layer 7 mobile security workshop with ca technologies and forrester research inc
DESCRIPTION
The bring-your-own-device (BYOD) trend is in full swing as the growth of mobile devices within the enterprise explodes. How do you enable secure data access for mobile applications? How do you deal with user authentication? How do you allow broader adoption of enterprise applications on user owned devices? CA and Layer 7 outline solutions to these issues, explore different approaches to mobile security, and use case studies to illustrate how others have solved these problems. This workshop was all about: • The latest mobile trends and opportunities • Emerging mobile risks and how these can be addressed • A reference architecture for secure enterprise mobilityTRANSCRIPT
The IAM-as-an-API Era Has Arrived And You Can Blame/Thank Mobility
Eve Maler, Principal Analyst, Security & Risk
Mobile Security Workshop February 7, 2013
© 2012 Forrester Research, Inc. Reproduction Prohibited
Agenda
! Consumerization of IT and its cousins are challenging IAM traditions
! Apply Zero Trust to your identity, security, and agility problems in "bring-your-own" environments
! Leverage emerging technologies to provide identity services that are mobile-cloud ready
3
“It was Colonel Mustard in the research library with a smartphone…”
© 2012 Forrester Research, Inc. Reproduction Prohibited
The future of IT is bring-your-own everything
5
Partner apps
On-premises enterprise apps
SaaS apps
Employees Contractors
Partners Members
Enterprise computers
Enterprise-issued devices
Personal devices
Public computers
Customers
Apps in public clouds
Apps in private clouds
App sourcing and hosting
App access channels User populations
Source: March 22, 2012, Forrester report “Navigate The Future Of Identity And Access Management”
© 2012 Forrester Research, Inc. Reproduction Prohibited
Genentech’s Salesforce app trumps native Salesforce.com
Source: Genentech webinar
© 2012 Forrester Research, Inc. Reproduction Prohibited
Steve Yegge describes why
7 Source: Rip Rowan on Google Plus
[Jeff Bezos] issued a mandate that was so out there, so huge and eye-bulgingly ponderous, that it made all of his other mandates look like unsolicited peer bonuses. … “1) All teams will henceforth expose their data and functionality through service interfaces.” …
Like anything else big and important in life, Accessibility has an evil twin who, jilted by the unbalanced affection displayed by their parents in their youth, has grown into an equally powerful Arch-Nemesis (yes, there's more than one nemesis to accessibility) named Security. And boy howdy are the two ever at odds.
But I'll argue that Accessibility is actually more important than Security because dialing Accessibility to zero means you have no product at all, whereas dialing Security to zero can still get you a reasonably successful product such as the Playstation Network.
… and the next challenge
© 2012 Forrester Research, Inc. Reproduction Prohibited
Now many APIs have direct business models, all enabling mobile
8
Source: John Musser of ProgrammableWeb.com
“Classic” IAM: Sounds awesome, maybe later?
Source: satterwhiteb | CC BY 2.0 | flickr.com
© 2012 Forrester Research, Inc. Reproduction Prohibited
Didn’t we already solve the web services security problem?
Transport-layer solutions Platform-specific solutions XML signature, XML encryption, XML canonicalization WS-Security, WS-Trust, WS-I Basic Security Profile SAML ID-WSF
10
© 2012 Forrester Research, Inc. Reproduction Prohibited
The API economy forces you to confront the webdevification of IT
11
value X
friction Y
© 2012 Forrester Research, Inc. Reproduction Prohibited
Agenda
! Consumerization of IT and its cousins are challenging IAM traditions
! Apply Zero Trust to your identity, security, and agility problems in "bring-your-own" environments
! Leverage emerging technologies to provide identity services that are mobile-cloud ready
12
© 2012 Forrester Research, Inc. Reproduction Prohibited
In Zero Trust, all interfaces are treated as untrusted
13
Apply Zero Trust all the way up the stack, including – most particularly – identity and access management functions.
Source: November 15, 2012, “No More Chewy Centers: Introducing The Zero Trust Model Of Information Security” Forrester report
© 2012 Forrester Research, Inc. Reproduction Prohibited
Plan for inward, outward, and circular identity propagation
14 Source: March 22, 2012 “Navigate The Future of IAM” Forrester report
Organization serves asan identity server for
business functions
Organization serves asan identity client of
user stores
A security token service (STS)handles token issuance, translation,and consumption.
Staffuser store
Consumeruser store
Internal to theorganization
At externalpartners
Exposed tocustomers
For functions internalto the organization
Staffuser store
Institutionaluser store
Consumeruser store
© 2012 Forrester Research, Inc. Reproduction Prohibited
Go from IDaaS to IAM-as-an-API
15 Source: March 22, 2012 “Navigate The Future of IAM” Forrester report
The business app’sown API determinesaccess controlgranularity
Robustly protect allinterfaces, regardlessof their sourcingmodel
Back-end apps, web apps, mobile apps . . .
API clientAPI client
Internet
Web service and app APIs
Scale-outinfrastructure
API façade pattern
IAMinfrastructure
Applying the patternto IAM functions
IAM API client IAM API client
APIs for authentication,authorization, provisioning . . .
Business apps
Internet
© 2012 Forrester Research, Inc. Reproduction Prohibited
Who’s already doing it?
16
© 2012 Forrester Research, Inc. Reproduction Prohibited
Agenda
! Consumerization of IT and its cousins are challenging IAM traditions
! Apply Zero Trust to your identity, security, and agility problems in "bring-your-own" environments
! Leverage emerging technologies to provide identity services that are mobile-cloud ready
17
New identity solutions disrupt…but attract.
Source: tom-margie | CC BY-SA 2.0 | flickr.com
Or, The good thing about reinventing the wheel is that you can get a round one.*
*Douglas Crockford, inventor of JavaScript Object Notation (JSON)
© 2012 Forrester Research, Inc. Reproduction Prohibited 19 Source: October 2012 “TechRadar™ For Security Pros: Zero Trust Identity Standards, Q3 2012”
Emerging IAM standards have an edge over traditional ones for Zero Trust
Key features: • Governance • Hubris
Key features: • “Solving the right problem” • Enterprise-only scope
Key features: • Agility • Mobile/cloud friendliness • Robustness
© 2012 Forrester Research, Inc. Reproduction Prohibited
The new Venn of access control for the API economy
20
© 2012 Forrester Research, Inc. Reproduction Prohibited
Web 2.0 players invented OAuth just to solve the “password anti-pattern”
21
© 2012 Forrester Research, Inc. Reproduction Prohibited 22
WS-SECURITY IN THE MODERN ERA IS PRONOUNCED “OAUTH”
What it really does is let a resource owner delegate constrained access
© 2012 Forrester Research, Inc. Reproduction Prohibited
OAuth can help manage risk, cost, and complexity
Gets client apps out of the business of storing passwords Friendly to a variety of user authentication methods and user devices, including smartphones and tablets Allows app access to be tracked and revoked on a per-client basis Allows for least-privilege access to API features Can capture explicit user authorization for access Lowers the cost of secure app development Bonus: provides plumbing for a much larger class of needs around security, identity, access, and privacy
23
FOR INTERNET-SCALE ZERO TRUST, YOU NEED IT ALL
© 2012 Forrester Research, Inc. Reproduction Prohibited
Use case: consumer-facing web and mobile apps
Third parties offer productivity apps to eBay sellers who list items and do other tasks through the eBay API. These apps never see the seller’s eBay credentials. They don’t merely “impersonate” the seller. The app can take action even if the user is offline.
EBAY HAS “CHANNEL PARTNERS” THAT CREATE APPS FOR SELLERS
eBay seller (in resource owner role)
eBay (in authorization server
and resource server roles)
Third-party seller app (in client role)
24
© 2012 Forrester Research, Inc. Reproduction Prohibited
Use case: B2B and business SaaS app integration through SAML SSO
Partner apps integrate with the construction firm’s valve-design service. On-site partner engineers log in to their home systems through a company-issued tablet. They can then use special apps that call the valve-design service, bootstrapped by SAML.
CONSTRUCTION FIRM LETS PROJECT PARTNERS “SSO IN” TO APIS USING NATIVE APPS
Partner workforce member (in resource owner role)
Construction firm (in authorization server
resource server, and SP (RP) roles)
Partner app (in client and IdP roles)
25
© 2012 Forrester Research, Inc. Reproduction Prohibited
Use case: “Two-legged” userless protection of low-level web service calls
Includes services such as sales tax calculation, shipping label formatting, credit card number verification, and HTML code checking. In all use cases: The two servers are typically separate but communicate in a proprietary fashion.
EBAY SECURES INTERNAL SERVICES TO MEET AUDITING AND COMPLIANCE GOALS
eBay service (in resource server role)
eBay calling app (in client role)
26
eBay STS (in authorization server role)
© 2012 Forrester Research, Inc. Reproduction Prohibited
OpenID Connect turns SSO into a standard OAuth-protected identity API
SAML 2.0, OpenID 2.0
27
OAuth 2.0 OpenID Connect
X
Initiating user’s login session Not responsible for collecting user consent
High-security identity tokens (SAML only)
Distributed and aggregated claims
Session timeout
X
X
Dynamic introduction (OpenID only)
X Not responsible for session initiation Collecting user’s consent to share attributes
No identity tokens per se X
Client onboarding is static X
No claims per se; protects arbitrary APIs X
Initiating user’s login session Collecting user’s consent to share attributes High-security identity tokens (using JSON Web Tokens)
Distributed and aggregated claims
Session timeout (in the works)
Dynamic introduction
No sessions per se X
© 2012 Forrester Research, Inc. Reproduction Prohibited
Where SAML is “rich,” OpenID Connect holds promise for “reach”
Already exposing customer identities using a draft OpenID Connect-style API
Working to expose workforce identities through OpenID Connect
LOB apps and smaller partners can get into the federation game more easily; complex SAML solutions will see price pressure over time
28
© 2012 Forrester Research, Inc. Reproduction Prohibited 29
Same user assumed on both sides of the
equation
Proprietary communication
between the servers*
The classic OAuth scenarios enable lightweight web services security
© 2012 Forrester Research, Inc. Reproduction Prohibited
OpenID Connect also has limitations
30
The IdP/AP split requires brokering
Same user on both sides of the equation
© 2012 Forrester Research, Inc. Reproduction Prohibited
UMA turns online sharing, with arbitrary other parties, into a “privacy by design” solution
31
I want to share this stuff selectively, in an efficient way • Among my own apps • With family and friends • With organizations
I want to protect this stuff from being seen by everyone in the world, from a central location
Historical Biographical Reputation Vocational User-generated Social Geolocation Computational Biological/health Legal Corporate ...
© 2012 Forrester Research, Inc. Reproduction Prohibited
What about config-time synchronization? “I DON’T ALWAYS SYNCHRONIZE, BUT WHEN I DO, I PREFER SCIM”
Synch solution proposed by
software vendors in the last decade:
Service Provisioning Markup Language
(SPML)
The winner: A RESTful identity
synch API, protectable by
OAuth, endorsed by cloud providers:
System for Cross-domain Identity
Management (SCIM)
Maximum PII disclosure,
brittleness, and authorization
latency: Nightly secure FTP sessions to transfer CSV files containing
employee records
HR, auditors
© 2012 Forrester Research, Inc. Reproduction Prohibited
So, what should you do next? Get ready: Zero Trust is pulling along new Security solutions to meet Accessibility needs
33
© 2012 Forrester Research, Inc. Reproduction Prohibited 34
Expose accessible identity APIs for (all and only) what you’re authoritative for
© 2012 Forrester Research, Inc. Reproduction Prohibited 35
Assist your smaller partners in exposing identity APIs you can begin relying on
© 2012 Forrester Research, Inc. Reproduction Prohibited 36
Count on mobility to disrupt old security paradigms and pull API security to the fore
Thank you Eve Maler +1 617.613.8820 [email protected] @xmlgrrl, +Eve Maler
Secure Mobility: Reward & Risk
February 7, 2013
Jason Hammond, CISSP Advisor, Solution Strategy
Transformational Power of Mobility
New Mobile Risks
Mobile Security Framework
CA Secure Mobility Solutions
Agenda
2 Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
3
Mobility Transforms the Customer Experience How do you plan to leverage mobile customer engagement?
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
*Mobile is the New Face of Engagement, Forrester Research, Inc., Feb 13, 2012
More than half of business decision-makers will increase their mobile apps budget in 2012 as they look for better ways to engage with customers and partners.”*
“Mobile spend will reach $1.3 trillion as the mobile apps market reaches $55 billion in 2016.”*
$1.3 trillion
“Business spending on mobile projects will grow 100% by 2015.
Mobile is the New Face of Customer Engagement
Mobility Enables the Workforce How do you plan to leverage mobility to enable the workforce?
4 Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Security Concerns - % of “Very Significant”
How significant are the following security concerns to your organization for individually-owned mobile devices being used by employees for work?
Cost of providing technical support
26%
Lack of integration with traditional IT systems 29%
Legal data ownership issues 35%
Data on device will go with employee to next employer
41%
Compliance requirements 48%
Malware could be introduced to corporate network
58%
Device may be stolen and corporate data exposed
61%
n = 353
CISO Market Survey
*Source: Info Workers Using Mobile And Personal Devices For Work Will Transform
Personal Tech Markets, Forrester Research, Inc. February 22, 2012,
Multiple Users; Multiple Channels
Web
API
Mobile
Non-
Traditional
Devices
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Engage Mobile Users Multi-channel support
Security
Policy
Phone / Tablet
Native Mobile Apps
Phone / Tablet
Browsers
PC / Laptop
Browsers
Multi-Channel 360 Degree View Scale with Volume
6
New Mobile Risks
New Mobile Risks BYOD
• Consumerization
• Privacy expectations
• Personal and corporate data
• Legal liability Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted 8
New Mobile Risks Lost Devices
Size, mobility and
business impact of
data increases risk
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted 9
New Mobile Risks Disappearing Perimeter
Inhibits visibility and
control of data
Lack of visibility and
control of sensitive
information
Persistent sync of sensitive
information
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted 10
New Mobile Risks Mobile Usage Threats
Personal
download of
vulnerable apps
Users sharing
data between
apps
Exposed APIs to
threats
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted 11
Cloud Apps/Platforms & Web Services
SaaS
Enterprise Apps
On Premise
12
Identity is the new network perimeter
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Centralized identity service
to control access to all enterprise
applications (SaaS & on-
premise) Mobile employee
Customer
Partner User
Internal Employee
+ PURPOSE
SECURELY ENABLE ONLINE
BUSINESS
PROTECT THE BUSINESS
Reduce risk
Enable control & compliance
The “new balance” of security
GROW THE BUSINESS
Improve customer experience
Increase customer loyalty
IMPROVE EFFICIENCY
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted 13
Market Shift Mobile Device to Mobile Apps & Data Solutions
14 Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Device
Apps
Data IT
Management
(MDM)
Business Service
Innovation
(MEAP, IAM, MAM)
Data-Centric
Security
(Encryption, DLP)
Market Shift CA Security Focus on Mobile Apps & Data Solutions
15 Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Device
Apps
Data IT
Management
(MDM)
Business Service
Innovation
(MEAP, IAM, MAM)
Data-Centric
Security
(Encryption, DLP)
Market Shift CA Security Focus on Mobile Apps & Data Solutions
16 Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Device
Apps
Data IT
Management
(MDM)
Business Service
Innovation
(MEAP, IAM, MAM)
Data-Centric
Security
(Encryption, DLP)
Access
Management
Data Protection
API
Management
Advanced
Authentication App Wrapping
Mobile Security Framework Balancing security with business enablement
Access
Management
Advanced
Authentication
API
Management
Containerization
Data
Protection
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted 17
Reference Architecture
Inside Organization
Mobile Security Framework Balancing security with business enablement
1 Access Management
• AuthN, AuthZ
Cloud Services
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Mobile
19
Inside Organization
Mobile Security Framework Balancing security with business enablement
1 Access Management
• AuthN, AuthZ
• Multi-channel support
• Central policies
• 360 degree view of users
Cloud Services
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Web API
Mobile
20
Inside Organization
Mobile Security Framework Balancing security with business enablement
1 Access Management
• AuthN, AuthZ
• Multi-channel support
• Central policies
• 360 degree view of users
• SSO
• OpenID,OAuth2.0
Cloud Services
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Web API
Mobile
21
Inside Organization
Mobile Security Framework Balancing security with business enablement
1 Access Management
• AuthN, AuthZ
• Multi-channel support
• Central policies
• 360 degree view of users
• SSO
• OpenID,OAuth2.0
Cloud Services
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Web API
Mobile
Advanced
Authentication
• Multi-factor AuthN
• ID, Geographic
• Risk-based Auth
• Soft tokens
2
22
Inside Organization
Mobile Security Framework Balancing security with business enablement
1 Access Management
• AuthN, AuthZ
• Multi-channel support
• Central policies
• 360 degree view of users
• SSO
• OpenID,OAuth2.0
Cloud Services
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Web API
Mobile
Advanced
Authentication
• Multi-factor AuthN
• ID, Geographic
• Risk-based Auth
• Soft tokens
2
3 App Wrapping
• App AuthN, AuthZ &
Audit
• Support for custom
and 3rd party apps
• Connected and
offline security
23
Inside Organization
Mobile Security Framework Balancing security with business enablement
1 Access Management
• AuthN, AuthZ
• Multi-channel support
• Central policies
• 360 degree view of users
• SSO
• OpenID,OAuth2.0
Cloud Services
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Web API
Mobile
Advanced
Authentication
• Multi-factor AuthN
• ID, Geographic
• Risk-based Auth
• Soft tokens
2
3 App Wrapping
• App AuthN, AuthZ &
Audit
• Support for custom
and 3rd party apps
• Connected and
offline security
4 Data Protection
• In-motion & at-rest
• Classification
• Encryption
• Intelligent data-centric
security
Files
24
Inside Organization
Mobile Security Framework Balancing security with business enablement
1 Access Management
• AuthN, AuthZ
• Multi-channel support
• Central policies
• 360 degree view of users
• SSO
• OpenID,OAuth2.0
Cloud Services
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Web API
Mobile
Advanced
Authentication
• Multi-factor AuthN
• ID, Geographic
• Risk-based Auth
• Soft tokens
2
3 App Wrapping
• App AuthN, AuthZ &
Audit
• Support for custom
and 3rd party apps
• Connected and
offline security
4 Email
Files
Web Applications
5 Web Service Protection
• Secure API
• Audit integration
• Threat Protection
Data Protection
• In-motion & at-rest
• Classification
• Encryption
• Intelligent data-centric
security
25
Inside Organization
Mobile Security Framework Balancing security with business enablement
1 Access Management
• AuthN, AuthZ
• Multi-channel support
• Central policies
• 360 degree view of users
• SSO
• OpenID,OAuth2.0
Cloud Services
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted
Web API
Mobile
Advanced
Authentication
• Multi-factor AuthN
• ID, Geographic
• Risk-based Auth
• Soft tokens
2
3 App Wrapping
• App AuthN, AuthZ &
Audit
• Support for custom
and 3rd party apps
• Connected and
offline security
4 Email
Files
Web Applications
5 Web Service Protection
• Secure API
• Audit integration
• Threat Protection
CA AuthMinder
& RiskMinder
CA SiteMinder
CA DataMinder
Future
CA SiteMinder
Data Protection
• In-motion & at-rest
• Classification
• Encryption
• Intelligent data-centric
security
26
Benefits
ENABLE MOBILE ENGAGEMENT • Support access across range of
channels: platforms, OS, apps • 360° view of the user enhances each
moment of engagement • Seamless and convenient experience
REDUCE RISKS • Mitigate the risk of physical access • Enable secure access to cloud
services • Intelligent data-centric security
reduces human error • End-to-end security stays through life
of the data
BYOD • Separate corp. & personal apps and
data • Support corp. data investigation, user
privacy expectations and reduction in corp. liability
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted 27
Thank You!
legal notice
© Copyright CA 2012. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their
respective companies. No unauthorized use, copying or distribution permitted.
THIS MEDIA IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the
information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS MEDIA “AS IS” WITHOUT WARRANTY OF ANY
KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connection with this
presentation, including, without limitation, lost profits, lost investment, business interruption, goodwill, or lost data, even if CA is
expressly advised of the possibility of such damages.
Certain information in this presentation may outline CA’s general product direction. This presentation shall not serve to (i) affect
the rights and/or obligations of CA or its licensees under any existing or future written license agreement or services agreement
relating to any CA software product; or (ii) amend any product documentationor specifications for any CA software product. The
development, release and timing of any features or functionality described in this presentation remain at CA’s sole discretion.
Notwithstanding anything in this media to the contrary, upon the general availability of any future CA product release referenced in
this media, CA may make such release available (i) for sale to new licensees of such product; and (ii) in the form of a regularly
scheduled major product release. Such releases may be made available to current licensees of such product who are current
subscribers to CA maintenance and support on a when and if-available basis.
Copyright © 2013 CA Technologies. All rights reserved. No unauthorized copying or distribution permitted 29
Mobile APIs And The New Governance K Scott Morrison CTO
February 2013
Democracy is the worst form of government,
except for all those other forms that have been tried
from 9me to 9me. Sir Winston Churchill
Governance
Governance appeals to the architect in us!
Yet there is an imbalance between!run time and design time governance!
Secure Zone
Application Servers
Firewall
DMZ
Trading Partner
Vendors are happy to provide tooling
Enterprise Network
PEP
Registry
Directory
Repository
Workflow
But this never caught on with the developers
Controlling, not enabling
Change Agent
Client Server
Contractor Regular
Outside Inside
Partner Enterprise
Partner Enterprise No Affiliation
Us Them
Here is the new group to manage!
The New Roles!
API Client Developers
API Server Developers External Internal
Governance Fails Here
Marketing is taking control!
CMO API Developer
Security Officer
Business Manager
Product Manager
IT Needs To Own This
Learn from modern development!
Agile!Simple!Courageous!
Bug Report:! File properties.xml isn’t, well, XML…!
It’s about the app!
But simple can under define!
Look to habit!
Combine components to solve problems!
What do we really need?
The Client!
Discovery Sign up Learning Experimen9ng Social Promo9on
Search CMS Wiki Browser/Explorer Forum
Blog
This is SDLC, 21st century-‐style
Don’t reinvent!
Let’s Build It.
The Challenge
Firewall 1
Enterprise Network
API Client
iPhone Developer
API Server
Firewall 2
Phone User
First We Need Identity
Firewall 1
Enterprise Network
API Client
iPhone Developer
API Server
Firewall 2
SiteMinder
We could try this to deal with firewalls…
Firewall 1
Enterprise Network
API Client
iPhone Developer
API Server
Firewall 2
SiteMinder
An API Gateway Is A Better Solution
Firewall 1
Enterprise Network
API Server
API Client
iPhone Developer
API Proxy
Firewall 2
SiteMinder
Now Add Client Developer Libraries For Authentication
Firewall 1
Enterprise Network
API Server
API Client
iPhone Developer
API Proxy
Firewall 2
SiteMinder
Finally, Add In An API Portal To Enable The New Governance
Firewall 1
Enterprise Network
API Server
API Client
iPhone Developer
API Portal
API Proxy
Firewall 2
SiteMinder
Our customers led us here!
Have we swung too far outside the enterprise?!
50%
The New Governance!
Documenta9on Discovery Approval Enforcement User Provisioning Community
WSDL Reg/Rep G10 PlaQorm Gateway IAM What’s that?
Wiki/Blog Search Email Gateway Portal Forum
Old New
What’s that?
Simple wins!
(But simple takes courage.)!
Democracy wins!
Layer 7 Confidential 44
The Forrester Wave™: API Management Platforms, Q1 2013
By Eve Maler and Jeffrey S. Hammond, February 5, 2013 Free Copy for all Attendees! Everyone who has attended today’s workshop will receive a free copy of this report in a follow up email from Layer 7. Keep an eye on your inbox.
The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
Picture Credits ² Antelope Canyon 4 by klsmith– stock.exchg ² Band silhoue=es by mr_basmt– stock.exchg
September 2012
K. Scott Morrison Chief Technology Officer Layer 7 Technologies 1100 Melville St, Suite 405 Vancouver, B.C. V6E 4A6 Canada (800) 681-9377 [email protected] http://www.layer7.com
For further information: