SlideShare a Scribd company logo

Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager

CA Technologies
CA Technologies

Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager For more information on DevSecOps, please visit: http://ow.ly/u2pN50g63tN

Technology
1 of 43
Download to read offline
Securing Your Enterprise Continuous Delivery Pipelines With CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager (CA PAM) Scott Willson DST45T DEVSECOPS Product Marketing Director – CA Automic Release Automation CA Technologies
2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of This Presentation
3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Abstract In this session, we will discuss why it's important to incorporate security into the software delivery pipeline. Lots of organizations are focused on continuous delivery and security, but most have not formulated an official strategy for combining the two; in short, they are complementary and need to be woven together broadly and deeply within a deployment pipeline. Included in the session will be recommendations, best practices, industry trends and practical tips for "baking" security within and across an automated release process. Scott Wilson CA Technologies Director, CA Application Release Automation
4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Agenda DEFINITION OF TERMS WHY CA AUTOMIC RELEASE AUTOMATION COMBINING CA AUTOMIC RELEASE AUTOMATION WITH CA DEVSECOPS SOLUTIONS CONTINUOUS DELIVERY CHALLENGES CA DEVSECOPS SOLUTIONS CA PRIVILEGED ACCESS MANAGER (CA PAM) 1 2 3 4 5 6
5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Definition of Terms
6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevOps Is a… Gartner – 2014 Cool Vendors in DevOps DevOps is a philosophy (not a market). There are no rules, no manuals, only guidelines.
7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps… Key Security Statistic Application-layer attacks were the leading cause of data breaches in 2016. -Verizon Data Breach Investigations Report
8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps… Key Thought About DevOps Without security, DevOps merely introduces vulnerabilities into software faster.
9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Application Release Automation Tools …  Combine: – Automation – Modeling (App/Env) – Release Coordination  Move: – Artifacts – Applications – Configurations – Data
10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS ARA Critical for DevOps & Continuous Delivery Gartner – 2017 Application Release Automation MQ [ARA] tools are a key part of enabling the DevOps goal of achieving continuous delivery with large numbers of rapid, small releases.
11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Up to 50% of Enterprises Will Have an ARA Tool Gartner – 2017 Application Release Automation MQ By 2020, 50% of global enterprises will have implemented at least one application release automation solution, up from less than 15% today.
12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS High Confidence = Release Promotion Continuous Delivery Humble, J., & Farley, D. (2011). Ch. 1. In Continuous Delivery (p. 4). 1 2 3 4 Every Change to App’s Code, Config, Env, or Data Creates New Pipeline Build Binaries & Installers Test Binaries + Config + Env + Data to Confirm Ability to Release
13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Goal of Continuous Delivery Humble, J., & Farley, D. (2011). Ch. 1. In Continuous Delivery (p. 4). Collaboration + Accountability: Makes build, deploy, & test visible Improved Feedback: Problems are found/addressed as early as possible Automation: Enables deployment & release of any version to any environment
14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Use Same Automation Mechanics for Every Environment Continuous Delivery Automation Humble, J., & Farley, D. (2011). Ch. 5. In Continuous Delivery (p. 115). • DEV is Deployed to All the Time • QA - Less Often • PRE-PROD - Even Less Often • PROD - Less Frequently Still
15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Why CA Automic Release Automation
16 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Shift Left  Extensive REST API  ChatOps  Marketplace  Integrations  Action Packs – Not just plugins Analysts  Recognized as a leader – Gartner – Forester Most Scalable  500k to 1 clustered svr  IPv6  IoT to Mainframe  COTS + Core Backend  Automation platform CA Automic Release Automation The Most Advance Automation Platform in the Market
17 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Current Status DevOps is SiloedUnprecedented Pressure 94%of executives face increased pressure to release apps more quickly 2014 Vanson Bourne study commissioned by CA
18 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS However … Not Achieving Speed, Reliability & Compliance Tool Chain Sprawl
19 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS How CA Automic Release Automation Works
20 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Continuous Delivery Challenges
21 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Continuous Delivery Challenges Poor / zero visibility of deployments • Managers and business users (customers) lack tracking of status or completion times • End-to-end transparency required for compliance Limited documentation of releases processes Lack of scalability and control • Managing multiple simultaneous releases with intricate dependency No visibility or governance of privileges • Automation mechanics’ agents/bots • User access within pipelines not accounted for
22 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS PRODisparticularlyvulnerable Automation Mechanics Touch Everything zDocker zMS Azure zAWS zOracle zSales Force zService Now
23 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps Challenges Process augmentation • Significant changes requires in governance models, workflows, and processes. Technology sophistication • Must support multiple teams, numerous languages, repositories, and web of OSS libraries, • Manually or semi-automatically addressing vulnerabilities leads to gaps in coverage. Security Culture • Company culture doesn’t support embedded security processes. • Abandon the mind-set of check-box compliance.
24 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA DevSecOps Solutions
25 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Enabling Developers  3 Second Scan times (with Greenlight)  24 Languages Supported  77 Frameworks Supported  29 Integrations Company Growth  6 Trillion + lines of Code Scanned*  4X Leader in Gartner Magic Quadrant  1400+ Customers  30+ Patents Customer Outcomes  36.5M Flaws Fixed All Time  3,100 Consultation Calls  400,000 Program Management Hours Veracode Overview Note: * indicates year-to-date
26 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Veracode Approach Outcome-Oriented Approach – Focus on Fixing Defects, not Just Discovering Them Coverage of entire SLC Integrations and API’s – Enable seamless integration into software development processes including DevOps SaaS Platform – Shortens Time to Value, Reduce Customer Complexity
27 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Focus on Outcomes Accelerate Secure Software Development Reduce Risks of Data Breaches Compliant with Customer Needs & Regulators Lower Costs of Securing Software Assets
28 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps How do you make security a competitive advantage? Test at every step, eliminate constraints, join disparate tools and processes — and automate everything Continuous Testing Assess and improve application security from initial code through production Functional + Secure = Quality Code 32 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
29 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps: Uniting Development and Security
30 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security Throughout the SLC Code Commit Build Test Release Deploy Operate CA Veracode Greenlight CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Runtime Protection CA Veracode Software Composition Analysis CA Veracode Integrations, APIs CA Veracode eLearning Code RepositoriesIDEs GRCs SIEMs WAFs Security Assurance Operational SecurityDevelopment Integration Bug Tracking Build and Deploy Systems
31 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Privileged Access Manager (CA PAM)
32 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security Threat to Network and Data Unrestricted “root” or “Administrator” access No segregation of duties Use of shared accounts Poor log integrity and quality All-Powerful Access Lack of Accountability Risk
33 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Management and Governance Identity/Credential Management Identity/Credential Governance • Fine-grained access controls • Shared account password management • Threat analytics • Identity activity reporting Control what each agent/bot can do within pipeline steps • Provisioning to privileged accounts • Access requests • Workflow • Certification Ensure the least amount of privileged access for agents/bots
34 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Combining CA Automic Release & CA DevSecOps & CA PAM
35 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS A Practical Blueprint for Achieving Continuous Delivery STAGE 1 ▪ Automate your scripts and root out manual work ▪ Assessment of DevOps competency ▪ Deliver Continuous Delivery roadmap STAGE 2 ▪ Model environments, components and state flows ▪ Construct automated deployment pipelines ▪ Promote and rollback versioned components on demand STAGE 3 ▪ Provision full stacks ▪ Orchestrate entire lifecycle including securing deployment pipeline, CM, and other ITSM procedures ▪ Enable self services STAGE 4 ▪ Automated release management across the entire application portfolio
36 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Secure Automated DevOps / Continuous Delivery Tool Chain Reduce development overhead by 30% by automating environment provisioning and setup Centrally manage and govern the security of your deployment pipelines Securely and fully automate deployments into production Orchestrated releases and fully governed environments Automate change, approval and release management processes Automate agent/bot privileged access Zero downtime production deployments and updates CA recently released integration with CA PAM so that the CA Identity Suite provides full privileged access provisioning, access requests, tracking and approvals, as well as automated access certifications. So, you now can have a single mechanism for governing the access of all users, both regular and privileged. CA Identity Suite CA PAM
37 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS How could it be done today? Benefits • Reduced risk of improper privileged access • Single method of governing access for all users • Outstanding user experience for all roles • Increased efficiency through automation • Flexible approval workflow to meet local needs Capabilities • Automated provisioning and de-provisioning • Access request • Access certification Agents/Bots CA Identity Suite Request Access Provision Access Approval Certifications Manager CA PAM
38 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Automic Release Automation + CA DevSecOps Solutions + CA PAM Visibility of deployments enterprise-wide  Shared visibility across DevOps personnel  Transparency of automation mechanics, credentials & security tests/analytics Security Automation  Identifying flaws early in lifecycle  Speed delivery of secure code Scale Continuous Delivery, safely, across the enterprise  Manage multiple simultaneous releases/deployments with dependencies  Code and deployment pipelines are safe, secure and compliant Real-time risk and security analysis
39 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS PROD The Most Secure Continuous Delivery Pipeline Detect Vulnerabilities Early JIT Credentials No Privilege Creep Secure Automation Mechanics DEV PRE-PRODTEST Security within and across the Continuous Delivery Pipeline Secure App Perimeters IoT to Mainframe Pipelines
40 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Recommended Sessions SESSION # TITLE DATE/TIME DST40T Scale Your Application Security Program Effectively with the Right Program Management Model 11/15/2017 at 3:30 pm DST38T Shifting Security to the Left – Watch End-to-End DevSecOps Solution in Action 11/15/2017 at 4:15 pm DST39T Assess and Guide Your DevOps Journey Leveraging Industry-leading DevOps Research 11/16/2017 at 11:30 am DST41T DevOps: Security’s Chance to Get It Right 11/16/2017 at 12:45 pm DST43T The CA Technologies Veracode Platform: 360 Degree View of Your Application’s Security 11/16/2017 at 2:30 pm
41 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Must See Demos Security Starts with Identity CA Identity Suite CA Identity Service Deliver Frictionless Access CA Advanced Authentication CA Single Sign-On CA Directory Control High Value Access CA Privileged Access Manager CA Threat Analytics for PAM Manage Your Software Risk CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Greenlight Sneak Peeks Cross-channel Fraud Prevention Threat Analytics Privileged Access for DevOps
42 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Stay connected at communities.ca.com Thank you.
43 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps For more information on DevSecOps, please visit: http://cainc.to/CAW17-DevSecOps

Recommended

Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
CA Technologies
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
CA Technologies
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
CA Technologies
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
CA Technologies
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
CA Technologies
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
CA Technologies
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
CA Technologies
 

Recommended

Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
CA Technologies
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
CA Technologies
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
CA Technologies
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
CA Technologies
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
CA Technologies
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
CA Technologies
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
CA Technologies
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
CA Technologies
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
DevOps.com
 
Preparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home TransitionPreparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home Transition
QOS Networks
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
Nur Shiqim Chok
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
 
Cisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assuranceCisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assurance
NetworkCollaborators
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Flexera
 
Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition
NetworkCollaborators
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
DevOps.com
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
DevOps.com
 
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
CA Technologies
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu Oracle
MarketingArrowECS_CZ
 
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringRSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
Aaron Rinehart
 
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Cisco Canada
 
Distributor-Cloud-Marketplaces
Distributor-Cloud-MarketplacesDistributor-Cloud-Marketplaces
Distributor-Cloud-MarketplacesDan Allaby
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
NetworkCollaborators
 
Cisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernellCisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernell
NetworkCollaborators
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.LicensingLive! - SafeNet
 
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Riverbed Technology
 
Value Plus July Edition - 2015
Value Plus July Edition - 2015Value Plus July Edition - 2015
Value Plus July Edition - 2015
Redington Value Distribution
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
CA Technologies
 

More Related Content

What's hot

The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
CA Technologies
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
DevOps.com
 
Preparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home TransitionPreparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home Transition
QOS Networks
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
Nur Shiqim Chok
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
 
Cisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assuranceCisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assurance
NetworkCollaborators
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Flexera
 
Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition
NetworkCollaborators
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
DevOps.com
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
DevOps.com
 
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
CA Technologies
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu Oracle
MarketingArrowECS_CZ
 
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringRSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
Aaron Rinehart
 
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Cisco Canada
 
Distributor-Cloud-Marketplaces
Distributor-Cloud-MarketplacesDistributor-Cloud-Marketplaces
Distributor-Cloud-MarketplacesDan Allaby
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
NetworkCollaborators
 
Cisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernellCisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernell
NetworkCollaborators
 
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Riverbed Technology
 
Value Plus July Edition - 2015
Value Plus July Edition - 2015Value Plus July Edition - 2015
Value Plus July Edition - 2015
Redington Value Distribution
 

What's hot (20)

The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
Preparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home TransitionPreparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home Transition
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Cisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assuranceCisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assurance
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
 
Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
 
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu Oracle
 
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringRSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
 
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
 
Distributor-Cloud-Marketplaces
Distributor-Cloud-MarketplacesDistributor-Cloud-Marketplaces
Distributor-Cloud-Marketplaces
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
 
Cisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernellCisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernell
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.
 
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
 
Value Plus July Edition - 2015
Value Plus July Edition - 2015Value Plus July Edition - 2015
Value Plus July Edition - 2015
 

Similar to Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager

The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
CA Technologies
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
CA Technologies
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
Amazon Web Services
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
Amazon Web Services
 
Shifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageShifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security Coverage
DevOps.com
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Shannon Williams
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
Deborah Schalm
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
DevOps.com
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
Priyanka Aash
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
lior mazor
 
Continuous Delivery: From Mainframe to Mobile
Continuous Delivery: From Mainframe to MobileContinuous Delivery: From Mainframe to Mobile
Continuous Delivery: From Mainframe to Mobile
Mark Sigler
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
Siva Rama Krishna Chunduru
 
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA MicrogatewayCA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Technologies
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
Colin Domoney
 
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
SoCal DevOps Meetup 1/26/2017 - Habitat by ChefSoCal DevOps Meetup 1/26/2017 - Habitat by Chef
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
Trevor Hess
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
Amazon Web Services
 
Microservice Lifecycle Demo Presentation
Microservice Lifecycle Demo PresentationMicroservice Lifecycle Demo Presentation
Microservice Lifecycle Demo Presentation
Matt McLarty
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
CA Technologies
 

Similar to Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager (20)

The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
 
Shifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageShifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security Coverage
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Continuous Delivery: From Mainframe to Mobile
Continuous Delivery: From Mainframe to MobileContinuous Delivery: From Mainframe to Mobile
Continuous Delivery: From Mainframe to Mobile
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
 
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA MicrogatewayCA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
 
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
SoCal DevOps Meetup 1/26/2017 - Habitat by ChefSoCal DevOps Meetup 1/26/2017 - Habitat by Chef
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
 
Microservice Lifecycle Demo Presentation
Microservice Lifecycle Demo PresentationMicroservice Lifecycle Demo Presentation
Microservice Lifecycle Demo Presentation
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
 

More from CA Technologies

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
CA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
CA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
CA Technologies
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
CA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
CA Technologies
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
CA Technologies
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
CA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
CA Technologies
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and Risk
CA Technologies
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
CA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
CA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
CA Technologies
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
CA Technologies
 
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
CA Technologies
 
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
CA Technologies
 
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
CA Technologies
 

More from CA Technologies (18)

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and Risk
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
 
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
 
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
 
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
 

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 

Recently uploaded (20)

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager

  • 1. Securing Your Enterprise Continuous Delivery Pipelines With CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager (CA PAM) Scott Willson DST45T DEVSECOPS Product Marketing Director – CA Automic Release Automation CA Technologies
  • 2. 2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of This Presentation
  • 3. 3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Abstract In this session, we will discuss why it's important to incorporate security into the software delivery pipeline. Lots of organizations are focused on continuous delivery and security, but most have not formulated an official strategy for combining the two; in short, they are complementary and need to be woven together broadly and deeply within a deployment pipeline. Included in the session will be recommendations, best practices, industry trends and practical tips for "baking" security within and across an automated release process. Scott Wilson CA Technologies Director, CA Application Release Automation
  • 4. 4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Agenda DEFINITION OF TERMS WHY CA AUTOMIC RELEASE AUTOMATION COMBINING CA AUTOMIC RELEASE AUTOMATION WITH CA DEVSECOPS SOLUTIONS CONTINUOUS DELIVERY CHALLENGES CA DEVSECOPS SOLUTIONS CA PRIVILEGED ACCESS MANAGER (CA PAM) 1 2 3 4 5 6
  • 5. 5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Definition of Terms
  • 6. 6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevOps Is a… Gartner – 2014 Cool Vendors in DevOps DevOps is a philosophy (not a market). There are no rules, no manuals, only guidelines.
  • 7. 7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps… Key Security Statistic Application-layer attacks were the leading cause of data breaches in 2016. -Verizon Data Breach Investigations Report
  • 8. 8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps… Key Thought About DevOps Without security, DevOps merely introduces vulnerabilities into software faster.
  • 9. 9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Application Release Automation Tools …  Combine: – Automation – Modeling (App/Env) – Release Coordination  Move: – Artifacts – Applications – Configurations – Data
  • 10. 10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS ARA Critical for DevOps & Continuous Delivery Gartner – 2017 Application Release Automation MQ [ARA] tools are a key part of enabling the DevOps goal of achieving continuous delivery with large numbers of rapid, small releases.
  • 11. 11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Up to 50% of Enterprises Will Have an ARA Tool Gartner – 2017 Application Release Automation MQ By 2020, 50% of global enterprises will have implemented at least one application release automation solution, up from less than 15% today.
  • 12. 12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS High Confidence = Release Promotion Continuous Delivery Humble, J., & Farley, D. (2011). Ch. 1. In Continuous Delivery (p. 4). 1 2 3 4 Every Change to App’s Code, Config, Env, or Data Creates New Pipeline Build Binaries & Installers Test Binaries + Config + Env + Data to Confirm Ability to Release
  • 13. 13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Goal of Continuous Delivery Humble, J., & Farley, D. (2011). Ch. 1. In Continuous Delivery (p. 4). Collaboration + Accountability: Makes build, deploy, & test visible Improved Feedback: Problems are found/addressed as early as possible Automation: Enables deployment & release of any version to any environment
  • 14. 14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Use Same Automation Mechanics for Every Environment Continuous Delivery Automation Humble, J., & Farley, D. (2011). Ch. 5. In Continuous Delivery (p. 115). • DEV is Deployed to All the Time • QA - Less Often • PRE-PROD - Even Less Often • PROD - Less Frequently Still
  • 15. 15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Why CA Automic Release Automation
  • 16. 16 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Shift Left  Extensive REST API  ChatOps  Marketplace  Integrations  Action Packs – Not just plugins Analysts  Recognized as a leader – Gartner – Forester Most Scalable  500k to 1 clustered svr  IPv6  IoT to Mainframe  COTS + Core Backend  Automation platform CA Automic Release Automation The Most Advance Automation Platform in the Market
  • 17. 17 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Current Status DevOps is SiloedUnprecedented Pressure 94%of executives face increased pressure to release apps more quickly 2014 Vanson Bourne study commissioned by CA
  • 18. 18 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS However … Not Achieving Speed, Reliability & Compliance Tool Chain Sprawl
  • 19. 19 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS How CA Automic Release Automation Works
  • 20. 20 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Continuous Delivery Challenges
  • 21. 21 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Continuous Delivery Challenges Poor / zero visibility of deployments • Managers and business users (customers) lack tracking of status or completion times • End-to-end transparency required for compliance Limited documentation of releases processes Lack of scalability and control • Managing multiple simultaneous releases with intricate dependency No visibility or governance of privileges • Automation mechanics’ agents/bots • User access within pipelines not accounted for
  • 22. 22 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS PRODisparticularlyvulnerable Automation Mechanics Touch Everything zDocker zMS Azure zAWS zOracle zSales Force zService Now
  • 23. 23 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps Challenges Process augmentation • Significant changes requires in governance models, workflows, and processes. Technology sophistication • Must support multiple teams, numerous languages, repositories, and web of OSS libraries, • Manually or semi-automatically addressing vulnerabilities leads to gaps in coverage. Security Culture • Company culture doesn’t support embedded security processes. • Abandon the mind-set of check-box compliance.
  • 24. 24 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA DevSecOps Solutions
  • 25. 25 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Enabling Developers  3 Second Scan times (with Greenlight)  24 Languages Supported  77 Frameworks Supported  29 Integrations Company Growth  6 Trillion + lines of Code Scanned*  4X Leader in Gartner Magic Quadrant  1400+ Customers  30+ Patents Customer Outcomes  36.5M Flaws Fixed All Time  3,100 Consultation Calls  400,000 Program Management Hours Veracode Overview Note: * indicates year-to-date
  • 26. 26 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Veracode Approach Outcome-Oriented Approach – Focus on Fixing Defects, not Just Discovering Them Coverage of entire SLC Integrations and API’s – Enable seamless integration into software development processes including DevOps SaaS Platform – Shortens Time to Value, Reduce Customer Complexity
  • 27. 27 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Focus on Outcomes Accelerate Secure Software Development Reduce Risks of Data Breaches Compliant with Customer Needs & Regulators Lower Costs of Securing Software Assets
  • 28. 28 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps How do you make security a competitive advantage? Test at every step, eliminate constraints, join disparate tools and processes — and automate everything Continuous Testing Assess and improve application security from initial code through production Functional + Secure = Quality Code 32 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
  • 29. 29 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps: Uniting Development and Security
  • 30. 30 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security Throughout the SLC Code Commit Build Test Release Deploy Operate CA Veracode Greenlight CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Runtime Protection CA Veracode Software Composition Analysis CA Veracode Integrations, APIs CA Veracode eLearning Code RepositoriesIDEs GRCs SIEMs WAFs Security Assurance Operational SecurityDevelopment Integration Bug Tracking Build and Deploy Systems
  • 31. 31 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Privileged Access Manager (CA PAM)
  • 32. 32 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security Threat to Network and Data Unrestricted “root” or “Administrator” access No segregation of duties Use of shared accounts Poor log integrity and quality All-Powerful Access Lack of Accountability Risk
  • 33. 33 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Management and Governance Identity/Credential Management Identity/Credential Governance • Fine-grained access controls • Shared account password management • Threat analytics • Identity activity reporting Control what each agent/bot can do within pipeline steps • Provisioning to privileged accounts • Access requests • Workflow • Certification Ensure the least amount of privileged access for agents/bots
  • 34. 34 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Combining CA Automic Release & CA DevSecOps & CA PAM
  • 35. 35 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS A Practical Blueprint for Achieving Continuous Delivery STAGE 1 ▪ Automate your scripts and root out manual work ▪ Assessment of DevOps competency ▪ Deliver Continuous Delivery roadmap STAGE 2 ▪ Model environments, components and state flows ▪ Construct automated deployment pipelines ▪ Promote and rollback versioned components on demand STAGE 3 ▪ Provision full stacks ▪ Orchestrate entire lifecycle including securing deployment pipeline, CM, and other ITSM procedures ▪ Enable self services STAGE 4 ▪ Automated release management across the entire application portfolio
  • 36. 36 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Secure Automated DevOps / Continuous Delivery Tool Chain Reduce development overhead by 30% by automating environment provisioning and setup Centrally manage and govern the security of your deployment pipelines Securely and fully automate deployments into production Orchestrated releases and fully governed environments Automate change, approval and release management processes Automate agent/bot privileged access Zero downtime production deployments and updates CA recently released integration with CA PAM so that the CA Identity Suite provides full privileged access provisioning, access requests, tracking and approvals, as well as automated access certifications. So, you now can have a single mechanism for governing the access of all users, both regular and privileged. CA Identity Suite CA PAM
  • 37. 37 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS How could it be done today? Benefits • Reduced risk of improper privileged access • Single method of governing access for all users • Outstanding user experience for all roles • Increased efficiency through automation • Flexible approval workflow to meet local needs Capabilities • Automated provisioning and de-provisioning • Access request • Access certification Agents/Bots CA Identity Suite Request Access Provision Access Approval Certifications Manager CA PAM
  • 38. 38 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Automic Release Automation + CA DevSecOps Solutions + CA PAM Visibility of deployments enterprise-wide  Shared visibility across DevOps personnel  Transparency of automation mechanics, credentials & security tests/analytics Security Automation  Identifying flaws early in lifecycle  Speed delivery of secure code Scale Continuous Delivery, safely, across the enterprise  Manage multiple simultaneous releases/deployments with dependencies  Code and deployment pipelines are safe, secure and compliant Real-time risk and security analysis
  • 39. 39 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS PROD The Most Secure Continuous Delivery Pipeline Detect Vulnerabilities Early JIT Credentials No Privilege Creep Secure Automation Mechanics DEV PRE-PRODTEST Security within and across the Continuous Delivery Pipeline Secure App Perimeters IoT to Mainframe Pipelines
  • 40. 40 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Recommended Sessions SESSION # TITLE DATE/TIME DST40T Scale Your Application Security Program Effectively with the Right Program Management Model 11/15/2017 at 3:30 pm DST38T Shifting Security to the Left – Watch End-to-End DevSecOps Solution in Action 11/15/2017 at 4:15 pm DST39T Assess and Guide Your DevOps Journey Leveraging Industry-leading DevOps Research 11/16/2017 at 11:30 am DST41T DevOps: Security’s Chance to Get It Right 11/16/2017 at 12:45 pm DST43T The CA Technologies Veracode Platform: 360 Degree View of Your Application’s Security 11/16/2017 at 2:30 pm
  • 41. 41 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Must See Demos Security Starts with Identity CA Identity Suite CA Identity Service Deliver Frictionless Access CA Advanced Authentication CA Single Sign-On CA Directory Control High Value Access CA Privileged Access Manager CA Threat Analytics for PAM Manage Your Software Risk CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Greenlight Sneak Peeks Cross-channel Fraud Prevention Threat Analytics Privileged Access for DevOps
  • 42. 42 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Stay connected at communities.ca.com Thank you.
  • 43. 43 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps For more information on DevSecOps, please visit: http://cainc.to/CAW17-DevSecOps