The bring-your-own-device (BYOD) trend is in full swing as the growth of mobile devices within the enterprise explodes. How do you enable secure data access for mobile applications? How do you deal with user authentication? How do you allow broader adoption of enterprise applications on user owned devices? CA and Layer 7 outline solutions to these issues, explore different approaches to mobile security, and use case studies to illustrate how others have solved these problems.
This workshop was all about:
• The latest mobile trends and opportunities
• Emerging mobile risks and how these can be addressed
• A reference architecture for secure enterprise mobility
Using APIs to Create an Omni-Channel Retail Experience
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research Inc.
1. The IAM-as-an-API Era Has Arrived
And You Can Blame/Thank Mobility
Eve Maler, Principal Analyst, Security & Risk
Mobile Security Workshop
February 7, 2013
17. New identity solutions disrupt…but attract.
Or, The good thing about reinventing the wheel is that
you can get a round one.*
*Douglas Crockford, inventor of JavaScript Object Notation (JSON)
Source: tom-margie | CC BY-SA 2.0 | flickr.com
70. Yet there is an imbalance between!
run time and design time governance!
71. Vendors are
happy to provide
tooling
Firewall
Trading
Partner
Directory
PEP
Application
Servers
Workflow
Registry DMZ
Repository
Secure
Zone Enterprise
Network
97. The Challenge
API
Client
Phone
User
Firewall 1
Firewall 2 iPhone
Developer
API
Server
Enterprise
Network
98. First We Need Identity
API
Client
Firewall 1
Firewall 2 iPhone
Developer
API
Server
Enterprise
SiteMinder Network
99. We could try this to
deal with firewalls…
API
Client
Firewall 1
Firewall 2 iPhone
Developer
API
Server
Enterprise
SiteMinder Network
100. An API Gateway Is
A Better Solution
API
Client
Firewall 1
API
Proxy
Firewall 2 iPhone
Developer
API
Server
Enterprise
SiteMinder Network
101. Now Add Client
Developer Libraries
For Authentication API
Client
Firewall 1
API
Proxy
Firewall 2 iPhone
Developer
API
Server
Enterprise
SiteMinder Network
102. Finally, Add In An API
Portal To Enable The
New Governance API
Client
Firewall 1
API
Proxy
Firewall 2 iPhone
Developer
API
Server
API
Portal
Enterprise
SiteMinder Network
106. The New Governance!
Old
New
Documenta9on
WSDL
Wiki/Blog
Discovery
Reg/Rep
Search
Approval
G10
PlaQorm
Email
Enforcement
Gateway
Gateway
User
Provisioning
IAM
Portal
Community
What’s
that?
Forum
109. The Forrester Wave™: API Management Platforms, Q1 2013
By Eve Maler and Jeffrey S.
Hammond, February 5, 2013
Free Copy for all Attendees!
Everyone who has attended
today’s workshop will receive a
free copy of this report in a
follow up email from Layer 7.
Keep an eye on your inbox.
The Forrester Wave is copyrighted by Forrester Research, Inc.
Forrester and Forrester Wave are trademarks of Forrester Research,
Inc. The Forrester Wave is a graphical representation of Forrester's
call on a market and is plotted using a detailed spreadsheet with
exposed scores, weightings, and comments. Forrester does not
endorse any vendor, product, or service depicted in the Forrester
Wave. Information is based on best available resources. Opinions
reflect judgment at the time and are subject to change.
Layer 7 Confidential 44
110. Picture
Credits
² Antelope
Canyon
4
by
klsmith–
stock.exchg
² Band
silhoue=es
by
mr_basmt–
stock.exchg
111. For further information:
K. Scott Morrison
Chief Technology Officer
Layer 7 Technologies
1100 Melville St, Suite 405
Vancouver, B.C. V6E 4A6
Canada
(800) 681-9377
scott@layer7.com
http://www.layer7.com
September 2012