SlideShare a Scribd company logo

[EIC 2021] The Rise of the Developer in IAM

WSO2
WSO2

Everything is famously code today—cars are computers with wheels, appliances have Internet access, smart doors and houses are controlled from mobile phone apps. With all this code around, security is more of a challenge than ever. A central pillar of security is identity management: the technology that protects logins and controls access. This, too, is becoming code to work with all the other code. Libraries for developers are essential, including ID controls in mobile and Web applications for initial sign on, single sign-on, federated sign-on, biometric authentication systems, and controlling access to sensitive data. And code itself is becoming code: automation systems for producing code, deploying code, updating code, configuring resources and access controls. IAM code has to be wherever it’s needed, when it’s needed, and automated, just like any other code. The better we do this, the more secure we all are with our ubiquitous computers.

Technology
1 of 13
Download to read offline
The Rise of the Developer in IAM Eric Newcomer, September 2021
Hello! Eric Newcomer CTO eric@wso2.com https://www.linkedin.com/in/enewcomer/ https://twitter.com/enewc ● Previously: ⦿ Global Head of Security Architecture and Strategy, Citi Consumer Bank ⦿ Chief Architect, Citi Treasury and Trade Services ⦿ CTO, IONA Technologies ⦿ Distinguished Engineer & Transaction Processing Architect at Digital Equipment
3 Key business use cases for Identity and Access Management (IAM) Enable access management for employee identities (B2E). Onboard partners and 3rd parties, and securely give them access to company resources by introducing minimal changes to the current system (B2B). Improve the digital user experience of customers by streamlining operations with respect to identity and access management (B2C). Enable a 360-degree view of customer identity data to assist company leadership to make informed decisions. Secure API access for both internally facing and externally facing APIs, including cloud and IoT.
Key challenges related to IAM adoption ● Developers are under pressure to produce ⦿ Security considerations can conflict with time to market ⦿ Security reviews and approvals take time and consume effort ● IAM is not something you can add in at the last minute ⦿ Need to have a design, plan, policy & standards selection ⦿ It’s like UX - login experience has to be identified before the its construction ● And it can actually be worse with automation ⦿ Security automation can be hard to change ⦿ Scanning tool selection & deployment requires specific ops skills 4
Meeting the challenges means getting the code right ● Provide security as code, keep developer focus in their IDEs ⦿ This helps developers bake security into their code & automation ⦿ Organizations can customize SDKs and libraries for standard processes & policies ● Policies expressed as code streamlines the security review & approval process ⦿ Security reviewers can check the code version & fingerprint ⦿ Preferably through automated scan results ● Developer skills are in high demand ⦿ Offer low code abstractions to improve productivity ⦿ Embed IAM knowledge in the code ⦿ Config and customize with GUIs ● Link apps to cloud services to ensure IAM keeps pace with innovation 5
Considerations for cloud native infrastructure* ● Clouds were designed to maximize sharing (e.g. for online shopping) and for Web and mobile apps ⦿ Strong IAM is key to customer satisfaction and avoiding “over privilege” incidents ● Clouds have different “perimeter security” principles defined by: ⦿ Resource permissions and policies – by design allow internet access ⦿ IAM systems – by design allow internet access ⦿ Network constraints - can be bypassed by shared resources ● Misconfigured policies/permissions may allow direct external access to company resources (regardless of network and IAM) ● Security teams can not prevent these misconfigurations (since they can be done at the app level) 6 *See “Banking on the Cloud” Newcomer, Ivaturi, Schulman, HPTS 2019
How “Security as code” or “shift left” help ● Implement strong authentication policies (i.e. FIDO MFA) in code ⦿ Use config GUIs to configure desired authenticators and generate SDK ⦿ Pipeline builds include the IAM policies and auto test ● Auto detect and replace open source vulnerabilities ⦿ E.g. http-proxy versions prior to 1.18.1 to prevent possible DOS attack ⦿ Pipeline scan open source libraries for known issues and apply updates ● Detect and remediate crypto vulnerabilities in code ⦿ E.g. issue in AWS Crypto SDK for GoLang prior to V2 allows changing AES-GCM to AES-CTR and reveal authentication keys ● Configure CI/CD pipelines to include Docker scanning, etc ⦿ Containers are immutable and cannot be patched ⦿ Put in the time to ensure the containers are secure 7
8 Developer-focused Identity and Access Management (IAM) Every service, API, device and person has a managed identity ● Digital identity is a critical part of digital business ● “Everything is code” - cars, phones, appliances, homes... The digital identity developer is becoming more prominent than the administrator ● Customer IAM needs to integrate with multiple systems (CRM, CDM, CMS, Marketing Automation, etc.) ● Application developers lack IAM specialization Organizations need an agile, event-driven customer IAM platform that can flex to meet both new business opportunities and new challenges. ● Across multiple environments, multi-cloud, on prem, hybrid
CIAM developer requirements ● Accelerating digital transformation initiatives requires an identity-centric approach ⦿ Leverage cloud based technologies for rapid deployment of critical apps ⦿ Rapidly pivot to new business paradigms as market conditions change ● Global privacy requirements can affect brand or create fines ⦿ Customers/users want a degree of control of how their data is collected/stored and managed ● Scarcity of IAM specialized developers ⦿ Connecting disparate IAM systems to get a unified view of a customer/users can be challenging, time consuming and costly ⦿ Business requirements change frequently and it becomes costly and time consuming to continuously implement changes
How CIAM as code helps 10 Take the complexity out of managing user access and enable building secure and frictionless customer experiences in minutes ● Provide libraries and SDKs for developers to include in their application projects early on ● Include code in CI/CD pipeline auto builds and testing stages ● Ensure security team reviews are more likely to be ‘check the box’ activities than finding issues ● Reduce time to market by providing needed code - developers don’t have to search for it
11 Maturity Model for CIAM
12 Identity Gateway Developer Portal How WSO2 is helping drive IAM/CIAM as code Management Portal Marketplace Self Service Portal Analytics SDKs Agents Tools
wso2.com Thanks!

Recommended

Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
EBE 2020 The Evolution of E-commerce Systems
EBE 2020 The Evolution of E-commerce SystemsEBE 2020 The Evolution of E-commerce Systems
EBE 2020 The Evolution of E-commerce SystemsE-Commerce Berlin EXPO
 
eBMS Business Management Systems
eBMS Business Management SystemseBMS Business Management Systems
eBMS Business Management SystemsAggie Baranda
 
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays
 
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...WSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]WSO2
 

Recommended

Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
EBE 2020 The Evolution of E-commerce Systems
EBE 2020 The Evolution of E-commerce SystemsEBE 2020 The Evolution of E-commerce Systems
EBE 2020 The Evolution of E-commerce SystemsE-Commerce Berlin EXPO
 
eBMS Business Management Systems
eBMS Business Management SystemseBMS Business Management Systems
eBMS Business Management SystemsAggie Baranda
 
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays
 
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...WSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]WSO2
 
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
2007 12 - gsma - pay-buy - business opportunty analysis
2007 12 - gsma - pay-buy - business opportunty analysis2007 12 - gsma - pay-buy - business opportunty analysis
2007 12 - gsma - pay-buy - business opportunty analysisBoni
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Apigee | Google Cloud
 
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureWSO2
 
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...apidays
 
[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...
[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...
[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...WSO2
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...ForgeRock
 
apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...
apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...
apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...apidays
 
2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation CenterForgeRock
 
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...Yenlo
 
The Future of Digital IAM
The Future of Digital IAMThe Future of Digital IAM
The Future of Digital IAMWSO2
 
20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)apidays
 
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays
 
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...apidays
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays
 
Open Technology Platform for Digital Transformation
Open Technology Platform for Digital TransformationOpen Technology Platform for Digital Transformation
Open Technology Platform for Digital TransformationWSO2
 
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays
 
2015 Identity Summit - Stepping Up to New Data Protection Challenges
2015 Identity Summit - Stepping Up to New Data Protection Challenges2015 Identity Summit - Stepping Up to New Data Protection Challenges
2015 Identity Summit - Stepping Up to New Data Protection ChallengesForgeRock
 
Secure Identity: The Future is Now
Secure Identity: The Future is NowSecure Identity: The Future is Now
Secure Identity: The Future is NowLane Billings
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern ArchitecturesSecureAuth
 

More Related Content

What's hot

apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
2007 12 - gsma - pay-buy - business opportunty analysis
2007 12 - gsma - pay-buy - business opportunty analysis2007 12 - gsma - pay-buy - business opportunty analysis
2007 12 - gsma - pay-buy - business opportunty analysisBoni
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Apigee | Google Cloud
 
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureWSO2
 
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...apidays
 
[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...
[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...
[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...WSO2
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...ForgeRock
 
apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...
apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...
apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...apidays
 
2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation CenterForgeRock
 
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...Yenlo
 
The Future of Digital IAM
The Future of Digital IAMThe Future of Digital IAM
The Future of Digital IAMWSO2
 
20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)apidays
 
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays
 
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...apidays
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays
 
Open Technology Platform for Digital Transformation
Open Technology Platform for Digital TransformationOpen Technology Platform for Digital Transformation
Open Technology Platform for Digital TransformationWSO2
 
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays
 
2015 Identity Summit - Stepping Up to New Data Protection Challenges
2015 Identity Summit - Stepping Up to New Data Protection Challenges2015 Identity Summit - Stepping Up to New Data Protection Challenges
2015 Identity Summit - Stepping Up to New Data Protection ChallengesForgeRock
 

What's hot (20)

apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
2007 12 - gsma - pay-buy - business opportunty analysis
2007 12 - gsma - pay-buy - business opportunty analysis2007 12 - gsma - pay-buy - business opportunty analysis
2007 12 - gsma - pay-buy - business opportunty analysis
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?
 
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking Architecture
 
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
 
[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...
[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...
[WSO2 Integration Summit Singapore 2019] Building the Next Generation Digital...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...
apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...
apidays LIVE London 2021 - Best practices when monetizing APIs by Derric Gill...
 
2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center
 
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
 
The Future of Digital IAM
The Future of Digital IAMThe Future of Digital IAM
The Future of Digital IAM
 
20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)20211027 apidays london - business model innovation final v1.0 (1)
20211027 apidays london - business model innovation final v1.0 (1)
 
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
apidays LIVE Jakarta - Follow the money: connecting payments by Luis Ereneta,...
 
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
 
Open Technology Platform for Digital Transformation
Open Technology Platform for Digital TransformationOpen Technology Platform for Digital Transformation
Open Technology Platform for Digital Transformation
 
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
 
2015 Identity Summit - Stepping Up to New Data Protection Challenges
2015 Identity Summit - Stepping Up to New Data Protection Challenges2015 Identity Summit - Stepping Up to New Data Protection Challenges
2015 Identity Summit - Stepping Up to New Data Protection Challenges
 

Similar to [EIC 2021] The Rise of the Developer in IAM

Secure Identity: The Future is Now
Secure Identity: The Future is NowSecure Identity: The Future is Now
Secure Identity: The Future is NowLane Billings
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern ArchitecturesSecureAuth
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceIBM Security
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...apidays
 
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyWhite Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyGigya
 
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!JessiRyan1
 
Responsible Consumer Identity and Access Management (CIAM): Architecting High...
Responsible Consumer Identity and Access Management (CIAM): Architecting High...Responsible Consumer Identity and Access Management (CIAM): Architecting High...
Responsible Consumer Identity and Access Management (CIAM): Architecting High...Enterprise Management Associates
 
The Five Pillars of Customer Identity and Access Management (CIAM)
The Five Pillars of Customer Identity and Access Management (CIAM)The Five Pillars of Customer Identity and Access Management (CIAM)
The Five Pillars of Customer Identity and Access Management (CIAM)WSO2
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...Enterprise Management Associates
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxArchana833240
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Symantec Brasil
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptxssuserc1c6091
 
UK Integration WebSphere User Group - MultiSpeed IT
UK Integration WebSphere User Group - MultiSpeed ITUK Integration WebSphere User Group - MultiSpeed IT
UK Integration WebSphere User Group - MultiSpeed ITAndyHumphreys
 
Business in 2020 and the Top Technology Trends
Business in 2020 and the Top Technology TrendsBusiness in 2020 and the Top Technology Trends
Business in 2020 and the Top Technology TrendsSoftClouds LLC
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...IBM Security
 

Similar to [EIC 2021] The Rise of the Developer in IAM (20)

Secure Identity: The Future is Now
Secure Identity: The Future is NowSecure Identity: The Future is Now
Secure Identity: The Future is Now
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
 
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyWhite Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
 
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
 
Onegini Brochure
Onegini BrochureOnegini Brochure
Onegini Brochure
 
Responsible Consumer Identity and Access Management (CIAM): Architecting High...
Responsible Consumer Identity and Access Management (CIAM): Architecting High...Responsible Consumer Identity and Access Management (CIAM): Architecting High...
Responsible Consumer Identity and Access Management (CIAM): Architecting High...
 
The Five Pillars of Customer Identity and Access Management (CIAM)
The Five Pillars of Customer Identity and Access Management (CIAM)The Five Pillars of Customer Identity and Access Management (CIAM)
The Five Pillars of Customer Identity and Access Management (CIAM)
 
Uid101 intro preso
Uid101 intro presoUid101 intro preso
Uid101 intro preso
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptx
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx
 
UK Integration WebSphere User Group - MultiSpeed IT
UK Integration WebSphere User Group - MultiSpeed ITUK Integration WebSphere User Group - MultiSpeed IT
UK Integration WebSphere User Group - MultiSpeed IT
 
Business in 2020 and the Top Technology Trends
Business in 2020 and the Top Technology TrendsBusiness in 2020 and the Top Technology Trends
Business in 2020 and the Top Technology Trends
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
 

More from WSO2

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 

More from WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Recently uploaded

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 

Recently uploaded (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 

[EIC 2021] The Rise of the Developer in IAM

  • 1. The Rise of the Developer in IAM Eric Newcomer, September 2021
  • 2. Hello! Eric Newcomer CTO eric@wso2.com https://www.linkedin.com/in/enewcomer/ https://twitter.com/enewc ● Previously: ⦿ Global Head of Security Architecture and Strategy, Citi Consumer Bank ⦿ Chief Architect, Citi Treasury and Trade Services ⦿ CTO, IONA Technologies ⦿ Distinguished Engineer & Transaction Processing Architect at Digital Equipment
  • 3. 3 Key business use cases for Identity and Access Management (IAM) Enable access management for employee identities (B2E). Onboard partners and 3rd parties, and securely give them access to company resources by introducing minimal changes to the current system (B2B). Improve the digital user experience of customers by streamlining operations with respect to identity and access management (B2C). Enable a 360-degree view of customer identity data to assist company leadership to make informed decisions. Secure API access for both internally facing and externally facing APIs, including cloud and IoT.
  • 4. Key challenges related to IAM adoption ● Developers are under pressure to produce ⦿ Security considerations can conflict with time to market ⦿ Security reviews and approvals take time and consume effort ● IAM is not something you can add in at the last minute ⦿ Need to have a design, plan, policy & standards selection ⦿ It’s like UX - login experience has to be identified before the its construction ● And it can actually be worse with automation ⦿ Security automation can be hard to change ⦿ Scanning tool selection & deployment requires specific ops skills 4
  • 5. Meeting the challenges means getting the code right ● Provide security as code, keep developer focus in their IDEs ⦿ This helps developers bake security into their code & automation ⦿ Organizations can customize SDKs and libraries for standard processes & policies ● Policies expressed as code streamlines the security review & approval process ⦿ Security reviewers can check the code version & fingerprint ⦿ Preferably through automated scan results ● Developer skills are in high demand ⦿ Offer low code abstractions to improve productivity ⦿ Embed IAM knowledge in the code ⦿ Config and customize with GUIs ● Link apps to cloud services to ensure IAM keeps pace with innovation 5
  • 6. Considerations for cloud native infrastructure* ● Clouds were designed to maximize sharing (e.g. for online shopping) and for Web and mobile apps ⦿ Strong IAM is key to customer satisfaction and avoiding “over privilege” incidents ● Clouds have different “perimeter security” principles defined by: ⦿ Resource permissions and policies – by design allow internet access ⦿ IAM systems – by design allow internet access ⦿ Network constraints - can be bypassed by shared resources ● Misconfigured policies/permissions may allow direct external access to company resources (regardless of network and IAM) ● Security teams can not prevent these misconfigurations (since they can be done at the app level) 6 *See “Banking on the Cloud” Newcomer, Ivaturi, Schulman, HPTS 2019
  • 7. How “Security as code” or “shift left” help ● Implement strong authentication policies (i.e. FIDO MFA) in code ⦿ Use config GUIs to configure desired authenticators and generate SDK ⦿ Pipeline builds include the IAM policies and auto test ● Auto detect and replace open source vulnerabilities ⦿ E.g. http-proxy versions prior to 1.18.1 to prevent possible DOS attack ⦿ Pipeline scan open source libraries for known issues and apply updates ● Detect and remediate crypto vulnerabilities in code ⦿ E.g. issue in AWS Crypto SDK for GoLang prior to V2 allows changing AES-GCM to AES-CTR and reveal authentication keys ● Configure CI/CD pipelines to include Docker scanning, etc ⦿ Containers are immutable and cannot be patched ⦿ Put in the time to ensure the containers are secure 7
  • 8. 8 Developer-focused Identity and Access Management (IAM) Every service, API, device and person has a managed identity ● Digital identity is a critical part of digital business ● “Everything is code” - cars, phones, appliances, homes... The digital identity developer is becoming more prominent than the administrator ● Customer IAM needs to integrate with multiple systems (CRM, CDM, CMS, Marketing Automation, etc.) ● Application developers lack IAM specialization Organizations need an agile, event-driven customer IAM platform that can flex to meet both new business opportunities and new challenges. ● Across multiple environments, multi-cloud, on prem, hybrid
  • 9. CIAM developer requirements ● Accelerating digital transformation initiatives requires an identity-centric approach ⦿ Leverage cloud based technologies for rapid deployment of critical apps ⦿ Rapidly pivot to new business paradigms as market conditions change ● Global privacy requirements can affect brand or create fines ⦿ Customers/users want a degree of control of how their data is collected/stored and managed ● Scarcity of IAM specialized developers ⦿ Connecting disparate IAM systems to get a unified view of a customer/users can be challenging, time consuming and costly ⦿ Business requirements change frequently and it becomes costly and time consuming to continuously implement changes
  • 10. How CIAM as code helps 10 Take the complexity out of managing user access and enable building secure and frictionless customer experiences in minutes ● Provide libraries and SDKs for developers to include in their application projects early on ● Include code in CI/CD pipeline auto builds and testing stages ● Ensure security team reviews are more likely to be ‘check the box’ activities than finding issues ● Reduce time to market by providing needed code - developers don’t have to search for it
  • 12. 12 Identity Gateway Developer Portal How WSO2 is helping drive IAM/CIAM as code Management Portal Marketplace Self Service Portal Analytics SDKs Agents Tools