CIS14: API Security for the Cloud: Tales from the Trenches

•

1 gefällt mir•1,011 views

Ross Garrett, Axway Examples of how organizations are securing APIs, examining the API security state of play for the cloud, including how they are implementing OAuth, managing keys, and handling API security in the real world.

Technologie

© 2014 Axway | Confidential 1
API Security for the Cloud
Ross Garrett
rgarrett@axway.com | @gssor
Cloud Identity Summit 2014

© 2014 Axway | Confidential 2
Access Control isn’t this simple

© 2014 Axway | Confidential 3
Modern Enterprises have many open
windows

© 2014 Axway | Confidential 4
Web APIs power the Open Enterprise

© 2014 Axway | Confidential 5
Identity is key to protecting APIs

© 2014 Axway | Confidential 6
Identity is key to protecting APIs

?

© 2014 Axway | Confidential 7
User Experience is actually key

© 2014 Axway | Confidential 8
There are many layers to a complete
Security Solution
API Gateway
MDM
MAM
Firewalling
IAM
API

Security

© 2014 Axway | Confidential 9
The Role of the API Gateway
•  Threat Protection
•  Encryption
•  Authentication
•  Authorization
•  Policy Enforcement (E.g. Throttling)

© 2014 Axway | Confidential 10
A simple API Security example

© 2014 Axway | Confidential 11
The Role of the API Gateway
Basic throttling or rate limiting, can prevent malicious
access to public APIs

© 2014 Axway | Confidential 12
Basic Identity Federation

© 2014 Axway | Confidential 13
The Role of the API Gateway
•  Securely bridging identity across domains
–  Mediating between token formats
•  Provide an STS overlay on top of existing IAM
infrastructure
–  Enabling the extension of identity assets to the cloud
•  Track and audit usage

© 2014 Axway | Confidential 14
The password anti-pattern

© 2014 Axway | Confidential 15
Solving this problem with OAuth

© 2014 Axway | Confidential 16
The Role of the API Gateway
•  Provide an OAuth façade on top of legacy IAM
•  Clients should not be storing user passwords
–  OAuth Tokens represent explicit authorization for a
specific task
•  Provide a centralized way to de-authorize clients
–  Low latency token store

© 2014 Axway | Confidential 17
Leveraging Social Login

© 2014 Axway | Confidential 18
Leveraging Social Login

© 2014 Axway | Confidential 19
The Role of the API Gateway
•  Apply Social Login at an infrastructure level
–  Bringing API Access and SSO together
•  Monitoring and Reporting
–  Trends over time
–  Audit trail
•  Enterprise Identity Management Integration
–  Adapters to directories, Web Access Management

© 2014 Axway | Confidential 20© 2014 Axway | Confidential 20
Some Customer Examples

© 2014 Axway | Confidential 21
Leading pharmacuetical company – SSO
Solu6on

API Gateway
API

Intranet
Site
Oracle Access
Manager
SharePoint
Active
Directory
Web Browser
•  Users have
two
passwords
(one for
Intranet, one
for
Sharepoint)
•  Two user
authentication
technologies
(Oracle and
Microsoft)
Challenge

© 2014 Axway | Confidential 22
Large US Health Plan – Mobile Access
Iden)ty
Management

Integra)on

Mobile
Devices

Solution
SAML

Secure connection
Oracle
SOA

Web
APIs
API Gateway
API

•  Manage
mobile (tablet,
phone)
access to
medical
systems
•  Consolidate
across Oracle
and IBM
identity
systems
Challenge

© 2014 Axway | Confidential 23
Mutual fund
provider
Solution
API Gateway
Secure
connection
Check cookie
Leading Mutual Fund Provider – Cloud Access
•  Must
authenticate
clients against
CA SiteMinder
•  Must expose
internal
systems as
APIs for
Mobile apps
to access
•  Secure
Connection to
Salesforce
Challenge

Encrypted
Data

© 2014 Axway | Confidential 24
Thank-‐you!

Ross Garrett
rgarrett@axway.com | @gssor

Weitere ähnliche Inhalte

Was ist angesagt?

Why APIs are not SOA++

Apigee | Google Cloud

Protecting your pricing strategy from bad bots employed by your competitors, requires a data-driven approach to identify and stop bad bots—automatically. In this webcast, we'll explore ways to stop bad bots from impacting your enterprise applications, including: - understanding the nature of bot attacks and typical use cases - techniques to detect and stop bad bots, while allowing good bots in - implementing technologies in your security stack to protect against bots

Protect your APIs from Cyber Threats

Apigee | Google Cloud

Api management best practices with wso2 api manager

Chanaka Fernando

wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...

Profesia Srl, Lynx Group

Object Store

MuleSoft

Intermediary for Microsoft: Product Overview and Demo

Akana

What Does API Monitoring Mean for Product Managers?

Derric Gilling

The cloud is rapidly becoming the de-facto standard for deploying enterprise applications. Microservices are at the core of building cloud-native applications due to its proven advantages such as granularity, cloud-native deployment, and scalability. With the exponential growth of the consumer base of these service offerings, enforcing microservice/API security has become one of the biggest challenges to overcome. In this deck, we discuss: - The need for API/Microservices Security - The importance of delegating security enforcement to an API Gateway - API Authentication and Authorization methodologies - OAuth2 - The de-facto standard of API Authentication - Protection against cyber attacks and anomalies - Security aspects to consider when designing Single Page Applications (SPAs) Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/11/api-security-in-a-cloud-native-era/

API Security In Cloud Native Era

WSO2

Data-driven Security: Protect APIs from Adaptive Threats

Apigee | Google Cloud

WSO2 API Manager : Going beyond the just API Management

Edgar Silva

Description: This webinar will explore how to improve security by enforcing identity, ensuring the requests are correctly authorized to access the resources it’s requesting. How to leverage standards based identity, such as OAuth2, SAML or OpenID Connect or even social login, to make it easier for users, devices, things and API’s to interact with your digital services while improving security. Webinar Highlights: Overview of OpenIG Demo on the power of OpenIG’s gateway integration capabilities Demo of upcoming features in OpenIG 4.0, including throttling Q&A Join ForgeRock’s Product Manager of OpenDJ and OpenIG, Ludovic Poitou and Senior Product Marketing Manager, Justin Pirie, to discuss OpenIG.

OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...

ForgeRock

Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...

Ricardo Rodríguez

API Security using Mulesoft

Pritam Prakash

Building APIs for Core Systems with Anypoint Platform

MuleSoft

Integration plays an essential role at Elsevier, a global information analytics company and one of the world's major providers of scientific, technical, and medical information. Founded in 1880, Elsevier has a bold tradition of innovation and has embraced APIs to increase availability, security and adoption of information. John Underhill, an integration architect at Elsevier, will share the success story of moving to the right API maturity model by adopting microservices and automated DevOps using WSO2 API Manager. John will discuss how they implemented a successful API program, the challenges they faced, and some of the lessons learnt. Watch the session: https://wso2.com/integration-summit/london-2019/

[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...

WSO2

Building APIs with Apigee Edge and Microsoft Azure

Apigee | Google Cloud

Imagine the powerful insights and efficiency you could derive from a single management solution for both APIs and the cloud-to-cloud, cloud-to-ground, and ground-to-gound integrations that empower these APIs. With a unified runtime at the core of Anypoint Platform, this vision can become a reality. Join this session to learn how to architect and manage hybrid environments to deliver unprecedented visibility into your connectivity landscape.

What's New with Anypoint Platform? Unified Platform Management

MuleSoft

Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS

Apigee | Google Cloud

Wso2 Api Manager

Walaa Hamdy Assy

Was ist angesagt? (19)

Why APIs are not SOA++

Protect your APIs from Cyber Threats

Api management best practices with wso2 api manager

wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...

Object Store

Intermediary for Microsoft: Product Overview and Demo

What Does API Monitoring Mean for Product Managers?

API Security In Cloud Native Era

Data-driven Security: Protect APIs from Adaptive Threats

WSO2 API Manager : Going beyond the just API Management

OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...

Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...

API Security using Mulesoft

Building APIs for Core Systems with Anypoint Platform

[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...

Building APIs with Apigee Edge and Microsoft Azure

What's New with Anypoint Platform? Unified Platform Management

Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS

Wso2 Api Manager

Andere mochten auch

Leveraging federation capabilities of identity server for api gateway

Pushpalanka Jayawardhana

Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)

ACA IT-Solutions

Why do we use mobile devices? Simple – they’re easy to use and very convenient. So, why do we make it so hard for mobile consumers to do business with us by confronting them with multiple login screens and passwords? While security is essential to protecting mobile usage, convenience cannot be sacrificed. With the release of the CA Layer 7 Mobile Access Gateway 2.0 and its Mobile SDK, organizations can now achieve faster mobile consumer engagement, end-to-end mobile app security and convenient mobile Single Sign-On (SSO). In this webinar, Tyson Whitten and Leif Bildoy of CA Technologies explore the why and how of mobile SSO and the Mobile Access Gateway. You will learn • The mobile app choices you need to make to enable better consumer engagement • The connectivity and security implications of these choices • The mobile security solutions that balance security and convenience

Mobile SSO: Give App Users a Break from Typing Passwords

CA API Management

CA API Gateway: Web API and Application Security

CA Technologies

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a “front door” for applications to access data, business logic, or functionality from your back-end services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, or any Web application. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. Presented by: Danilo Poccia, Technical Evangelist, Amazon Web Services

Amazon API Gateway

Amazon Web Services

Oracle API Gateway

Rakesh Gujjarlapudi

Amazon API Gateway is a fully managed service that makes it easy for developers to create, deploy, secure and monitor APIs at any scale. In this session, you’ll find out how you can quickly declare an API interface and connect it to any public HTTP endpoint, existing web service running on Amazon Elastic Compute Cloud (Amazon EC2) or code running on AWS Lambda. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. Join us for this introductory session to Amazon API Gateway.

Build and Manage Your APIs with Amazon API Gateway

Amazon Web Services

Andere mochten auch (7)

Leveraging federation capabilities of identity server for api gateway

Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)

Mobile SSO: Give App Users a Break from Typing Passwords

CA API Gateway: Web API and Application Security

Amazon API Gateway

Oracle API Gateway

Build and Manage Your APIs with Amazon API Gateway

Ähnlich wie CIS14: API Security for the Cloud: Tales from the Trenches

Transforming Your Business Through APIs

Apigee | Google Cloud

CA SSO (formerly SiteMinder) has served the web access security functions of so many, yet the mobile channel is expanding how organizations think about security and APIs are the fundamental connectivity point. Acclaim Consulting, CA and National Rural Electric Cooperative Association (NRECA) present a strategy and solution for "future-proofing" security and SSO. Topics covered: • Centralizing security policy and auditing across multiple platforms and devices • Unified security using cookies or tokens for authorization and session management • Leveraging current investments in IT security assets and extending to mobile apps • Business Solution Collaboration - Security Architect and Application Developers

SSO Agility Made Possible - November 2014

Andrew Ames

Security is unfortunately a low-priority, nonfunctional requirement and is often overlooked as a result. Reworking it in an existing system is a daunting task, especially when it means providing different levels of security for internal and external calls. The whole undertaking is challenging, but it should not be so. Attending this session will show you a fast and easy way of introducing OAuth 2.0 authentication and authorization into any environment with minimal impact on M2M integrations already in place.

JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...

ishaigor

Modernise your IT landscape with APIs and Microservices

Colin McGovern

With APIs gaining momentum as the building blocks of Application Economy, an agile API platform architecture is key to aligning API based 'Dev with DevOps'. A platform that can either quickly adapt to incorporate disruptive changes and new architecture patterns like micro services/containerization on the back end or be extended to create seamless yet secure Apps and connected mobile experiences (IoT) on the front end is the foundation of a successful and complete DevOps strategy. It is also a competitive differentiators from time to market standpoint.

CA API Management: A DevOps Enabler

Rajat Vijayvargiya

OneAccess is CA Technologies’ IT integration of several different products, namely CA Single Sign-On and CA API Gateway, to provide a single mobile-based single sign-on to apps (internal and third party) that are not native to the mobile world. Users have an innovative and secure way to access a range of apps on their mobile devices, regardless of their location. For more information, please visit http://cainc.to/Nv2VOe

How CA Technologies Enables Its Own Employees and Secures Access to Applicati...

CA Technologies

QCon Beijing. Web APIs are the new de facto approach to architecture integration for all innovative digital business applications across cloud, mobile, B2B, Big Data or Internet of Things (IoT) technologies. For many of these projects, enterprise architecture and service delivery is adapting from an "inside-out" model towards a microservices and API First approach, which offers greater flexibility and agility around core IT services. In this session we investigate the promise of microservices, and consider how they will work in real enterprises with existing applications, complex SOA environments and strict organizational or governance structures.

Microservices under the microscope

Ross Garrett

Deconstructing API Security

Akana

Managed methods template

Self Employed

Creating the Borderless Workplace

CA Technologies

Managing APIs with MuleSoft

Guilherme Pereira Silva

In loosely coupled architectures, we must put in place application level security, should it be for client traffic (North-South) or intra-microservices traffic (East-West). In this webinar, we show you how the 42Crunch API firewall can be used to put API threat protection in place automatically, as early as design time. We’ll use a mix of slides and demos to present: (1) The various elements of security to consider in order to cover the full API security scope (infrastructure vs application level security) (2) Which threat protections must be put in place in a microservices architecture, and where (3) How to leverage OpenAPI (aka Swagger) to configure threat protection from design time (4) How to automate threat protection deployment

Protecting Microservices APIs with 42Crunch API Firewall

42Crunch

Today’s enterprise mobility solutions emphasize heavy-handed IT governance of devices and applications that impose a burden on developers and/or users. However, managing data and applications using high performance mobile-optimized infrastructure can enable secure, scalable apps while minimizing the effort required by developers and allowing them to focus on their strengths. Come learn how to facilitate the best of both worlds – multi-layer mobile security using modern standards and a fantastic user experience.

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...

CA API Management

API, Integration, and SOA Convergence

Kasun Indrasiri

Managing Identity without Boundaries

Ping Identity

Test and Protect Your API

SmartBear

Apigee Edge Microgateway is a lightweight solution which enables enterprises to manage their APIs in a hybrid cloud deployment setup, where API traffic flows through a gateway running close to the application while being managed centrally through the Edge Public or Private Cloud. In this deep-dive technical webcast, Apigee’s Prabhat Jha will: - discuss the features of the Edge Microgateway - explore use cases for hybrid cloud API management - conduct a Microgateway demo

Webcast: Deep-Dive Apigee Edge Microgateway

Apigee | Google Cloud

API Economy - Cuomo

Prolifics

Confronting API Security in the Brave New Open Banking Era

Akana

Moving beyond conventional single sign-on to seamless cross-device access with APIs People are carrying more devices every day – with the average being 2.9 per person. Meanwhile, multitasking has gone into overdrive, as users quickly move from laptop to phone to tablet, expecting a seamless experience when accessing their favorite apps. And this expectation is not just limited to leisure and personal use – it extends to business applications. Security has broken this seamless workflow and inhibited the mobile “stickiness” businesses are striving to achieve. This webinar with Scott Morrison and Leif Bildoy of CA Technologies will demonstrate how the right combination of identity functionality and secure APIs can help your organization to overcome these challenges and enable the multi-device universe. You Will Learn • What challenges must be overcome when supporting multiple mobile app types • How SSO is evolving past mobile app access to device access • Why the right implementation of identity and APIs will create consumer stickiness • How the Internet of Things (IoT) is creating new business opportunities

Enabling the Multi-Device Universe

CA API Management

Ähnlich wie CIS14: API Security for the Cloud: Tales from the Trenches (20)

Transforming Your Business Through APIs

SSO Agility Made Possible - November 2014

JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...

Modernise your IT landscape with APIs and Microservices

CA API Management: A DevOps Enabler

How CA Technologies Enables Its Own Employees and Secures Access to Applicati...

Microservices under the microscope

Deconstructing API Security

Managed methods template

Creating the Borderless Workplace

Managing APIs with MuleSoft

Protecting Microservices APIs with 42Crunch API Firewall

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...

API, Integration, and SOA Convergence

Managing Identity without Boundaries

Test and Protect Your API

Webcast: Deep-Dive Apigee Edge Microgateway

API Economy - Cuomo

Confronting API Security in the Brave New Open Banking Era

Enabling the Multi-Device Universe

Mehr von CloudIDSummit

CIS 2016 Content Highlights

CloudIDSummit

The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com. Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CloudIDSummit

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

CloudIDSummit

Mobile security, identity & authentication reasons for optimism 20150607 v2

CloudIDSummit

In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism. With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments. How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CloudIDSummit

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CloudIDSummit

Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them? In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CloudIDSummit

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CloudIDSummit

You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CloudIDSummit

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CloudIDSummit

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CloudIDSummit

The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CloudIDSummit

Companies and researchers are exploring ways to make software and hardware development easier for the masses. Soon you will be able to build your own autonomous drone, create a sensor that assess the watering needs of your plants, and develop a cat tracking device with minimal coding and hardware skills. What is the place of security and privacy in this exciting development? Are we building the next generation of Internet security vulnerabilities right now? In his talk Hannes Tschofenig will highlight challenges with Internet of Things, what role standardization plays, and what contributions ARM, a provider of microprocessor IP, is making to improve IoT security.

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CloudIDSummit

The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.

CIS 2015 The IDaaS Dating Game - Sean Deuby

CloudIDSummit

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CloudIDSummit

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CloudIDSummit

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CloudIDSummit

Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CloudIDSummit

Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CloudIDSummit

Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?

CIS 2015 Identity Relationship Management in the Internet of Things

CloudIDSummit

Mehr von CloudIDSummit (20)

CIS 2016 Content Highlights

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

Mobile security, identity & authentication reasons for optimism 20150607 v2

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CIS 2015 The IDaaS Dating Game - Sean Deuby

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CIS 2015 Identity Relationship Management in the Internet of Things

Kürzlich hochgeladen

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Developing An App To Navigate The Roads of Brazil

V3cube

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Real Time Object Detection Using Open CV

Khem

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Histor y of HAM Radio presentation slide

vu2urc

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

[2024]Digital Global Overview Report 2024 Meltwater.pdf

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Developing An App To Navigate The Roads of Brazil

Artificial Intelligence: Facts and Myths

presentation ICT roal in 21st century education

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

How to Troubleshoot Apps for the Modern Connected Worker

Driving Behavioral Change for Information Management through Data-Driven Gree...

Advantages of Hiring UIUX Design Service Providers for Your Business

Boost Fertility New Invention Ups Success Rates.pdf

Real Time Object Detection Using Open CV

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Finology Group – Insurtech Innovation Award 2024

Histor y of HAM Radio presentation slide

How to Troubleshoot Apps for the Modern Connected Worker

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

CIS14: API Security for the Cloud: Tales from the Trenches

13. © 2014 Axway | Confidential 13 The Role of the API Gateway •  Securely bridging identity across domains –  Mediating between token formats •  Provide an STS overlay on top of existing IAM infrastructure –  Enabling the extension of identity assets to the cloud •  Track and audit usage

16. © 2014 Axway | Confidential 16 The Role of the API Gateway •  Provide an OAuth façade on top of legacy IAM •  Clients should not be storing user passwords –  OAuth Tokens represent explicit authorization for a specific task •  Provide a centralized way to de-authorize clients –  Low latency token store

19. © 2014 Axway | Confidential 19 The Role of the API Gateway •  Apply Social Login at an infrastructure level –  Bringing API Access and SSO together •  Monitoring and Reporting –  Trends over time –  Audit trail •  Enterprise Identity Management Integration –  Adapters to directories, Web Access Management

21. © 2014 Axway | Confidential 21 Leading pharmacuetical company – SSO Solu6on API Gateway API Intranet Site Oracle Access Manager SharePoint Active Directory Web Browser •  Users have two passwords (one for Intranet, one for Sharepoint) •  Two user authentication technologies (Oracle and Microsoft) Challenge

22. © 2014 Axway | Confidential 22 Large US Health Plan – Mobile Access Iden)ty Management Integra)on Mobile Devices Solution SAML Secure connection Oracle SOA Web APIs API Gateway API •  Manage mobile (tablet, phone) access to medical systems •  Consolidate across Oracle and IBM identity systems Challenge

23. © 2014 Axway | Confidential 23 Mutual fund provider Solution API Gateway Secure connection Check cookie Leading Mutual Fund Provider – Cloud Access •  Must authenticate clients against CA SiteMinder •  Must expose internal systems as APIs for Mobile apps to access •  Secure Connection to Salesforce Challenge Encrypted Data

CIS14: API Security for the Cloud: Tales from the Trenches

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (19)

Andere mochten auch

Andere mochten auch (7)

Ähnlich wie CIS14: API Security for the Cloud: Tales from the Trenches

Ähnlich wie CIS14: API Security for the Cloud: Tales from the Trenches (20)

Mehr von CloudIDSummit

Mehr von CloudIDSummit (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

CIS14: API Security for the Cloud: Tales from the Trenches