securely enable the open enterprisesecurely enable the open enterprise shirief nosseir security...
TRANSCRIPT
© 2013 CA. All rights reserved.
1 © 2014 CA. All rights reserved.
© 2013 CA. All rights reserved.
Securely Enable the Open
Enterprise
Shirief Nosseir
Security Business Lead – Eastern & Africa
17 June 2014
© 2013 CA. All rights reserved.
2 © 2014 CA. All rights reserved.
Key initiatives for IT security organizations
Enable the Business Protect the Business
DELIVER SECURE NEW
BUSINESS SERVICES
PROTECT AGAINST
INSIDER THREATS AND
TARGETED ATTACKS
SECURE THE MOBILE,
CLOUD-CONNECTED
ENTERPRISE
Big Data Targeted Attacks
Insider Threat
Collaboration Cloud
Social Logins Mobility
Internet of Things
© 2013 CA. All rights reserved.
3 © 2014 CA. All rights reserved.
Some of our security credentials
3
1983
13,000+
1 Billion /
month
150+ million
CA Security Solutions
© 2013 CA. All rights reserved.
4 © 2014 CA. All rights reserved.
Key initiatives for IT security organizations
Enable the Business Protect the Business
DELIVER SECURE NEW
BUSINESS SERVICES
PROTECT AGAINST
INSIDER THREATS AND
TARGETED ATTACKS
SECURE THE MOBILE,
CLOUD-CONNECTED
ENTERPRISE
Big Data Targeted Attacks
Insider Threat
Collaboration Cloud
Social Logins Mobility
Internet of Things
© 2013 CA. All rights reserved.
6 © 2014 CA. All rights reserved.
Life without API Management
Enterprise Applications
& Data
© 2013 CA. All rights reserved.
7 © 2014 CA. All rights reserved.
Life without API Management
Enterprise Applications
& Data
Unmanageable
Maintenance Security Performance
© 2013 CA. All rights reserved.
8 © 2014 CA. All rights reserved.
Throttling
Caching
Metering / SLA
Developer Mgt
Transformation
Security
Access Control
Mediation
Web API is the New Web Interface
Enterprise Applications
& Data
…
© 2013 CA. All rights reserved.
9 © 2014 CA. All rights reserved.
Brave New World: Transform Backend Silos Into APIs
Enterprise Applications
& Data
…
Mobile Apps
Partners / Divisions
External Developers
Cloud Services
Internet of Things
Social Registration
Throttling
Caching
Metering / SLA
Developer Mgt
Transformation
Security
Access Control
Mediation
© 2013 CA. All rights reserved.
10 © 2014 CA. All rights reserved.
Enabling Developers To Find & Use Your Services
1
Layer 7 API Developer Portal
Layer 7 API Gateway
> Runtime >
Mobile Developers
< Design Time <
Mobile / IoT Apps
© 2013 CA. All rights reserved.
11 © 2014 CA. All rights reserved.
Decentralized National Healthcare
Results:
• Reduce costs
• Improve quality
of healthcare
• Protect patient
record privacy
Problem: the government needed to reduce healthcare admin &
overhead costs
Solution: decentralized solution that securely pulls patient
information from healthcare providers nationwide, and
assembles them to create a complete patient record on demand
© 2013 CA. All rights reserved.
12 © 2014 CA. All rights reserved.
Telco: Publishing Telecom APIs
Problem: publicly exposing Telecom APIs presents some unique challenges
around how they get packaged, secured and managed for easy consumption
Solution: policy-based controls allowed defining the identity and security for
their APIs; track usage; monitor interface health; and update APIs without
breaking client applications
Results: an agile IT platform on which to develop new offerings faster and at
less cost by reusing/recomposing existing services
© 2013 CA. All rights reserved.
14 © 2014 CA. All rights reserved.
Advanced authentication & fraud detection
Layer 2
Strong / Appropriate Authentication
Convenience Cost Security
Layer 1
Invisible Risk-Based Authentication
0 100
30
50
70
© 2013 CA. All rights reserved.
15 © 2014 CA. All rights reserved.
Advanced authentication & fraud detection
Layer 2
Strong / Appropriate Authentication
Convenience Cost Security
Layer 1
Invisible Risk-Based Authentication
0 100
30
50
70
OTP can be delivered by SMS, voice or email
© 2013 CA. All rights reserved.
16 © 2014 CA. All rights reserved.
1CE59A451B257C1
1DC1A4596B79B21
159CA7C8439BA31
1A964942B5AC5B1
1E459FC479C3B41
17675ABC59DE371
1996C2A7EF64DA1
1CE59A451B257C1
1DC1A4596B79B21
159CA7C8439BA31
1A964942B5AC5B1
1E459FC479C3B41
17675ABC59DE371
1996C2A7EF64DA1
Standard
Software
Key
Container
Key Rule: Hex, Begins and Ends with 1
●
●
●
●
●
●
●
●
●
●
●
●
Brute Force
Library Attack
6 digit PIN,
1 million results
A2B199C7CD39J51
156F85A750265BA
17FA3FF43B82C6D
C1399D66A114E65
1E459FC479C3B41
B4D3A1E75294A4D
ArcotID
Software
Key
Container
Protected Key:
1E459FC479C3B41
Protected Key:
1E459FC479C3B41
Are all soft tokens secure?
1
Pate ted Cryptographic Ca ouflage
• Each is a
plausible result
• The only way to
determine
correct key is to
sign a challenge
and send it to the
AuthMinder
Authentication
Server
Brute Force
Library Attack
© 2013 CA. All rights reserved.
17 © 2014 CA. All rights reserved.
CA Advanced Authentication endorsements
1
“Si e the i e tio of pu li key ryptography 25 years ago, people have been struggling to secure the private key
without the assistance of hardware.
Arcot’s innovative Cryptographic Camouflage* has solved this
problem. Finally there is a cost-effective and convenient
means to strongly authenticate users and transactions over
the internet without the need for cumbersome hardware. * patent 7,170,058
Dr. Martin E.Hellman
Professor Emeritus
Stanford University
Inventor of PKI
Dr. Taher Elgamal
PhD – Stanford
Inventor of SSL while
at Netscape
“Perhaps o e of the eakest li ks i a essi g i porta t internet assets is a strong tie between the user and the areas
they have the right to access. The use of a simple user name-
password mechanism is truly a weak link.
What is unique about Arcot’s approach is that it is both
strong and people friendly..
© 2013 CA. All rights reserved.
18 © 2014 CA. All rights reserved.
CA AuthMinder – Flexibility
Authentication Methods
Authentication Interfaces
OpenID SAML Challenge/ Response
RADIUS Custom
Response
LDAP Mainframe
Other Proprietary Q&A OATH
OTP- SMS, Email
CAP/ DPA
Callout
• Notifications,
• Alerts, Reports
SiteMinder and other WAMS
ArcotID OTP
ArcotID PKI
ID Proof
• Policy Server
• Business Rules
• Config AuthN Engine
© 2013 CA. All rights reserved.
20 © 2014 CA. All rights reserved.
Optimized Customer Experience – A key Differentiator
Security Policy
Session
Management
Web
Mobile
Browser
Rich
Mobile
App
Application
Application
Application
AP
I M
an
ag
em
en
t
Employees
Partners
Customers
Identity
Stores
Security
Policies
Advanced
Authentication
Acc
ess
Ma
na
ge
me
nt
Next
Cool
Thing
Application
Security Business Lead – Eastern & Africa
@cainc
Slideshare.net/CAinc
linkedin.com/company/ca-technologies
ca.com
Shirief Nosseir
Thank You