Recommended
More Related Content
What's hot
What's hot (20)
Similar to Leveraging Technology for Government Service Delivery
Similar to Leveraging Technology for Government Service Delivery (20)
More from eGov Magazine
More from eGov Magazine (13)
Recently uploaded
Recently uploaded (20)
Leveraging Technology for Government Service Delivery
- 1. Business, rewritten by software™ Leveraging Technology for Government Service Delivery Prashant Chaudhary Sr. Director - Government
- 2. 2 © 2014 CA. ALL RIGHTS RESERVED. Government and PSU are using digital Transformation to improve productivity and citizen service 2
- 3. 3 © 2014 CA. ALL RIGHTS RESERVED. Trends, Opportunities and Challenges Infrastructure • Infrastructure Performance Management • Service Level Monitoring Service Delivery • Application Performance & End User Experience • Social Media Data Security • Prevention of Insider / OutsideThreats • Strong authentication measures • RiskAnalysis Manageability • Effective Project Management • Infra Consolidation • Capex to Opex • Automation & Cloud based service delivery • Contract / Vendor Management Going Forward • Mobile Based Service Delivery • Faster service development • API Management • Rapid Replication • Service Virtualization
- 4. 4 © 2014 CA. ALL RIGHTS RESERVED.
- 5. Residential Industrial Commercial Buildings Water Parking Street Lighting Waste Environm ent People Street Furniture Safety&S ecurity Traffic Street Internet Edge WAN Agg Wireless WAN Internet Cloud Services Vehicles Vehicles Public/Private WAN Wired/Wireless Access Wired/Wireless Aggregation Ruggedized Device Compute/Storage Security Internet Edge WAN Aggregation Mobility/Location Management Wireless/Wired Network Management Video ManagementData Center Resources Safety& Security Data/Event Virtualization/Aggregation Traffic ManagementEnvironment Waste Management Lighting Management Parking Management Water Management Transport Management Monitoring Command Control Centers City Services Citizen Services Apps Portal Security Analytics
- 6. 6 © 2014 CA. ALL RIGHTS RESERVED. Technology Landscape IT Hardware & Assets Mainframe Distributed High Density Operating Systems & IT Environments CloudPhysical Virtual Time Environment 81+°F77°F68°F Power 20 W per sq. ft. 80 W per sq. ft. 150+ W per sq. ft. Applications & Business Services Data Processing Business Users Everyone & Everything Facility & Data Center Space DC, Colo & Modular Computer Room Data Centers
- 7. 7 © 2014 CA. ALL RIGHTS RESERVED. New Era IT Ecosystem Monitoring Flexibility Capacity Management Capacity Systems Management System Traffic Analysis Performance Fault Network Citizen Experience App Perf Monitoring Mobile Monitoring Applications Datacenter Infrastructure Management Data Center
- 8. 8 © 2014 CA. ALL RIGHTS RESERVED. Digital Transformation requires Identity-Centric Security On Premise Apps Cloud Services Connected Devices Customers Citizens Partners Employees
- 9. 9 © 2014 CA. ALL RIGHTS RESERVED. Evaluate, Authenticate, Authorize, Access Valid ID Do you have the right credential? Is your behavior and history as expected? Who are you? Is this your normal device and geo- location? Web Portal Mobile App VPN Kiosk Advanced Authentication Authorization Access Granted Are you allowed to access this resource? Is your risk level acceptable to access this resource? Authenticated
- 10. 10 © 2014 CA. ALL RIGHTS RESERVED. Privileged Access The Emerging Front Line Hacker Malware/APT On Premise Employees/Partners Systems Admins Network Admins DB Admins Application Admins Partners Systems/NW/DB/Application Admins Employees Systems/NW/DB/Applicati on Admins Public Cloud Apps Apps VMware Administrator AWS Administrator Microsoft Office 365 Administrator INTERNET ORGANIZATIONS TYPICALLY HAVE 3-4X MORE PRIVILEGED ACCOUNTS AND CREDENTIALS THAN EMPLOYEES!
- 11. 11 © 2014 CA. ALL RIGHTS RESERVED. Privileged Access Management Helps You Address Five Primary Challenges PRIVILEGED ACCESS MGMT. Enable Compliance Stop Targeted Attacks Enable Operational Efficiency Secure the Hybrid Enterprise Mitigate Insider Threats
- 12. 12 © 2014 CA. ALL RIGHTS RESERVED. Delivering New Services Over Internet Used to be All About the Browser WEB CONTENT EXPOSED THROUGH PERIMETER DMZ DATA
- 13. 13 © 2014 CA. ALL RIGHTS RESERVED. Focus on APIs Enable Anything, Everywhere Application Access OUTSIDE PARTNERS / DIVISIONS EXTERNAL DEVELOPERS MOBILE APPS CLOUD SERVICES INTERNET OF THINGS API Server Data
- 14. 14 © 2014 CA. ALL RIGHTS RESERVED. Provide end-to-end security from the client to the backend API Control access to APIs based on user, app and device Protect exposed APIs from external threats such as SQL injections and x-site scripting attacks Use security standards such as OAuth to provide SSO Apply appropriate risk based controls based on context of the situation Protect sensitive assets from compromise reducing impact to brand and regulatory compliance What you need to do Value to your business Fine-grained API Access Control Threat Protection Enterprise SSO API
- 15. 15 © 2014 CA. ALL RIGHTS RESERVED. DEVOPS SECURITYMANAGEMENT The disciplines that enable the Digital Transformation Accelerate Innovation Enable GrowthRun IT like a Business
- 16. CA Technologies At-a-Glance • US$ 4.0 + billion revenue • Leading Enterprise software company • 35+ years in Enterprise IT management • Founded in 1976 • Leaders in IT Solutions, • 15,000+ employees worldwide • ITC @ Hyderabad • Serving business in 40+ countries with 150+ offices • 98% of Fortune 500 Companies & 95% of Fortune 1000 companies are our Happy CA Customers
- 17. Sr. Director - Government Prashant.chaudhary@ca.com @cainc slideshare.net/CAinc linkedin.com/company/ca-technologies ca.com Prashant Chaudhary
Editor's Notes
- Cooling: Prior to 2002, data centers were typically operated around 68-70oF. When ASHRAE came out with its first specifications, the high end allowable range was just under 80oF (77 oF to be exact). Now, with the new 2011 guidelines, the allowable limit is almost 90 in critical environments, and over 110 in non-critical DC environments (e.g., volume storage). Power:In 2004, average power density of 25 W/sf (Watts per square foot). (that is IT power consumption per gross computer room area) At that time, Lawrence Berkeley Labs said “Not clear that expectation of much higher power densities will come to pass.”! Reasoning: “plenty of empty space and efficiency opportunities.” Yet the median in 2012 is already the Max of 2004 at about 80 W/sf, and we are seeing data centers already above 150W/sf according to the Uptime Institute Data Center Density Report.
- Identity must be the control point for managing user access. The key to identity-centric security is that it enables you to connect everyone with everything from everywhere, based on centralized security policies that you create, and that are based on identities. And, identity-centric security provides a point of protection against identity-based attacks, so that you can detect and repel attacks far more easily. Security can also be relatively transparent, so that it isn’t getting in the way. Identity Centric Security is also about the end –user controlling what is shared with a company… so I give you my Facebook account attributes–my name, that I’m female, and I work in IT Security… but not include my home address, my DOB or SS#. It can also provide analytics to protect the consumer from fraud. example: My credit card was used this AM in Boston, so it can’t be used the same day in London or Paris…
- Before we go much farther, let’s quickly address the question of just who privileged users are — because it’s a bigger group of individuals, and perhaps more importantly, a larger set of credentials to be protected, than we might think about at first.The reality is that there are privileged users — and accounts and credentials — across your entire organization. We’re all familiar with the classic group of individuals who we think about in the context of privileged users — network, systems, database administrators, operations staff and the like. There are plenty of those individuals, and they use many accounts. And that number has been growing as we adopt technologies like virtualization and the cloud — and I’d point out here that those individuals are gaining even more power and control in those environments because of the powerful management consoles to which they have access.But let’s not forget all the individuals outside the organization who have some level of privileged access to your networks and systems. Here, we’re talking about groups like vendors and outsourced contractors, and perhaps business partners. Many of the breaches I highlighted a few moments ago actually started when credentials belonging to someone in this category of user were compromised and used to gain that initial access into an environment.We’ll mention it in passing for today, although this is an important topic we could dedicate an entire discussion to, but many privileged users aren’t actually users — at least, they’re not people. They are the countless numbers of applications and scripts that contain privileged credentials — often hard-coded and visible to any number of individuals — that exist in your IT infrastructure.Finally, especially with the rise of cloud-based services, we have a whole class of privileged users who we wouldn’t normally think about — end users and employees. I’ll take myself as an example — I’m in marketing, and in a typical discussion of privileged users I probably wouldn’t be the first person you’d think of — but because of the work I do, it turns out I have high level, administrative access to a number of important systems and accounts — marketing and sales automation tools, websites, social media accounts, and more.So, to recap, if you weren’t a believer before, hopefully, I’ve made the point that privileged users and their credentials are a key element in many, of not all, of the damaging data breaches we’re seeing — and as a consequence, that managing, controlling, and protecting those users and their credentials is a critical element of helping to prevent these attacks.
- Privileged Identity Management is not simply managing passwords. There are many business and IT challenges that it helps you address, from reducing risk, to enabling cloud computing.
- Not all that long ago, if you wanted to access a website on the web, you used a browser. That browser was your “window into the Internet”….BUT….really, the website you visited dictated what you saw out that window – and invariably, those websites didn’t really share (or want to share) information. So if you opened your browser and went to check out the latest and greatest laptops available on Best Buy, Best Buy controlled what you saw, how you saw it, and certainly didn’t share information.
- The end result? Through a focus on APIs, you’ve enabled anything everything application access. No longer is the browser your window to the Internet – instead, the application that’s optimized for the device/service that you’re currently using becomes that temporary window. And through an API Server (aka API Gateway), you have a single point of control for all services to securely access the information that they need. The alternative? Each one of these resources requires an Omnipotent One from IT to bless the opening of a port in the firewall. While mobile apps alone, this could be in the 10s of 1000’s. Your choice – one port to a single server, or a swiss cheese firewall? The choice is pretty clear. Now to take the next step to enable the application economy in your enterprise, you’ll probably want to focus on a few initiatives. Let’s take a look at some of the ones that CA has seen.
- Crucial for many enterprises is ensuring the integrity of their corporate resources (including data) for all these new data types. Thinking back a few slides, this means tying the identity of the user with the application with the device. The way you would do this is: Fine-grained Access - The full context of each API request should be understood in order to apply the appropriate level of API access CA gathers user, app and device data, and applies to policy in order to properly control each API transaction Mobile users can use standards such as OAuth and OpenID Connect to authenticate and grant access to enterprise data/apps Threat Protection For every API externalized to the outside world results in some level of exposure to the business CA protects these exposed APIs from external attacks including SQL injections and x-site scripting Enterprise SSO Most enterprises have some form of IAM (such as CA SSO) By integrating IAM with the user with the app, the enterprise is assured that only the right user is getting access to the right data on the right device Using new mobile security standards such as OAuth and OpenID Connect help make that integration easier for developers Why would you do this? You can apply appropriate risk-based controls based on context of the situation (which user on which app on which device) And you can protect sensitive assets from compromise, reducing impact to brand, as well as addressing regulatory compliance.
- The application economy is here. In this environment, applications drive the relationship between most businesses and their customers, making all businesses a technology or software company. For IT leaders and their workforce, that means the role of IT must evolve to become much more strategic to the business, lessening the amount of resources IT can commit to back-office functions and support. IT must still manage these back-end systems, but considering the speed at which apps are released and the mobile devices and platforms on which end users access them, IT needs more flexibility, agility and ease-of-use than ever before. Management Cloud is a set of integrated business applications delivered as cloud services that enable you to run IT like a business – delivering the insights you need to make the right decisions and enabling you to empower a modern workforce. Also in the application economy, continuous innovation is required. Companies are under greater pressure than ever before to bring new groundbreaking services to market faster and faster. And the quality of what is delivered must be top-notch, as customers have more options and less patience and tolerance for a poor application experience. DevOps is about ensuring that development and operations teams are working together effectively to bring innovation to market quickly and seamlessly. It’s also about delivering higher-quality applications and ensuring operational excellence – and we have the expertise and solutions that can help you implement a DevOps approach. Amongst companies we surveyed recently, security was identified as the top obstacle in the application economy. Applications have become the critical point of engagement with customers and taking an identity-centric approach to security is essential since users today expect to be able to access their applications and data from many different devices and from wherever they are. Furthermore, today’s disruptive and leading-edge applications rely heavily on APIs to share data and integrate with other applications and services. A strategy for managing and securing APIs needs to be implemented as part of the development process. Our approach to Security focuses not just on protecting the business from risk, but even more importantly on enabling business growth. We take an identity-centric approach to security to deliver both the risk-protection companies need and the flexibility and ease-of-use application users expect. Our API management and security offerings give organizations the confidence to publicly open valuable data and application functionality as APIs and help developer teams realize faster delivery of secure mobile apps and cloud services.