SlideShare ist ein Scribd-Unternehmen logo

API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration Services, Adobe - Layer 7 User Conference Palo Alto

Als PPTX, PDF herunterladen
CA API Management
CA API Management

The session will enable you to understand what roles APIs play in any move to the cloud or for mobility. The presentation is NOT about technology but focuses on the decisions and considerations necessary to develop these APIs. You will also learn about some of the security “got ya’s” which you should avoid! Learn about decisions which were necessary for my company to pursue an API strategy through the Service Gateway – learn from our mistakes and come up with solid decisions for your implementation.

TechnologieBusiness
1 von 16
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 1 Copyright © 2013 CA. All rights reserved. API Roles in Cloud and Mobile Security Greg Olsen, IT Manager, Integration Services
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 2 Copyright © 2013 CA. All rights reserved.  Problem Statement  Service Gateway  API Portal  Current Condition  Q&A Agenda
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 3 Copyright © 2013 CA. All rights reserved. Problems Getting on the same page
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 4 Copyright © 2013 CA. All rights reserved.  Problem Statement 1: Insufficient capabilities allowing for service exposure and integration with customers, partners, external service providers, and applications residing outside our internal security domain (e.g., Amazon). Missing capabilities include consistent application of security policy, SLA management and enforcement, and easily usable administration interfaces.  Problem Statement 2: Need a central discovery method for all enterprise APIs. Missing capabilities include metrics and documentation. Problem Statments
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 5 Copyright © 2013 CA. All rights reserved.  The project which drove the Service Gateway Project: Manager’s Hub  1200 managers within Adobe  Need to approve invoices/sick leave/sabbatical forms/offer letters/etc. from internal applications (SAP) to SaaS services  The Manager’s Hub allows approvals to be done via smart phones, tablets and desktops – a mobile strategy  Second driver: SAP Hana Project  Implement 16 new services within Adobe and with select external vendors  Roll out on June 22, 2012  Deployed Development, Non-prod and Production in May 2012  Deployed first set of services into Production in June 2012 Problem 1 Solution: Service Gateway November 2011 until June 2012
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 6 Copyright © 2013 CA. All rights reserved. Service Gateway: Business Capabilities & Benefits Capability Area Capability Description Business Benefits Policy • Consistent service based policies across the enterprise • Ability to customize policies to meet changing or unique requirements • Creation, deployment and enforcement Ability to provide a more predictable and reliable level of service for key business functions Service Level • Service Performance • Throughput, Availability and Utilization Tracked over Time • Enforce established SLAs • Rate limiting to protect backend services Visibility to service performance measures allowing the business to track how well SLAs are being met Security • Authentication and Authorization (OAuth, SAML) • Denial of Service Detection • Encryption • XML attack and intrusion prevention (i.e., nesting, injection) Protection of key resources through the use of state of the art security mechanisms Deployment • Virtual appliance (VMware, Amazon AMI, etc.) • Hardware based appliance • Relevant to our current environments Leverages existing investments and allows for expansion into new environments where services are being developed
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 7 Copyright © 2013 CA. All rights reserved. Integration Principles, Technologies, Services and Tools REST, JSON, oAuth, SAML, X.509 Certs, PKCS, PCI-DSS, TLS, EDIINT (AS2), EDIFACT, ANSI X.12, SFTP, HTTP/HTTPS, XML, Xpath, XML Schema, XSLT, SOAP, WS-Security, WS- Trust, WSDL, WS-Policy, JMS TIBCO BW TIBCO EMS web Methods Informatica SAP PI Tumble weed Corticon PGP Apache CXF 7 Support Forum Self-Service Portal Online Training Virtual Dev Lab Service Composition Advanced Messaging Database Integration Event Processing Distributed Cache Managed File Transfer Service Access & Governance B2B Integration Business Rules Mgmt Loose Coupling, Simplicity, Service Orientation, Global Access, Cloud Capable, Reusability, Reliability, Transparency Enabling Standards and Technologies Products iPaaS Services iPaaS Tools (Self Service) Architecture Principles Layer 7 Gateway Layer 7 API Portal
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 8 Copyright © 2013 CA. All rights reserved. Service Gateway Use Cases: Priorities Use Case Use Case Use Case * REST to SOAP Mediation Apply Policies Based on Message Data * Resiliency Cross-Domain Service Mediation Dynamic Endpoint Lookup * Scalability * Authentication and Authorization Distributing Policies to Service Gateway Load Balancing * Logging and Auditing Service Level Management SSL Offload * Unexpected Velocity of Transactions Monitoring Health of the Service Gateway * Required – all else is a must have but can initially live without
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 9 Copyright © 2013 CA. All rights reserved.  The Gateway is faster at processing than the software in the backend – be prepared to throttle back the velocity of data!  Some authentication models may not be approved for use by your security teams  Today, we use IMS or SSO tokens and validate against IMS or OpenAM server  Originally, we wanted to use oAuth  Speed of adaption  Originally we thought we’d have at least one year to ramp up  Once it went live, EVERYONE wanted to use it  Our current volume is higher than we thought we’d be after one year – plan for rapid adaption Concerns and Caveats Service Gateway
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 10 Copyright © 2013 CA. All rights reserved.  Require a single location to find all the APIs flowing through the Service Gateway  Track usage of the APIs  Discovery of reusable APIs  Documentation  Sample code Problem 2 Solution: API Portal From April 2012 to August 2012
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 11 Copyright © 2013 CA. All rights reserved. API Portal
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 12 Copyright © 2013 CA. All rights reserved. Enterprise APIs 1. Publish & Secure APIs 2. Onboard Developers 3. Monetize your APIs Developer Technical/Security Architect Web Administrator Business Manager 4. Close the Loop API Portal API Portal: Part of Layer 7’s Turnkey Solution
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 13 Copyright © 2013 CA. All rights reserved.  All want the benefits of the portal but not the work  Documentation needs to be completed according to templates we’ve shared  Most teams do not want “another set of templates” even though the value is clear  Adaption is slower than anticipated  Reticence by some of our business units to use an IT-owned and operated application Concerns and Caveats API Portal
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 14 Copyright © 2013 CA. All rights reserved.  Developers look to off-load security work to the Service Gateway for all their APIs – can’t keep up with demand!  InfoSec looks to the Service Gateway to ensure data is compliant with internal policies  Network Security looks to the Service Gateway to monitor attacks from the outside (we get scanned for vulnerabilities about once every 3 days)  Statistics after one year (ahead of forecast): Today Ave. Calls Per Minute/Hour 95/5700 Max Calls Per Minute/Hour 907/54,420 Total Number of APIs 29 Number of BUs 7
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 15 Copyright © 2013 CA. All rights reserved.  Had two problems to solve: a central gateway for all services and APIs and a central registry for all those services and documentation  Caveats  Agreements by all (security and application owners) prior to production roll-out  General agreements by all developers to use API Portal Summary: A Few Words to Remember
© 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 16 Copyright © 2013 CA. All rights reserved. Q&A

Empfohlen

The Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityThe Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityDistil Networks
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseAkana
 
Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API SecurityAkana
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingJoshuaCiccone2
 
Crafting Your Oracle License, Contract and Vendor Management Strategy
Crafting Your Oracle License, Contract and Vendor Management StrategyCrafting Your Oracle License, Contract and Vendor Management Strategy
Crafting Your Oracle License, Contract and Vendor Management StrategyFlexera
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API SecurityApigee | Google Cloud
 

Empfohlen

The Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityThe Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityDistil Networks
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseAkana
 
Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API SecurityAkana
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingJoshuaCiccone2
 
Crafting Your Oracle License, Contract and Vendor Management Strategy
Crafting Your Oracle License, Contract and Vendor Management StrategyCrafting Your Oracle License, Contract and Vendor Management Strategy
Crafting Your Oracle License, Contract and Vendor Management StrategyFlexera
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API SecurityApigee | Google Cloud
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseCA API Management
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveApigee | Google Cloud
 
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led ConnectivityMuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led Connectivitysatyasekhar123
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIsApigee | Google Cloud
 
Unified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebUnified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebAkana
 
Manpower group idm-platform
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platformOracleIDM
 
Secure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSecure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSalesforce Developers
 
Building better security for your API platform using Azure API Management
Building better security for your API platform using Azure API ManagementBuilding better security for your API platform using Azure API Management
Building better security for your API platform using Azure API ManagementEldert Grootenboer
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API SecurityMuleSoft
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentImperva
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsApigee | Google Cloud
 
Security in mulesoft
Security in mulesoftSecurity in mulesoft
Security in mulesoftakshay yeluru
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps EraMike Kavis
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...CA API Management
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 Amazon Web Services
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 

Weitere ähnliche Inhalte

Was ist angesagt?

API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseCA API Management
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveApigee | Google Cloud
 
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led ConnectivityMuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led Connectivitysatyasekhar123
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIsApigee | Google Cloud
 
Unified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebUnified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebAkana
 
Manpower group idm-platform
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platformOracleIDM
 
Secure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSecure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSalesforce Developers
 
Building better security for your API platform using Azure API Management
Building better security for your API platform using Azure API ManagementBuilding better security for your API platform using Azure API Management
Building better security for your API platform using Azure API ManagementEldert Grootenboer
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API SecurityMuleSoft
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentImperva
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsApigee | Google Cloud
 
Security in mulesoft
Security in mulesoftSecurity in mulesoft
Security in mulesoftakshay yeluru
 

Was ist angesagt? (18)

API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the Enterprise
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
 
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led ConnectivityMuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
 
Unified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebUnified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the Web
 
Manpower group idm-platform
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platform
 
Secure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSecure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce Instance
 
Building better security for your API platform using Azure API Management
Building better security for your API platform using Azure API ManagementBuilding better security for your API platform using Azure API Management
Building better security for your API platform using Azure API Management
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS Environment
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
 
Security in mulesoft
Security in mulesoftSecurity in mulesoft
Security in mulesoft
 

Ähnlich wie API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration Services, Adobe - Layer 7 User Conference Palo Alto

Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps EraMike Kavis
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...CA API Management
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 Amazon Web Services
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOpsCloudPassage
 
Enterprise Cloud Management - 2013 EMC World presentation
Enterprise Cloud Management - 2013 EMC World presentationEnterprise Cloud Management - 2013 EMC World presentation
Enterprise Cloud Management - 2013 EMC World presentationServiceMesh
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018PureSec
 
HP Discover - Developing new applications for the cloud
HP Discover - Developing new applications for the cloudHP Discover - Developing new applications for the cloud
HP Discover - Developing new applications for the cloudBart Blommaerts
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsZscaler
 
Oracle ADF Architecture TV - Design - Architecting for ADF Mobile Integration
Oracle ADF Architecture TV - Design - Architecting for ADF Mobile IntegrationOracle ADF Architecture TV - Design - Architecting for ADF Mobile Integration
Oracle ADF Architecture TV - Design - Architecting for ADF Mobile IntegrationChris Muir
 
Implementing cloud based devops for distributed agile projects
Implementing cloud based devops for distributed agile projectsImplementing cloud based devops for distributed agile projects
Implementing cloud based devops for distributed agile projectsTom Stiehm
 
Big Data Fundamentals 6.6.18
Big Data Fundamentals 6.6.18Big Data Fundamentals 6.6.18
Big Data Fundamentals 6.6.18Cloudera, Inc.
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security EditionAPIsecure_ Official
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsApigee | Google Cloud
 
Why an innovative mobile strategy needs a robust API
Why an innovative mobile strategy needs a robust APIWhy an innovative mobile strategy needs a robust API
Why an innovative mobile strategy needs a robust APIManmohan Gupta
 
Why an Innovative Mobile Strategy Requires a Robust API
Why an Innovative Mobile Strategy Requires a Robust API Why an Innovative Mobile Strategy Requires a Robust API
Why an Innovative Mobile Strategy Requires a Robust API Software AG
 
Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013David Linthicum
 

Ähnlich wie API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration Services, Adobe - Layer 7 User Conference Palo Alto (20)

Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps Era
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
Enterprise Cloud Management - 2013 EMC World presentation
Enterprise Cloud Management - 2013 EMC World presentationEnterprise Cloud Management - 2013 EMC World presentation
Enterprise Cloud Management - 2013 EMC World presentation
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018
 
HP Discover - Developing new applications for the cloud
HP Discover - Developing new applications for the cloudHP Discover - Developing new applications for the cloud
HP Discover - Developing new applications for the cloud
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
Oracle ADF Architecture TV - Design - Architecting for ADF Mobile Integration
Oracle ADF Architecture TV - Design - Architecting for ADF Mobile IntegrationOracle ADF Architecture TV - Design - Architecting for ADF Mobile Integration
Oracle ADF Architecture TV - Design - Architecting for ADF Mobile Integration
 
Implementing cloud based devops for distributed agile projects
Implementing cloud based devops for distributed agile projectsImplementing cloud based devops for distributed agile projects
Implementing cloud based devops for distributed agile projects
 
Big Data Fundamentals 6.6.18
Big Data Fundamentals 6.6.18Big Data Fundamentals 6.6.18
Big Data Fundamentals 6.6.18
 
Big Data Fundamentals
Big Data FundamentalsBig Data Fundamentals
Big Data Fundamentals
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIs
 
Why an innovative mobile strategy needs a robust API
Why an innovative mobile strategy needs a robust APIWhy an innovative mobile strategy needs a robust API
Why an innovative mobile strategy needs a robust API
 
Why an Innovative Mobile Strategy Requires a Robust API
Why an Innovative Mobile Strategy Requires a Robust API Why an Innovative Mobile Strategy Requires a Robust API
Why an Innovative Mobile Strategy Requires a Robust API
 
Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013
 

Mehr von CA API Management

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataCA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer appsCA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
 

Mehr von CA API Management (20)

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIs
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your Data
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 

Kürzlich hochgeladen

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 

Kürzlich hochgeladen (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 

API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration Services, Adobe - Layer 7 User Conference Palo Alto

  • 1. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 1 Copyright © 2013 CA. All rights reserved. API Roles in Cloud and Mobile Security Greg Olsen, IT Manager, Integration Services
  • 2. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 2 Copyright © 2013 CA. All rights reserved.  Problem Statement  Service Gateway  API Portal  Current Condition  Q&A Agenda
  • 3. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 3 Copyright © 2013 CA. All rights reserved. Problems Getting on the same page
  • 4. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 4 Copyright © 2013 CA. All rights reserved.  Problem Statement 1: Insufficient capabilities allowing for service exposure and integration with customers, partners, external service providers, and applications residing outside our internal security domain (e.g., Amazon). Missing capabilities include consistent application of security policy, SLA management and enforcement, and easily usable administration interfaces.  Problem Statement 2: Need a central discovery method for all enterprise APIs. Missing capabilities include metrics and documentation. Problem Statments
  • 5. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 5 Copyright © 2013 CA. All rights reserved.  The project which drove the Service Gateway Project: Manager’s Hub  1200 managers within Adobe  Need to approve invoices/sick leave/sabbatical forms/offer letters/etc. from internal applications (SAP) to SaaS services  The Manager’s Hub allows approvals to be done via smart phones, tablets and desktops – a mobile strategy  Second driver: SAP Hana Project  Implement 16 new services within Adobe and with select external vendors  Roll out on June 22, 2012  Deployed Development, Non-prod and Production in May 2012  Deployed first set of services into Production in June 2012 Problem 1 Solution: Service Gateway November 2011 until June 2012
  • 6. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 6 Copyright © 2013 CA. All rights reserved. Service Gateway: Business Capabilities & Benefits Capability Area Capability Description Business Benefits Policy • Consistent service based policies across the enterprise • Ability to customize policies to meet changing or unique requirements • Creation, deployment and enforcement Ability to provide a more predictable and reliable level of service for key business functions Service Level • Service Performance • Throughput, Availability and Utilization Tracked over Time • Enforce established SLAs • Rate limiting to protect backend services Visibility to service performance measures allowing the business to track how well SLAs are being met Security • Authentication and Authorization (OAuth, SAML) • Denial of Service Detection • Encryption • XML attack and intrusion prevention (i.e., nesting, injection) Protection of key resources through the use of state of the art security mechanisms Deployment • Virtual appliance (VMware, Amazon AMI, etc.) • Hardware based appliance • Relevant to our current environments Leverages existing investments and allows for expansion into new environments where services are being developed
  • 7. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 7 Copyright © 2013 CA. All rights reserved. Integration Principles, Technologies, Services and Tools REST, JSON, oAuth, SAML, X.509 Certs, PKCS, PCI-DSS, TLS, EDIINT (AS2), EDIFACT, ANSI X.12, SFTP, HTTP/HTTPS, XML, Xpath, XML Schema, XSLT, SOAP, WS-Security, WS- Trust, WSDL, WS-Policy, JMS TIBCO BW TIBCO EMS web Methods Informatica SAP PI Tumble weed Corticon PGP Apache CXF 7 Support Forum Self-Service Portal Online Training Virtual Dev Lab Service Composition Advanced Messaging Database Integration Event Processing Distributed Cache Managed File Transfer Service Access & Governance B2B Integration Business Rules Mgmt Loose Coupling, Simplicity, Service Orientation, Global Access, Cloud Capable, Reusability, Reliability, Transparency Enabling Standards and Technologies Products iPaaS Services iPaaS Tools (Self Service) Architecture Principles Layer 7 Gateway Layer 7 API Portal
  • 8. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 8 Copyright © 2013 CA. All rights reserved. Service Gateway Use Cases: Priorities Use Case Use Case Use Case * REST to SOAP Mediation Apply Policies Based on Message Data * Resiliency Cross-Domain Service Mediation Dynamic Endpoint Lookup * Scalability * Authentication and Authorization Distributing Policies to Service Gateway Load Balancing * Logging and Auditing Service Level Management SSL Offload * Unexpected Velocity of Transactions Monitoring Health of the Service Gateway * Required – all else is a must have but can initially live without
  • 9. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 9 Copyright © 2013 CA. All rights reserved.  The Gateway is faster at processing than the software in the backend – be prepared to throttle back the velocity of data!  Some authentication models may not be approved for use by your security teams  Today, we use IMS or SSO tokens and validate against IMS or OpenAM server  Originally, we wanted to use oAuth  Speed of adaption  Originally we thought we’d have at least one year to ramp up  Once it went live, EVERYONE wanted to use it  Our current volume is higher than we thought we’d be after one year – plan for rapid adaption Concerns and Caveats Service Gateway
  • 10. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 10 Copyright © 2013 CA. All rights reserved.  Require a single location to find all the APIs flowing through the Service Gateway  Track usage of the APIs  Discovery of reusable APIs  Documentation  Sample code Problem 2 Solution: API Portal From April 2012 to August 2012
  • 11. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 11 Copyright © 2013 CA. All rights reserved. API Portal
  • 12. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 12 Copyright © 2013 CA. All rights reserved. Enterprise APIs 1. Publish & Secure APIs 2. Onboard Developers 3. Monetize your APIs Developer Technical/Security Architect Web Administrator Business Manager 4. Close the Loop API Portal API Portal: Part of Layer 7’s Turnkey Solution
  • 13. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 13 Copyright © 2013 CA. All rights reserved.  All want the benefits of the portal but not the work  Documentation needs to be completed according to templates we’ve shared  Most teams do not want “another set of templates” even though the value is clear  Adaption is slower than anticipated  Reticence by some of our business units to use an IT-owned and operated application Concerns and Caveats API Portal
  • 14. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 14 Copyright © 2013 CA. All rights reserved.  Developers look to off-load security work to the Service Gateway for all their APIs – can’t keep up with demand!  InfoSec looks to the Service Gateway to ensure data is compliant with internal policies  Network Security looks to the Service Gateway to monitor attacks from the outside (we get scanned for vulnerabilities about once every 3 days)  Statistics after one year (ahead of forecast): Today Ave. Calls Per Minute/Hour 95/5700 Max Calls Per Minute/Hour 907/54,420 Total Number of APIs 29 Number of BUs 7
  • 15. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 15 Copyright © 2013 CA. All rights reserved.  Had two problems to solve: a central gateway for all services and APIs and a central registry for all those services and documentation  Caveats  Agreements by all (security and application owners) prior to production roll-out  General agreements by all developers to use API Portal Summary: A Few Words to Remember
  • 16. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 16 Copyright © 2013 CA. All rights reserved. Q&A