Secure by design: Scaling security across the enterprise
•Télécharger en tant que PPTX, PDF•
1 j'aime•1,281 vues
By 2020, Gartner predicts 60% of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases. As security failures quickly become headline news, CIOs and CISOs are under tremendous pressure to keep the business secure -- without slowing the business down. That's why incorporating security by design into applications and services is so crucial for the enterprise. In this session, we will discuss how applications networks are helping organizations federate security best practices, leverage machine learning to more proactively respond to threats and deliver defense in depth.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Secure by design: Scaling security across the enterprise
Similaire à Secure by design: Scaling security across the enterprise (20)
Plus de MuleSoft
Plus de MuleSoft (18)
Dernier
Dernier (20)
Secure by design: Scaling security across the enterprise
- 1. Scaling security across the enterprise Secure by design As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 2. All contents © MuleSoft Inc. What is Security by Design? 2 As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 3. All contents © MuleSoft Inc. What is it really? 3 • Bake security into your design • Follow a standard set of principals • Think in Layers • Make it part of your culture As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 4. All contents © MuleSoft Inc. Is there an issue? 4 • OWASP Top 10 Update for 2017 As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 5. All contents © MuleSoft Inc. Security Goals 5 • Digitization of Business Capabilities • Multiple digital channels • Confidentiality • Integrity • Availability As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 6. All contents © MuleSoft Inc. Security Design Principles 6 • Targeted • Minimalized • Locked • Multi-keyed • Elastic • Reliable • Standardized As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 7. All contents © MuleSoft Inc. Targeted: Profile your APIs 7 Public APIsSemi-public APIs Private APIs As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 8. All contents © MuleSoft Inc. Minimalized: Be stingy with capabilities 8 • Domain-driven Design • Business Entities • Single responsibility principle As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 9. All contents © MuleSoft Inc. Locked: Authenticate and Authorize every call 9 • Token based Access Control • TLS • Tokenization As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 10. All contents © MuleSoft Inc. Multi-keyed: Use OpenID Connect and OAuth 2.0 10 ImplicitAuthorization Code Authorization Code Client Credentials As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 11. All contents © MuleSoft Inc. Multi-keyed: Use TLS, Mutual TLS, SAML, and JWT 11 As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 12. All contents © MuleSoft Inc. Elastic: Use Containerization & Container Scheduling 12 • Each Microservice has distinct scalability requirements • Container scheduling makes scaling easy • PaaS frameworks schedule containers based on traffic As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 13. All contents © MuleSoft Inc. Reliable: Use Domain Events 13 My Shopping Microservice Order Fulfillment Microservice Credit Card Microservice Inventory Microservice As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 14. All contents © MuleSoft Inc. Reliable: Use Circuit Breaker Pattern 14 My Shopping Microservice Customer Profile Microservice Loyalty Microservice Order History Microservice Order History Microservice As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 15. All contents © MuleSoft Inc. Standardized: Choose the best Technologies 15 As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 16. All contents © MuleSoft Inc. Speed. Agility. API Security. Innovation. 16 • Emerges bottoms-up via self-service • Provides visibility, security and governability at every API node • Is recomposable: it bends, not breaks – built for change An application network As of April 20th, 2017 and subject to change at MuleSoft's exclusive discretion.
- 17. Thank you!
Notes de l'éditeur
- No friction between goals of business to expose capabilities and goals of security to restrict access
- Targeted => network ; profile; oauth 2.0 grant type Minimalized=> in commands and capabilitiies; business entities; Domain driven; filter data (ABAC); Locked => default + every call is protected; TLS; (tokenization; encryption of data at rest) Multi-keyed => OpenID Connect (access + id) ; private : access token + mutual TLS Elastic => container scheduling; service lookup; business entitties are easier to scale Reliable => use event driven; encrypt messages; no subscripiton in the DMZ; circuit breaker Standardized => all the above
- According to user segmentation and hence network segmentation
- Least privilege
- Username / password credentials are evil Hide and guarantee integrity with encryption and digital signatures
- Auth code where possible because client forced to authenticate Never use resource owner password credentials Recognize the limit of oauth. WE NEED RBAC OR ABAC
- Protect all web apis with HTTPS Never use plain http Self-sign only within corporate Mutual TLS on corporate and extranet
- We have a need to grow and shrink with traffic Devops facilitates rapid provisioning Paas make all this easy with dynamic scaling
- Distributed transactions are evil Eventual consistency is good (lines with needs of business) Guaranteed delivery Better customer experience
- Graceful handling of failures Use fallback to deliver some default set of info (perhaps cached)
- If we use standards the quality is much better Vulnerabilities of public frameworks identified and solved.