SlideShare ist ein Scribd-Unternehmen logo

CIS14: API Security for the Cloud: Tales from the Trenches

CloudIDSummit
CloudIDSummit

Ross Garrett, Axway Examples of how organizations are securing APIs, examining the API security state of play for the cloud, including how they are implementing OAuth, managing keys, and handling API security in the real world.

Technologie
1 von 24
Downloaden Sie, um offline zu lesen
© 2014 Axway | Confidential 1 API Security for the Cloud Ross Garrett rgarrett@axway.com | @gssor Cloud Identity Summit 2014
© 2014 Axway | Confidential 2 Access Control isn’t this simple
© 2014 Axway | Confidential 3 Modern Enterprises have many open windows
© 2014 Axway | Confidential 4 Web APIs power the Open Enterprise
© 2014 Axway | Confidential 5 Identity is key to protecting APIs    
© 2014 Axway | Confidential 6 Identity is key to protecting APIs     ?  
© 2014 Axway | Confidential 7 User Experience is actually key    
© 2014 Axway | Confidential 8 There are many layers to a complete Security Solution API Gateway MDM   MAM   Firewalling   IAM   API   Security  
© 2014 Axway | Confidential 9 The Role of the API Gateway •  Threat Protection •  Encryption •  Authentication •  Authorization •  Policy Enforcement (E.g. Throttling)
© 2014 Axway | Confidential 10 A simple API Security example
© 2014 Axway | Confidential 11 The Role of the API Gateway Basic throttling or rate limiting, can prevent malicious access to public APIs
© 2014 Axway | Confidential 12 Basic Identity Federation
© 2014 Axway | Confidential 13 The Role of the API Gateway •  Securely bridging identity across domains –  Mediating between token formats •  Provide an STS overlay on top of existing IAM infrastructure –  Enabling the extension of identity assets to the cloud •  Track and audit usage
© 2014 Axway | Confidential 14 The password anti-pattern
© 2014 Axway | Confidential 15 Solving this problem with OAuth
© 2014 Axway | Confidential 16 The Role of the API Gateway •  Provide an OAuth façade on top of legacy IAM •  Clients should not be storing user passwords –  OAuth Tokens represent explicit authorization for a specific task •  Provide a centralized way to de-authorize clients –  Low latency token store
© 2014 Axway | Confidential 17 Leveraging Social Login
© 2014 Axway | Confidential 18 Leveraging Social Login
© 2014 Axway | Confidential 19 The Role of the API Gateway •  Apply Social Login at an infrastructure level –  Bringing API Access and SSO together •  Monitoring and Reporting –  Trends over time –  Audit trail •  Enterprise Identity Management Integration –  Adapters to directories, Web Access Management
© 2014 Axway | Confidential 20© 2014 Axway | Confidential 20 Some Customer Examples
© 2014 Axway | Confidential 21 Leading pharmacuetical company – SSO Solu6on   API Gateway API   Intranet Site Oracle Access Manager SharePoint Active Directory Web Browser •  Users have two passwords (one for Intranet, one for Sharepoint) •  Two user authentication technologies (Oracle and Microsoft) Challenge  
© 2014 Axway | Confidential 22 Large US Health Plan – Mobile Access Iden)ty  Management   Integra)on   Mobile  Devices   Solution SAML   Secure connection Oracle  SOA     Web  APIs   API Gateway API   •  Manage mobile (tablet, phone) access to medical systems •  Consolidate across Oracle and IBM identity systems Challenge  
© 2014 Axway | Confidential 23 Mutual fund provider Solution API Gateway Secure connection Check cookie Leading Mutual Fund Provider – Cloud Access •  Must authenticate clients against CA SiteMinder •  Must expose internal systems as APIs for Mobile apps to access •  Secure Connection to Salesforce Challenge   Encrypted Data
© 2014 Axway | Confidential 24 Thank-­‐you!   Ross Garrett rgarrett@axway.com | @gssor

Empfohlen

Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...
Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...
Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...Yenlo
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
Rapid Mobile App to API Integration
Rapid Mobile App to API IntegrationRapid Mobile App to API Integration
Rapid Mobile App to API IntegrationAkana
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsWSO2
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security LifecycleApigee | Google Cloud
 
Secure by design: Scaling security across the enterprise
Secure by design: Scaling security across the enterpriseSecure by design: Scaling security across the enterprise
Secure by design: Scaling security across the enterpriseMuleSoft
 
A journey in the API Economy - Riccardo Pulcini - Codemotion Rome 2018
A journey in the API Economy - Riccardo Pulcini - Codemotion Rome 2018A journey in the API Economy - Riccardo Pulcini - Codemotion Rome 2018
A journey in the API Economy - Riccardo Pulcini - Codemotion Rome 2018Codemotion
 
Enhancing your Security APIs
Enhancing your Security APIsEnhancing your Security APIs
Enhancing your Security APIsApigee | Google Cloud
 

Empfohlen

Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...
Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...
Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy in...Yenlo
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
Rapid Mobile App to API Integration
Rapid Mobile App to API IntegrationRapid Mobile App to API Integration
Rapid Mobile App to API IntegrationAkana
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsWSO2
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security LifecycleApigee | Google Cloud
 
Secure by design: Scaling security across the enterprise
Secure by design: Scaling security across the enterpriseSecure by design: Scaling security across the enterprise
Secure by design: Scaling security across the enterpriseMuleSoft
 
A journey in the API Economy - Riccardo Pulcini - Codemotion Rome 2018
A journey in the API Economy - Riccardo Pulcini - Codemotion Rome 2018A journey in the API Economy - Riccardo Pulcini - Codemotion Rome 2018
A journey in the API Economy - Riccardo Pulcini - Codemotion Rome 2018Codemotion
 
Enhancing your Security APIs
Enhancing your Security APIsEnhancing your Security APIs
Enhancing your Security APIsApigee | Google Cloud
 
Why APIs are not SOA++
Why APIs are not SOA++Why APIs are not SOA++
Why APIs are not SOA++Apigee | Google Cloud
 
Protect your APIs from Cyber Threats
Protect your APIs from Cyber ThreatsProtect your APIs from Cyber Threats
Protect your APIs from Cyber ThreatsApigee | Google Cloud
 
Api management best practices with wso2 api manager
Api management best practices with wso2 api managerApi management best practices with wso2 api manager
Api management best practices with wso2 api managerChanaka Fernando
 
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...Profesia Srl, Lynx Group
 
Object Store
Object StoreObject Store
Object StoreMuleSoft
 
Intermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoIntermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoAkana
 
What Does API Monitoring Mean for Product Managers?
What Does API Monitoring Mean for Product Managers?What Does API Monitoring Mean for Product Managers?
What Does API Monitoring Mean for Product Managers?Derric Gilling
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsApigee | Google Cloud
 
WSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementWSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementEdgar Silva
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...ForgeRock
 
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Ricardo Rodríguez
 
API Security using Mulesoft
API Security using MulesoftAPI Security using Mulesoft
API Security using MulesoftPritam Prakash
 
Building APIs for Core Systems with Anypoint Platform
Building APIs for Core Systems with Anypoint PlatformBuilding APIs for Core Systems with Anypoint Platform
Building APIs for Core Systems with Anypoint PlatformMuleSoft
 
[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...
[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...
[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...WSO2
 
Building APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureBuilding APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureApigee | Google Cloud
 
What's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform ManagementWhat's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform ManagementMuleSoft
 
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWSAdvanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWSApigee | Google Cloud
 
Wso2 Api Manager
Wso2 Api ManagerWso2 Api Manager
Wso2 Api ManagerWalaa Hamdy Assy
 
Leveraging federation capabilities of identity server for api gateway
Leveraging federation capabilities of identity server for api gatewayLeveraging federation capabilities of identity server for api gateway
Leveraging federation capabilities of identity server for api gatewayPushpalanka Jayawardhana
 
Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)
Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)
Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)ACA IT-Solutions
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 

Weitere ähnliche Inhalte

Was ist angesagt?

Protect your APIs from Cyber Threats
Protect your APIs from Cyber ThreatsProtect your APIs from Cyber Threats
Protect your APIs from Cyber ThreatsApigee | Google Cloud
 
Api management best practices with wso2 api manager
Api management best practices with wso2 api managerApi management best practices with wso2 api manager
Api management best practices with wso2 api managerChanaka Fernando
 
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...Profesia Srl, Lynx Group
 
Object Store
Object StoreObject Store
Object StoreMuleSoft
 
Intermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoIntermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoAkana
 
What Does API Monitoring Mean for Product Managers?
What Does API Monitoring Mean for Product Managers?What Does API Monitoring Mean for Product Managers?
What Does API Monitoring Mean for Product Managers?Derric Gilling
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsApigee | Google Cloud
 
WSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementWSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementEdgar Silva
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...ForgeRock
 
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Ricardo Rodríguez
 
API Security using Mulesoft
API Security using MulesoftAPI Security using Mulesoft
API Security using MulesoftPritam Prakash
 
Building APIs for Core Systems with Anypoint Platform
Building APIs for Core Systems with Anypoint PlatformBuilding APIs for Core Systems with Anypoint Platform
Building APIs for Core Systems with Anypoint PlatformMuleSoft
 
[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...
[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...
[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...WSO2
 
Building APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureBuilding APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureApigee | Google Cloud
 
What's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform ManagementWhat's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform ManagementMuleSoft
 
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWSAdvanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWSApigee | Google Cloud
 

Was ist angesagt? (19)

Why APIs are not SOA++
Why APIs are not SOA++Why APIs are not SOA++
Why APIs are not SOA++
 
Protect your APIs from Cyber Threats
Protect your APIs from Cyber ThreatsProtect your APIs from Cyber Threats
Protect your APIs from Cyber Threats
 
Api management best practices with wso2 api manager
Api management best practices with wso2 api managerApi management best practices with wso2 api manager
Api management best practices with wso2 api manager
 
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
 
Object Store
Object StoreObject Store
Object Store
 
Intermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoIntermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and Demo
 
What Does API Monitoring Mean for Product Managers?
What Does API Monitoring Mean for Product Managers?What Does API Monitoring Mean for Product Managers?
What Does API Monitoring Mean for Product Managers?
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
 
WSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementWSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API Management
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
 
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
 
API Security using Mulesoft
API Security using MulesoftAPI Security using Mulesoft
API Security using Mulesoft
 
Building APIs for Core Systems with Anypoint Platform
Building APIs for Core Systems with Anypoint PlatformBuilding APIs for Core Systems with Anypoint Platform
Building APIs for Core Systems with Anypoint Platform
 
[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...
[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...
[WSO2 Integration Summit London 2019] An API-enabled Journey Towards Empoweri...
 
Building APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureBuilding APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft Azure
 
What's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform ManagementWhat's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform Management
 
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWSAdvanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
 
Wso2 Api Manager
Wso2 Api ManagerWso2 Api Manager
Wso2 Api Manager
 

Andere mochten auch

Leveraging federation capabilities of identity server for api gateway
Leveraging federation capabilities of identity server for api gatewayLeveraging federation capabilities of identity server for api gateway
Leveraging federation capabilities of identity server for api gatewayPushpalanka Jayawardhana
 
Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)
Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)
Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)ACA IT-Solutions
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA Technologies
 
Build and Manage Your APIs with Amazon API Gateway
Build and Manage Your APIs with Amazon API GatewayBuild and Manage Your APIs with Amazon API Gateway
Build and Manage Your APIs with Amazon API GatewayAmazon Web Services
 

Andere mochten auch (7)

Leveraging federation capabilities of identity server for api gateway
Leveraging federation capabilities of identity server for api gatewayLeveraging federation capabilities of identity server for api gateway
Leveraging federation capabilities of identity server for api gateway
 
Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)
Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)
Axway Introduction & Digital Business (by Jo Van Audenhove & Rogier van Boxtel)
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application Security
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
Oracle API Gateway
Oracle API GatewayOracle API Gateway
Oracle API Gateway
 
Build and Manage Your APIs with Amazon API Gateway
Build and Manage Your APIs with Amazon API GatewayBuild and Manage Your APIs with Amazon API Gateway
Build and Manage Your APIs with Amazon API Gateway
 

Ähnlich wie CIS14: API Security for the Cloud: Tales from the Trenches

Transforming Your Business Through APIs
Transforming Your Business Through APIsTransforming Your Business Through APIs
Transforming Your Business Through APIsApigee | Google Cloud
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014Andrew Ames
 
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...ishaigor
 
Modernise your IT landscape with APIs and Microservices
Modernise your IT landscape with APIs and MicroservicesModernise your IT landscape with APIs and Microservices
Modernise your IT landscape with APIs and MicroservicesColin McGovern
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerRajat Vijayvargiya
 
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...CA Technologies
 
Microservices under the microscope
Microservices under the microscopeMicroservices under the microscope
Microservices under the microscopeRoss Garrett
 
Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API SecurityAkana
 
Managed methods template
Managed methods templateManaged methods template
Managed methods templateSelf Employed
 
Creating the Borderless Workplace
Creating the Borderless WorkplaceCreating the Borderless Workplace
Creating the Borderless WorkplaceCA Technologies
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceKasun Indrasiri
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your APISmartBear
 
Webcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge MicrogatewayWebcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge MicrogatewayApigee | Google Cloud
 
API Economy - Cuomo
API Economy - Cuomo API Economy - Cuomo
API Economy - Cuomo Prolifics
 
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraConfronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraAkana
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 

Ähnlich wie CIS14: API Security for the Cloud: Tales from the Trenches (20)

Transforming Your Business Through APIs
Transforming Your Business Through APIsTransforming Your Business Through APIs
Transforming Your Business Through APIs
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
 
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
 
Modernise your IT landscape with APIs and Microservices
Modernise your IT landscape with APIs and MicroservicesModernise your IT landscape with APIs and Microservices
Modernise your IT landscape with APIs and Microservices
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps Enabler
 
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
 
Microservices under the microscope
Microservices under the microscopeMicroservices under the microscope
Microservices under the microscope
 
Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API Security
 
Managed methods template
Managed methods templateManaged methods template
Managed methods template
 
Creating the Borderless Workplace
Creating the Borderless WorkplaceCreating the Borderless Workplace
Creating the Borderless Workplace
 
Managing APIs with MuleSoft
Managing APIs with MuleSoftManaging APIs with MuleSoft
Managing APIs with MuleSoft
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your API
 
Webcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge MicrogatewayWebcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge Microgateway
 
API Economy - Cuomo
API Economy - Cuomo API Economy - Cuomo
API Economy - Cuomo
 
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraConfronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking Era
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 

Mehr von CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

Mehr von CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

CIS14: API Security for the Cloud: Tales from the Trenches

  • 1. © 2014 Axway | Confidential 1 API Security for the Cloud Ross Garrett rgarrett@axway.com | @gssor Cloud Identity Summit 2014
  • 2. © 2014 Axway | Confidential 2 Access Control isn’t this simple
  • 3. © 2014 Axway | Confidential 3 Modern Enterprises have many open windows
  • 4. © 2014 Axway | Confidential 4 Web APIs power the Open Enterprise
  • 5. © 2014 Axway | Confidential 5 Identity is key to protecting APIs    
  • 6. © 2014 Axway | Confidential 6 Identity is key to protecting APIs     ?  
  • 7. © 2014 Axway | Confidential 7 User Experience is actually key    
  • 8. © 2014 Axway | Confidential 8 There are many layers to a complete Security Solution API Gateway MDM   MAM   Firewalling   IAM   API   Security  
  • 9. © 2014 Axway | Confidential 9 The Role of the API Gateway •  Threat Protection •  Encryption •  Authentication •  Authorization •  Policy Enforcement (E.g. Throttling)
  • 10. © 2014 Axway | Confidential 10 A simple API Security example
  • 11. © 2014 Axway | Confidential 11 The Role of the API Gateway Basic throttling or rate limiting, can prevent malicious access to public APIs
  • 12. © 2014 Axway | Confidential 12 Basic Identity Federation
  • 13. © 2014 Axway | Confidential 13 The Role of the API Gateway •  Securely bridging identity across domains –  Mediating between token formats •  Provide an STS overlay on top of existing IAM infrastructure –  Enabling the extension of identity assets to the cloud •  Track and audit usage
  • 14. © 2014 Axway | Confidential 14 The password anti-pattern
  • 15. © 2014 Axway | Confidential 15 Solving this problem with OAuth
  • 16. © 2014 Axway | Confidential 16 The Role of the API Gateway •  Provide an OAuth façade on top of legacy IAM •  Clients should not be storing user passwords –  OAuth Tokens represent explicit authorization for a specific task •  Provide a centralized way to de-authorize clients –  Low latency token store
  • 17. © 2014 Axway | Confidential 17 Leveraging Social Login
  • 18. © 2014 Axway | Confidential 18 Leveraging Social Login
  • 19. © 2014 Axway | Confidential 19 The Role of the API Gateway •  Apply Social Login at an infrastructure level –  Bringing API Access and SSO together •  Monitoring and Reporting –  Trends over time –  Audit trail •  Enterprise Identity Management Integration –  Adapters to directories, Web Access Management
  • 20. © 2014 Axway | Confidential 20© 2014 Axway | Confidential 20 Some Customer Examples
  • 21. © 2014 Axway | Confidential 21 Leading pharmacuetical company – SSO Solu6on   API Gateway API   Intranet Site Oracle Access Manager SharePoint Active Directory Web Browser •  Users have two passwords (one for Intranet, one for Sharepoint) •  Two user authentication technologies (Oracle and Microsoft) Challenge  
  • 22. © 2014 Axway | Confidential 22 Large US Health Plan – Mobile Access Iden)ty  Management   Integra)on   Mobile  Devices   Solution SAML   Secure connection Oracle  SOA     Web  APIs   API Gateway API   •  Manage mobile (tablet, phone) access to medical systems •  Consolidate across Oracle and IBM identity systems Challenge  
  • 23. © 2014 Axway | Confidential 23 Mutual fund provider Solution API Gateway Secure connection Check cookie Leading Mutual Fund Provider – Cloud Access •  Must authenticate clients against CA SiteMinder •  Must expose internal systems as APIs for Mobile apps to access •  Secure Connection to Salesforce Challenge   Encrypted Data
  • 24. © 2014 Axway | Confidential 24 Thank-­‐you!   Ross Garrett rgarrett@axway.com | @gssor