Upload
ca-technologies
View
67
Download
0
Embed Size (px)
Citation preview
World®’16
CriticalConsiderationsforMobileandIoT StrategyK.ScottMorrison- DistinguishedEngineer- CATechnologies
DO3X80V
DEVOPS
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
Intoday'sdigitaleconomy,whenthegrowthofmobileappsandInternetofThings(IoT)devicesisexplodingeverywhere,it’simportanttounderstandhowtoplanforsuchgrowthwithinyourenterprise.Considerationsrangefromsecurity,integration,identitymanagementandencryptiontoscalingforIoT architectures.JointhissessiontohearScottMorrisonexplainthesevencriticalconsiderationsformobileandIoT strategy.
K.ScottMorrisonCATechnologiesDistinguishedEngineer
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MobileOptimizationIsNowaGivenforBusinessProcesses
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD4
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TopEnterpriseMobilityConcerns1
1SOTISurveyresults:118ITDMsresponded,September22-29,2015
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD6
✓ Networkseparation✓ NoprogrammaticaccessfromthepublicInternet✓ Safetythroughtotalisolationandcontrol
IntheOldDays,AppsLivedInsidetheFirewall
DatabaseWebAppServers
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD6
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD7
✓ Appshandle(andmishandle)usercredentials✓ Firewallsdesignedtoinspecthuman-readablemarkupcanmissAPIattackvectors✓ Securitystandardsdesignedforenterprise(e.g.WS-*,SAML)arenotidealforlightweightmobileapps
ButNowMobileAppsNeedProgrammaticAccesstoBusinessServices…
DataTiersBusinessServiceAPIs
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD7
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
••http://recode.net/2014/10/13/snapchat-blames-third-party-apps-for-hack-raising-questions-about-its-own-api/••http://www.programmableweb.com/news/why-attack-buffer-was-serious-wake-call-web/analysis/2013/11/04SocialMediaServices
••http://www.programmableweb.com/news/yahoo-breach-involved-api-servers/elsewhere-web/2014/10/07LeadingWebPortal
••http://www.shubhro.com/2014/12/18/reverse-engineering-kayak-mitmproxy/TravelBroker
••http://www.developer-tech.com/news/2015/jan/08/moonpigs-api-breach-could-cost-its-business/DotComCompany
••http://www.securityweek.com/api-vulnerability-exposed-accounts-delmarva-power-customersEnergyCompany
••http://www.pcworld.com/article/2138400/hacked-passwords-can-enable-remote-unlocking-tracking-of-tesla-cars.htmlAutoManufacturer
OldPerimeterSecurityMechanismsAreFailing
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD9
✓ Adoptnewaccesscontrolsdesignedtopreventmishandlingofusercredentials✓ IncludeAPIfirewalls✓ Replaceorbridgetoexistingsecuritysystems
ButNowMobileAppsNeedProgrammaticAccesstoBusinessServices…
DataTiersBusinessServiceAPIs
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD9
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TopEnterpriseMobilityConcerns1
1SOTISurveyresults:118ITDMsresponded,September22-29,2015
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TheDemandforMobileAppsHasExceededIt’sAbilitytoDeliver
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MobileRealEstateInspiresaWholeNewLifestyle
©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD12
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD13
TheFirstWayMostBusinessFailatMobilityIsbyAttemptingtoStuffTheirCustomerand/orEmployeePortalsIntoaMobileBrowser
Itdoesn’tfit…
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD13
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CC#2:OfferingAppsThatSuittheMobileLifestyle
• Concentrateonfocusedexperiences
• Plantousenativedevicecapabilities
• Avoidfrustratingtextinput(e.g.forlogin)
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
We’reTotallyDifferentPeopleWhenWe’reMobile
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD15
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MobileUsersAre
Busy,Distracted
&Impatient
©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD16
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CC#3:SupportingIdentitiesThattheUserAlreadyTrusts
Doesn’tallowingtheuseofsomeoftheseidentitiesopenupnewrisksforexploitssuchasidentitytheft?Yes,indeed,buttherearewaystomitigatetheserisksinwaysappropriatetoyourbusiness…moreaboutthatlater.
ü SocialIdentities
ü BankCards
ü Phonenumbers
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TopEnterpriseMobilityConcerns1
1SOTISurveyresults:118ITDMsresponded,September22-29,2015
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
IntegrationIsStilltheBiggestCostinMobileProjects
20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HowMobilityIsUsedTodayinYourOrganization?1
1SOTISurveyresults:118ITDMsresponded,September22-29,2015
21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CC#4:PlanforIntegrationsWithEnterpriseSystems
ü EnterpriseUserDirectory
ü EnterpriseApplications
ü WebPortalInfrastructure
22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TopEnterpriseMobilityConcerns1
1SOTISurveyresults:118ITDMsresponded,September22-29,2015
23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DataLossIsaSeriousThreatintheMobileWorld
23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD24
✓ Ondevice✓ Duringtransmission✓ Atrestinenterpriseorcloud
EncryptALLoftheData
CloudStorage
OnPremStorage
OnDeviceStorage
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD24
25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CC#5:StoreandTransferEnterpriseDataSecurely
ü ConsiderusingPrivateClouds
ü Alwaysencrypton-devicedata
ü Keepdatainmotionencrypted
26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TopEnterpriseMobilityConcerns1
1SOTISurveyresults:118ITDMsresponded,September22-29,2015
27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
EnablingCommunication&CollaborationIstheNextBigThing
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD27
28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CC#6:FosterCommunication&Collaboration
Buildcommunicationfeaturesinyourapp
Exchangeyourdataviasecure channels
Implementbi-directionalreal-timenotifications
29 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TheFutureIsAlreadyHere– It’sJustNotEvenlyDistributed
©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD29
30 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CC#7:StartPlanningforaScalableIoT Architecture
PlanfordeployingIoTaggregators/Gateways
ü Lesssophisticatedendpointdevicesü ConsolidatedisparateendpointprotocolsintotheIoT
platformprotocolü Consolidateandscaledevicemanagementü Addintelligencetoperformanalytics
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD31
OurEnterpriseMobile&IoTVision
Simplifycomplexsecurity,interactivityandbackendintegrationchallengesusing
developer-friendlyinterfaces
Increase theSpeedofEnterpriseMobileAppDevelopment
UnlockEnterpriseDataShare
DataSecurely
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD32
UnlockEnterpriseData
RapidCreationofEnterprise-classAPIsFromDataSources
UnlockEnterpriseDataShare
DataSecurely
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD33
SecureMobileCollaboration
EnterpriseMobile&IoTCollaboration,MadeSimple andSecure
UnlockEnterpriseDataShare
DataSecurely
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD34
Essentialmobileservices,deliveredsafeandsecure✓ DeliverIoTandMobileappsfaster✓ Reducesecurityexposure✓ Gaincontroloverfoundationservices
CAMobileAppGateway/MobileAppServices
SecureMassStorage
UserDirectory
SecurePub/Sub
SDK
SDK
SDK
• Simplifiedauthenticationandtokenmgmt.• SecureMQTTPub/Submessaging• Securecloudandon-devicestorage• Dynamicuser/groupmgmt.
AuthenticationandAPISecurity
Device-nativeSDKs
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD34
35 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SevenCriticalConsiderationsforMobileandIoT Strategy
1. Ensuringthesecurityofenterprisedataandservices2. Offeringappsthatsuitthemobilelifestyle3. Supportingidentitiesthatusersalreadytrust4. Preparingforintegrationwithenterprisesystems5. Encryptingdatastillandinmotion6. Fosteringcommunicationandcollaboration7. PlanningforascalableIoTarchitecture
World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD35
36 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Questions?
37 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Stayconnectedatcommunities.ca.com
Thankyou.
38 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DevOps– APIManagementandApplicationDevelopment
FormoreinformationonDevOps– APIManagementandApplicationDevelopment,pleasevisit:http://cainc.to/DL8ozQ