SlideShare une entreprise Scribd logo

[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of the Developer

WSO2
WSO2

Everything is famously code-integrated today—cars are computers with wheels, appliances have Internet access, smart doors and houses are controlled from mobile phone apps, etc. With all this code around, security is more of a challenge than ever. A central pillar of security is identity access management (IAM): the technology that protects logins and controls access. In fact, this too, is becoming code to work with all the other code. Libraries for developers are essential, including ID controls in mobile and Web applications for initial sign on, single sign-on, federated sign-on, biometric authentication systems, and sensitive data access control. To maintain security across devices, IAM code must be wherever it’s needed, when it’s needed, and automated, just like any other code. And the better we do this, the more safeguarded we all are with our ubiquitous computers.

1  sur  13
Télécharger pour lire hors ligne
Rethinking Identity Access Management: The Rise of the Developer Eric Newcomer, September 2021
Hello! Eric Newcomer CTO eric@wso2.com https://www.linkedin.com/in/enewcomer/ https://twitter.com/enewc ● Previously: ⦿ Global Head of Security Architecture and Strategy, Citi Consumer Bank ⦿ Chief Architect, Citi Treasury and Trade Services ⦿ CTO, IONA Technologies ⦿ Distinguished Engineer & Transaction Processing Architect at Digital Equipment
3 Key business use cases for Identity and Access Management (IAM) Enable access management for employee identities (B2E). Onboard partners and 3rd parties, and securely give them access to company resources by introducing minimal changes to the current system (B2B). Improve the digital user experience of customers by streamlining operations with respect to identity and access management (B2C). Enable a 360-degree view of customer identity data to assist company leadership to make informed decisions. Secure API access for both internally facing and externally facing APIs, including cloud and IoT.
Key challenges related to IAM adoption ● Developers are under pressure to produce ⦿ Security considerations can conflict with time to market ⦿ Security reviews and approvals take time and consume effort ● IAM is not something you can add in at the last minute ⦿ Need to have a design, plan, policy & standards selection ⦿ It’s like UX - login experience has to be identified before the its construction ● And it can actually be worse with automation ⦿ Security automation can be hard to fix ⦿ Scanning tool selection & deployment requires specific ops skills 4
Meeting the challenges means getting the code right ● Provide security as code, keep developer focus in their IDEs ⦿ This helps developers bake security into their code & automation ⦿ Organizations can customize SDKs and libraries for standard processes & policies ● Policies expressed as code streamlines the security review & approval process ⦿ Security reviewers can check the code version & fingerprint ⦿ Preferably through automated scan results ● Developer skills are in high demand ⦿ Offer low code abstractions to improve productivity ⦿ Embed IAM knowledge in the code ⦿ Config and customize with GUIs ● Link apps to cloud services to ensure IAM keeps pace with innovation 5
Considerations for cloud native infrastructure* ● Clouds were designed to maximize sharing (e.g. for online shopping) and for Web and mobile apps ⦿ Strong IAM is key to customer satisfaction and avoiding “over privilege” incidents ● Clouds have different “perimeter security” principles defined by: ⦿ Resource permissions and policies – by design allow internet access ⦿ IAM systems – by design allow internet access ⦿ Network constraints - can be bypassed by shared resources ● Misconfigured policies/permissions may allow direct external access to company resources (regardless of network and IAM) ● Security teams can not prevent these misconfigurations (since they can be done at the app level) 6 *See “Banking on the Cloud” Newcomer, Ivaturi, Schulman, HPTS 2019
How “Security as code” or “shift left” help ● Implement strong authentication policies (i.e. FIDO MFA) in code ⦿ Use config GUIs to configure desired authenticators and generate SDK ⦿ Pipeline builds include the IAM policies and auto test ⦿ Self registration to reduce admin overhead ● Auto detect and replace open source vulnerabilities ⦿ E.g. http-proxy versions prior to 1.18.1 to prevent possible DOS attack ⦿ Pipeline scan open source libraries for known issues and apply updates ● Detect and remediate crypto vulnerabilities in code ⦿ E.g. issue in AWS Crypto SDK for GoLang prior to V2 allows changing AES-GCM to AES-CTR and reveal authentication keys ● Configure CI/CD pipelines to include Docker scanning, etc ⦿ Containers are immutable and cannot be patched ⦿ Put in the time to ensure the containers are secure 7
8 Developer-focused Identity and Access Management (IAM) Every service, API, device and person has a managed identity ● Digital identity is a critical part of digital business ● “Everything is code” - cars, phones, appliances, homes... The digital identity developer is becoming more prominent than the administrator ● Customer IAM needs to integrate with multiple systems (CRM, CDM, CMS, Marketing Automation, etc.) ● Application developers lack IAM specialization Organizations need an agile, event-driven customer IAM platform that can flex to meet both new business opportunities and new challenges. ● Across multiple environments, multi-cloud, on prem, hybrid
CIAM developer requirements ● Accelerating digital transformation initiatives requires an identity-centric approach ⦿ Leverage cloud based technologies for rapid deployment of critical apps ⦿ Rapidly pivot to new business paradigms as market conditions change ● Global privacy requirements can affect brand or create fines ⦿ Customers/users want a degree of control of how their data is collected/stored and managed ● Scarcity of IAM specialized developers ⦿ Connecting disparate IAM systems to get a unified view of a customer/users can be challenging, time consuming and costly ⦿ Business requirements change frequently and it becomes costly and time consuming to continuously implement changes
How CIAM as code helps 10 Take the complexity out of managing user access and enable building secure and frictionless customer experiences in minutes ● Provide libraries and SDKs for developers to include in their application projects early on ● Include code in CI/CD pipeline auto builds and testing stages ● Ensure security team reviews are more likely to be ‘check the box’ activities than finding issues ● Reduce time to market by providing needed code - developers don’t have to search for it
11 Maturity Model for CIAM
12 Identity Gateway Developer Portal How WSO2 is helping drive IAM/CIAM as code Management Portal Marketplace Self Service Portal Analytics SDKs Agents Tools
wso2.com Thanks!

Recommandé

The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
WSO2
 
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
WSO2
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with docker
Docker, Inc.
 
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
WSO2
 
[WSO2 Summit APAC 2020] APIs: The Products of the 21st Century
[WSO2 Summit APAC 2020] APIs: The Products of the 21st Century[WSO2 Summit APAC 2020] APIs: The Products of the 21st Century
[WSO2 Summit APAC 2020] APIs: The Products of the 21st Century
WSO2
 
[WSO2 Summit APAC 2020] Automating an Integrated API Supply Chain Using a Clo...
[WSO2 Summit APAC 2020] Automating an Integrated API Supply Chain Using a Clo...[WSO2 Summit APAC 2020] Automating an Integrated API Supply Chain Using a Clo...
[WSO2 Summit APAC 2020] Automating an Integrated API Supply Chain Using a Clo...
WSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
WSO2
 

Recommandé

The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
WSO2
 
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
WSO2
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with docker
Docker, Inc.
 
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
WSO2
 
[WSO2 Summit APAC 2020] APIs: The Products of the 21st Century
[WSO2 Summit APAC 2020] APIs: The Products of the 21st Century[WSO2 Summit APAC 2020] APIs: The Products of the 21st Century
[WSO2 Summit APAC 2020] APIs: The Products of the 21st Century
WSO2
 
[WSO2 Summit APAC 2020] Automating an Integrated API Supply Chain Using a Clo...
[WSO2 Summit APAC 2020] Automating an Integrated API Supply Chain Using a Clo...[WSO2 Summit APAC 2020] Automating an Integrated API Supply Chain Using a Clo...
[WSO2 Summit APAC 2020] Automating an Integrated API Supply Chain Using a Clo...
WSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
WSO2
 
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays
 
[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM
WSO2
 
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs [apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
WSO2
 
apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...
apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...
apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...
apidays
 
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
apidays
 
WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
WSO2
 
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
Yenlo
 
[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...
[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...
[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...
WSO2
 
[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...
[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...
[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...
WSO2
 
apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...
apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...
apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...
apidays
 
Apache kafka an ideal data streaming solution for your bank
Apache kafka an ideal data streaming solution for your bankApache kafka an ideal data streaming solution for your bank
Apache kafka an ideal data streaming solution for your bank
sandipanmukherjee13
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking Architecture
WSO2
 
Best Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingBest Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated Testing
WSO2
 
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
WSO2
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
Yenlo
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
Yenlo
 
API Adoption API Conference Berlin - Hans Bot
API Adoption API Conference Berlin - Hans BotAPI Adoption API Conference Berlin - Hans Bot
API Adoption API Conference Berlin - Hans Bot
Yenlo
 
Monetize Your Open Banking APIs with Fintechs — Strategies & Live Demo
Monetize Your Open Banking APIs with Fintechs — Strategies & Live DemoMonetize Your Open Banking APIs with Fintechs — Strategies & Live Demo
Monetize Your Open Banking APIs with Fintechs — Strategies & Live Demo
WSO2
 
[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...
[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...
[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...
WSO2
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
SecureAuth
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 

Contenu connexe

Tendances

apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays
 
[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM
WSO2
 
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs [apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
WSO2
 
apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...
apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...
apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...
apidays
 
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
apidays
 
WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
WSO2
 
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
Yenlo
 
[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...
[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...
[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...
WSO2
 
[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...
[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...
[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...
WSO2
 
apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...
apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...
apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...
apidays
 
Apache kafka an ideal data streaming solution for your bank
Apache kafka an ideal data streaming solution for your bankApache kafka an ideal data streaming solution for your bank
Apache kafka an ideal data streaming solution for your bank
sandipanmukherjee13
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking Architecture
WSO2
 
Best Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingBest Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated Testing
WSO2
 
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
WSO2
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
Yenlo
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
Yenlo
 
API Adoption API Conference Berlin - Hans Bot
API Adoption API Conference Berlin - Hans BotAPI Adoption API Conference Berlin - Hans Bot
API Adoption API Conference Berlin - Hans Bot
Yenlo
 
Monetize Your Open Banking APIs with Fintechs — Strategies & Live Demo
Monetize Your Open Banking APIs with Fintechs — Strategies & Live DemoMonetize Your Open Banking APIs with Fintechs — Strategies & Live Demo
Monetize Your Open Banking APIs with Fintechs — Strategies & Live Demo
WSO2
 
[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...
[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...
[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...
WSO2
 

Tendances (20)

apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
apidays LIVE LONDON - Evolving API Management for Event-Driven Digital Bankin...
 
[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM
 
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs [apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
 
apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...
apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...
apidays LIVE Australia 2021 - Quantum Duality of “API as a business and a tec...
 
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
 
WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
 
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
 
[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...
[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...
[apidays Live Australia] - Breaking down the barriers between Pro-Code, Low-C...
 
[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...
[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...
[apidays Live australia] Building a Sustainable Ecosystem with Open APIs for ...
 
apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...
apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...
apidays LIVE New York 2021 - 5 Pragmatic steps to unlock Open Finance with AP...
 
Apache kafka an ideal data streaming solution for your bank
Apache kafka an ideal data streaming solution for your bankApache kafka an ideal data streaming solution for your bank
Apache kafka an ideal data streaming solution for your bank
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking Architecture
 
Best Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingBest Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated Testing
 
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
 
API Adoption API Conference Berlin - Hans Bot
API Adoption API Conference Berlin - Hans BotAPI Adoption API Conference Berlin - Hans Bot
API Adoption API Conference Berlin - Hans Bot
 
Monetize Your Open Banking APIs with Fintechs — Strategies & Live Demo
Monetize Your Open Banking APIs with Fintechs — Strategies & Live DemoMonetize Your Open Banking APIs with Fintechs — Strategies & Live Demo
Monetize Your Open Banking APIs with Fintechs — Strategies & Live Demo
 
[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...
[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...
[WSO2Con EU 2018] The Hybrid Integration Platform: Can You Be in Business Wit...
 

Similaire à [2021 Somos Summit] - Rethinking Identity Access Management and The Rise of the Developer

Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
SecureAuth
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
Ping Identity
 
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
JessiRyan1
 
Open source iam value, benefits, and risks
Open source iam value, benefits, and risksOpen source iam value, benefits, and risks
Open source iam value, benefits, and risks
WSO2
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
IBM Security
 
APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...
APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...
APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...
apidays
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
WSO2
 
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit TandonANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
AgileNetwork
 
1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx
ssuserc1c6091
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty Mutual
VMware Tanzu
 
Single Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password EliminationSingle Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password Elimination
Symantec
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
apidays
 
The Cloud Challenge
The Cloud ChallengeThe Cloud Challenge
The Cloud Challenge
VMware Tanzu
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
WSO2
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps Era
Mike Kavis
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
ForgeRock
 
Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...
Judy Breedlove
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptx
Archana833240
 

Similaire à [2021 Somos Summit] - Rethinking Identity Access Management and The Rise of the Developer (20)

Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
Learn Why your Technology Toolkit needs a Low Code Platform Upgrade!
 
Open source iam value, benefits, and risks
Open source iam value, benefits, and risksOpen source iam value, benefits, and risks
Open source iam value, benefits, and risks
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
 
APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...
APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...
APIsecure 2023 - For flex(ibility) sake, modernize your legacy APIs!, Topher ...
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit TandonANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
ANIn Bengaluru May 2023 | AI led Enterprise Transformation by Arpit Tandon
 
1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty Mutual
 
Single Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password EliminationSingle Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password Elimination
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
apidays LIVE Jakarta - Overcoming the 3 largest obstacles to digital transfor...
 
The Cloud Challenge
The Cloud ChallengeThe Cloud Challenge
The Cloud Challenge
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps Era
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
 
Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptx
 

Plus de WSO2

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
WSO2
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
WSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
WSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
WSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2
 

Plus de WSO2 (20)

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 

Dernier

Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 

Dernier (20)

Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 

[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of the Developer

  • 1. Rethinking Identity Access Management: The Rise of the Developer Eric Newcomer, September 2021
  • 2. Hello! Eric Newcomer CTO eric@wso2.com https://www.linkedin.com/in/enewcomer/ https://twitter.com/enewc ● Previously: ⦿ Global Head of Security Architecture and Strategy, Citi Consumer Bank ⦿ Chief Architect, Citi Treasury and Trade Services ⦿ CTO, IONA Technologies ⦿ Distinguished Engineer & Transaction Processing Architect at Digital Equipment
  • 3. 3 Key business use cases for Identity and Access Management (IAM) Enable access management for employee identities (B2E). Onboard partners and 3rd parties, and securely give them access to company resources by introducing minimal changes to the current system (B2B). Improve the digital user experience of customers by streamlining operations with respect to identity and access management (B2C). Enable a 360-degree view of customer identity data to assist company leadership to make informed decisions. Secure API access for both internally facing and externally facing APIs, including cloud and IoT.
  • 4. Key challenges related to IAM adoption ● Developers are under pressure to produce ⦿ Security considerations can conflict with time to market ⦿ Security reviews and approvals take time and consume effort ● IAM is not something you can add in at the last minute ⦿ Need to have a design, plan, policy & standards selection ⦿ It’s like UX - login experience has to be identified before the its construction ● And it can actually be worse with automation ⦿ Security automation can be hard to fix ⦿ Scanning tool selection & deployment requires specific ops skills 4
  • 5. Meeting the challenges means getting the code right ● Provide security as code, keep developer focus in their IDEs ⦿ This helps developers bake security into their code & automation ⦿ Organizations can customize SDKs and libraries for standard processes & policies ● Policies expressed as code streamlines the security review & approval process ⦿ Security reviewers can check the code version & fingerprint ⦿ Preferably through automated scan results ● Developer skills are in high demand ⦿ Offer low code abstractions to improve productivity ⦿ Embed IAM knowledge in the code ⦿ Config and customize with GUIs ● Link apps to cloud services to ensure IAM keeps pace with innovation 5
  • 6. Considerations for cloud native infrastructure* ● Clouds were designed to maximize sharing (e.g. for online shopping) and for Web and mobile apps ⦿ Strong IAM is key to customer satisfaction and avoiding “over privilege” incidents ● Clouds have different “perimeter security” principles defined by: ⦿ Resource permissions and policies – by design allow internet access ⦿ IAM systems – by design allow internet access ⦿ Network constraints - can be bypassed by shared resources ● Misconfigured policies/permissions may allow direct external access to company resources (regardless of network and IAM) ● Security teams can not prevent these misconfigurations (since they can be done at the app level) 6 *See “Banking on the Cloud” Newcomer, Ivaturi, Schulman, HPTS 2019
  • 7. How “Security as code” or “shift left” help ● Implement strong authentication policies (i.e. FIDO MFA) in code ⦿ Use config GUIs to configure desired authenticators and generate SDK ⦿ Pipeline builds include the IAM policies and auto test ⦿ Self registration to reduce admin overhead ● Auto detect and replace open source vulnerabilities ⦿ E.g. http-proxy versions prior to 1.18.1 to prevent possible DOS attack ⦿ Pipeline scan open source libraries for known issues and apply updates ● Detect and remediate crypto vulnerabilities in code ⦿ E.g. issue in AWS Crypto SDK for GoLang prior to V2 allows changing AES-GCM to AES-CTR and reveal authentication keys ● Configure CI/CD pipelines to include Docker scanning, etc ⦿ Containers are immutable and cannot be patched ⦿ Put in the time to ensure the containers are secure 7
  • 8. 8 Developer-focused Identity and Access Management (IAM) Every service, API, device and person has a managed identity ● Digital identity is a critical part of digital business ● “Everything is code” - cars, phones, appliances, homes... The digital identity developer is becoming more prominent than the administrator ● Customer IAM needs to integrate with multiple systems (CRM, CDM, CMS, Marketing Automation, etc.) ● Application developers lack IAM specialization Organizations need an agile, event-driven customer IAM platform that can flex to meet both new business opportunities and new challenges. ● Across multiple environments, multi-cloud, on prem, hybrid
  • 9. CIAM developer requirements ● Accelerating digital transformation initiatives requires an identity-centric approach ⦿ Leverage cloud based technologies for rapid deployment of critical apps ⦿ Rapidly pivot to new business paradigms as market conditions change ● Global privacy requirements can affect brand or create fines ⦿ Customers/users want a degree of control of how their data is collected/stored and managed ● Scarcity of IAM specialized developers ⦿ Connecting disparate IAM systems to get a unified view of a customer/users can be challenging, time consuming and costly ⦿ Business requirements change frequently and it becomes costly and time consuming to continuously implement changes
  • 10. How CIAM as code helps 10 Take the complexity out of managing user access and enable building secure and frictionless customer experiences in minutes ● Provide libraries and SDKs for developers to include in their application projects early on ● Include code in CI/CD pipeline auto builds and testing stages ● Ensure security team reviews are more likely to be ‘check the box’ activities than finding issues ● Reduce time to market by providing needed code - developers don’t have to search for it
  • 12. 12 Identity Gateway Developer Portal How WSO2 is helping drive IAM/CIAM as code Management Portal Marketplace Self Service Portal Analytics SDKs Agents Tools