Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Security as an Enabler for the Digital World - CISO Perspective

3.973 visualizaciones

Publicado el

A successful API strategy requires a strong partnership between the business, IT, and security functions. Rather than as a hindrance, security increasingly is viewed as a business enabler, with CISOs and CSOs playing a critical role in implementing “guardrails” for safe, secure and compliant API services and security architectures free of unnecessary complexity.

Ultimately, a secure API platform enables developers and DevOps to focus on innovation—by improving the mobile user experience and deploying apps in the cloud, with appropriate security controls built-in. In this webcast, Apigee’s Subra Kumaraswamy and Saba Software CSO Randy Barr will explore how CISOs and CSOs partner with IT and business leaders for a safe and secure journey to cloud, SaaS, and mobile services.

Join to learn about:
- The role of the security officer in helping IT and business meet objectives
- How smart and secure API guardrails remove friction in consuming APIs while protecting sensitive data exposed via APIs.
- Best practices that work for an API centric enterprise

Download podcast: http://bit.ly/1B6h3TR

Publicado en: Software
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí

Security as an Enabler for the Digital World - CISO Perspective

  1. 1. Digital Security: The CISO Perspective Apigee @apigee Subra Kumaraswamy @subrak Randy Barr CISO, Saba Software
  2. 2. youtube.com/apigee
  3. 3. slideshare.net/apigee
  4. 4. @Subrak Subra Kumaraswamy Randy Barr
  5. 5. Agenda • The changing Digital landscape • Trends: technology and threats • Security enablers • Key takeaways
  6. 6. What’s keeping you up at night? 6 Data Theft
  7. 7. The Forces@Work Source: TheFutureOrganization.com
  8. 8. overwhelmed employee Talent Challenges@Work diversity
  9. 9. Trends
  10. 10. DevOps is growing exponentially
  11. 11. Node.js exploding
  12. 12. Breaches continue to haunt the enterprise Source: Verizon 2014
  13. 13. Paradox of choice
  14. 14. The changing landscape B A C K - E N D S Y S T E M S M O B I L E S E C U R I T Y APIs S O C I A L A N D S A A S Contextual & behavioral security Encrypt everything Identity-as-a-Service SaaS security/identity plugin Fraud detection APT security analytics E N D P O I N T S E C U R I T Y Digital security is shifting from defense to analytics (predictive) & prevention
  15. 15. Technologies driving digital transformations Mobile DevOpsCloud API
  16. 16. Digital security as an enabler
  17. 17. What’s the role of InfoSec in enabling digital transformation?
  18. 18. Top areas of CISO concern Source: Wisegate
  19. 19. The role of digital security: enabling DevOps
  20. 20. 20 • End-to-end security managed through configuration and global policies • Data-centric controls such as encryption, tokenization, and key management • Leverage API for security automation activities including patching, user and access management, logging, and auditing • Security verification through tool automation, aligned with SDLC: Dev->Stage->Prod Enabling DevOps
  21. 21. Role of digital security: enabling cloud Compliance Trust Architecture Identity and Access Availability Incident Response Data Protection Governance
  22. 22. 22 • Governance of Data and Identity • Security Architecture standard • Technology Services & Tools to Support: – Data Protection – Encryption/Hashing/Anonymization – Access management – Privileged and End Users – Threat monitoring and protection – Compliance (PCI, HIPAA) management – Availability Management – DDoS mitigation, Multi- region operation – Operational Hygiene – Patching, Logging, etc • Establish Incident Response with service provider Enabling cloud
  23. 23. • Most Cloud providers leverage this as their security story • This only covers the data centers policies, employees, standards – CCTV – 24x7x365 security personnel – Entry and Exits of facility • What about – When a server needs to be changed, it is not covered – When new employee at cloud provider starts it is not covered – Security Policies, Standards apply to cloud vendor – Monitoring of the environment – Business Continuity / Disaster Recovery – Incident Management – Vulnerability Penetration Testing – Etc. Data center security audit/assessments
  24. 24. Role of digital security: enabling mobile
  25. 25. 25 Enabling mobile • Leveraging solutions to perform automated scans • There are vendors that provide both automated and hands on reviews of mobile apps • Performed once a new version is uploaded to the store • Should perform – Run-time scanning (Dynamic and app logic analysis) – Network Scanning – Serverside scanning • Mobile security training • Rogue App monitoring
  26. 26. So how does API-first architecture manifest itself?
  27. 27. API-first architecture API Tier All Apps Analytics App Servers ESB Social Apps Web Apps Mobile Apps Backend Services OrchestrationPersistence Security Internet API services for mobile and cloud apps Consistent security across channels Developers IT security architect
  28. 28. Technologies driving digital transformations Mobile DevOpsCloud API
  29. 29. Information security must be able to meet governance requirements and manage compliance when handling PCI DSS or HIPAA use cases
  30. 30. Top technology considerations and takeaways • Focus on data-centric controls such as masking, encryption and hashing to protect data at rest. • Work closely with DevOps teams to “bake in” security controls into the orchestration layer and cloud hosting systems. • Leverage APIs to build consistent, secure and scalable mobile solutions. • Automate security monitoring and management using APIs. DeveloperUser APIApp API Team Backend
  31. 31. Security as a Enabler: Summary • Security is a competitive differentiator – IT security must remove barriers to enable business and developers/DevOps • DevOps (need for speed, flexibility) and InfoSec (need for consistent protection) go hand-in-hand • API-first architecture provides consistent security enforcement for mobile and cloud use cases DeveloperUser APIApp API Team Backend
  32. 32. @Subrak Subra Kumaraswamy Randy Barr Questions?
  33. 33. Thank You Apigee @apigee
  34. 34. Identity landscape in the digital world
  35. 35. •What drives adoption of cloud solutions within a company •Selecting IT solutions are as easy as reading the numbers off your credit card •Small implementations can lead to adoption by other users •Ability for mobility is key to further adoption of the solution •Growth leads to managing the solution •Security is then brought in Choices
  36. 36. SECURITY TRANSPARENCY • Reliance on Data Center Audits • Privacy • White papers with no details • Reluctant to share details citing protecting their existing customers • Customer audits • Cloud Controls Matrix • Consensus Assessments Initiative Questionnaire • Independent 3rd party report of Saba’s policies, standards and processes • SOC II Type II report • DR Executive Summary • Policies & Standards table of contents • Independent 3rd party penetration test • Network and Application Vulnerability executive report within 48 hours of request Completecustomervisibility
  37. 37. Enabling the DevOps to securely expose the back- end services with necessary authentication, authorization, message security, and Auditing
  38. 38. Security considerations • Authentication of Apps, APIs and Users: LDAP, active directory, SAML, OAuth, two-way TLS • User and role management • Protect sensitive data stored and processed in the cloud and mobile devices • Threat management (DoS, spikes, injection attacks) • Logging and auditing
  39. 39. Role of InfoSec

×