Security in the App Economy: How to Ride the Wave Without Wiping Out!
6 likes3,472 views
The document discusses the critical importance of security in the app economy, emphasizing the need for companies to adopt identity-centric security approaches to protect data while enabling business operations. It highlights the rapid increase in security breaches and encourages organizations to think like tech companies to remain competitive. Companies are advised to prioritize security in their applications, access strategies, and overall business practices to mitigate risks and enhance customer trust.
Security in the App Economy: How to Ride the Wave Without Wiping Out!
- 1. SESSION ID: #RSAC Michelle Waugh Security in the App Economy How to Ride the Wave Without Wiping Out! SPO1-W02 Vice President, Security Solutions CA Technologies
- 2. Are you rolling out new apps & services to your customers?
- 3. Are you using security to improve customer engagement?
- 4. Are you leveraging security to enable and drive business?
- 5. Have you had a breach in the last year -as far as you know?
- 6. #RSAC Today, Every Company is a Software Company. Are You? 6 From sneaker company to data enabled athletic brand. From book seller to insight driven delivery service, cloud servicer and entertainment hub. From UK Grocer to global consumer retailer leveraging data and technology that reframes the shopper experience. In 2014, CEOs must focus on leading their organizations to think like and become more like “tech” companies, because within a few years, digital business capabilities will dominate every industry. Urgent action is needed because first-mover advantage is common in digital business, and fast followers must be very fast. Gartner; “CEO Resolutions for 2014—Time to Act on Digital Business”; Mark Raskino; March 5, 2014
- 7. #RSAC 7 #RSAC Traditional Approach to Security
- 8. #RSAC#RSAC Security in the Open Enterprise
- 9. #RSAC Ripped from the Headlines
- 10. #RSAC Security concerns the top obstacle in app economy#1 -- CA Technologies with Vanson Bourne Overall IT spend devoted to Security over next 3 years >25% Leaders saw revenue increase for security- enabled services (18% of Laggards) 47% Security priority for business is improving mobile experience #2 Increase in breaches YoY from 2013 to 2014 78% #RSAC Security
- 11. #RSAC Application Economy Requires Identity-centric Security 11 IDENTITY - CENTRIC SECURITY Customers Citizens Employees / Partners Connected Apps / Devices Cloud Services On Premise Apps
- 12. #RSAC 12 What you need to be thinking about SIMPLIFY ANYWHERE, ANYTHING ACCESS PROTECT DATA WHILE ENABLING BUSINESS EXTEND BUSINESS WITH SECURITY #RSAC
- 13. #RSAC 13 What you need to be thinking about SIMPLIFY ANYWHERE, ANYTHING ACCESS #RSAC
- 14. #RSAC Simplify Anywhere, Anything Access 14 CUSTOMERS, EMPLOYEES, PARTNERS Mobile Apps APIs/Web Services Web Apps From the Cloud On-Premise On Device Enable access from any device Coordinate security across Web, mobile, APIs Improve customer adoption/experience/ loyalty What you need to do
- 15. #RSAC The Application Economy is Driving the Rapid Adoption of Mobile Applications 15 “By 2020, more than 63% of enterprises expect their desktops to be replaced by mobile devices connected to the network via office wireless LAN” Gartner - “Mobile Device Proliferation Is Forcing Network Leaders to Redesign Enterprise LANs”, Bjarne Munch, Christian Canales, 14 May 2014 79%of organizations are using SaaS Sources: Ponemon Institute.
- 16. #RSAC Enabling your Mobile Workforce is a Journey Web API Native AppWeb-App Existing Web Applications New Native App Projects Unified Access Different security options: Deliver app security controls such as SSO based on when & where customer needs it.
- 17. #RSAC IAM + API Solution Enables Fast, Secure Mobile Delivery of Enterprise Applications 17 Identity Manager Cloud Apps On-Premises Enterprise Apps CA SSO ( SiteMinder ) / LDAP / IdP CA Mobile API Gateway Paul Pronsati EVP, Global Business Ops & CIO BENEFITS Common standard across platforms and applications Improves developer velocity and time to value Application user and device level security OAUTH/API SAML SAML SAML CA Mobile API Gateway CA SSO {SiteMinder} / LDAP/ldP On-Premises Enterprise Apps Identity Manager
- 18. #RSAC Lessons in Mobility 18 Begin with the user experience as the focus. Is login required? Review and define your architecture holistically; be prepared to move fast! Choose the app type that fits your use case and objective and implement a solution that combines usability and security (native app SSO + web) Leverage your existing SSO implementation to improve the experience Engage the business now around what SaaS projects are coming up and position the enterprise friendly vendors…say “yes” to BYOA Start thinking beyond front door access for SaaS
- 19. #RSAC 19 What you need to be thinking about #RSAC PROTECT DATA WHILE ENABLING BUSINESS
- 20. #RSAC Security – By the Numbers RECORDS BREACHED IN 20141,023,108,267 NUMBER OF BREACH INCIDENTS1,541 BREACHED RECORDS INCREASE FROM LAST YEAR78% Data records were lost or stolen with the following frequency Every Day 2,803,036 Every Hour 116,793 Every Minute 1,947 Every Second 32
- 21. #RSAC Protect Data While Enabling Business 21 Device Geolocation Velocity User history Fraud patterns PROTECT MOBILE APP STRONGLY AUTHENTICATE USERS CONTROL ACCESS TO WEB APPS CONTROL ACCESS TO APIS SECURE PRIVILEGED IDENTITIES Enable security from end-to-end Protect against insider threats Defend against external threats What you need to do
- 22. #RSAC Combat Insider Threats and External Attacks Systems Data Administrators Employees INSIDERS CUSTOMERS Web Apps Strong,Risk-based Authentication Privileged Identity SSO with Session Assurance EXTERNAL THREATS BUSINESS VALUE Reduced risk of breach through fine-grained admin controls, hypervisor security, and shared account management. Increase security and customer trust with strong, risk-aware authentication Protect against session hijacking with unique session assurance PROOF POINTS CA Privileged Identity Manager is the ONLY solution that helps secure critical systems at the OS kernel level CA PIM is protecting the systems at 9 out of the top 16 Fortune 25 companies CA Advanced Authentication enabled 64% of surveyed companies improve their user experience REQUIRED CAPABILITIES PIM Advanced Authentication SSO
- 23. #RSAC Lessons in protecting your business 23 Perimeter security is necessary, but not sufficient. You need to think end-to- end and defend from the inside-out Think about your identities. Do your accounts have the right privileges? Who certified access? Do you have orphaned accounts? Nearly all of the most damaging attacks use a privileged identity – focus your attention here! Don’t think of insider threats as purely malicious employees: they can be targeted with social engineering or can be careless Additional security doesn’t have to make the user experience more difficult. Risk-awareness is essential - security gets applies only where needed
- 24. #RSAC 24 What you need to be thinking about #RSAC EXTEND BUSINESS WITH SECURITY
- 25. #RSAC EXTENDING BUSINESS WITH SECURITY 25 Reduce infrastructure Drive agility into the business Reduce need for security expertise What you need to do IDENTITY AS A SERVICE
- 26. #RSAC 26 170 Countries 6,500 Corporate & public sector customers 3 million+ Direct customers #RSAC
- 27. #RSAC 27 #RSAC FOCUS ON CORE COMPETENCY Our advice Seek security expertise BT’s approach • Ensure they have depth and breadth of experience in delivering service • Remain engaged with your partner security expert • Provide in-depth defence and incident response • Around-the-clock protection from cyber threats • Understand risks as organisation changes – when new technologies are introduced, new vulnerabilities presented • Provide secure access to all remote and mobile workers
- 28. #RSAC Lessons in Identity & Access as a Service 28 Enable the business to outsource IT Security to managed services and focus on your true business Become the identity provider for external as well as internal users Secure identity and access from end to end – from the device, user, application, transmission, and though to the data source
- 29. #RSAC 29 What you need to be thinking about SIMPLIFY ANYWHERE, ANYTHING ACCESS PROTECT DATA WHILE ENABLING BUSINESS EXTEND BUSINESS WITH SECURITY #RSAC
- 30. #RSAC Security Spend Must do More than Just Secure 30 Sell the business on business value PROTECT THE BUSINESS UNLEASH THE BUSINESS Secure access to on-premise and cloud applications Govern user access across enterprise Protect against insider threats and external attacks Accelerate the delivery of secure apps Deliver multi- channel – from Web to Mobile to APIs Enable bring your own identity Customers Citizens Employees / Partners Connected Apps / Devices Cloud Services On Premise Apps
- 31. Success is the result of right choices. Choose your waves wisely. Unknown surfer, March, 2015
- 32. #RSAC 32 This is business, rewritten by software™ #RSAC
- 33. #RSAC Copyright © 2015 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document “as is” without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in advance of the possibility of such damages. Thank You
- 34. #RSAC For More Information To learn more about Security, please visit: http://bit.ly/10WHYDm Insert appropriate screenshot and text overlay from following “More Info Graphics” slide here; ensure it links to correct page Security