers & Win

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...

5 steps end to end security consumer apps

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...

Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...

Using APIs to Create an Omni-Channel Retail Experience

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Designing Great Products: The Power of Design and Leadership by Chief Designe...

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Generating a custom Ruby SDK for your web service or Rails API using Smithy

g2nightmarescribd

Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...