Critical Considerations for Mobile and IoT Strategy

World®’16

CriticalConsiderationsforMobileandIoT StrategyK.ScottMorrison- DistinguishedEngineer- CATechnologies

DO3X80V

DEVOPS

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.

Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInformationalPurposesOnlyTermsofthisPresentation


Abstract

Intoday'sdigitaleconomy,whenthegrowthofmobileappsandInternetofThings(IoT)devicesisexplodingeverywhere,it’simportanttounderstandhowtoplanforsuchgrowthwithinyourenterprise.Considerationsrangefromsecurity,integration,identitymanagementandencryptiontoscalingforIoT architectures.JointhissessiontohearScottMorrisonexplainthesevencriticalconsiderationsformobileandIoT strategy.

K.ScottMorrisonCATechnologiesDistinguishedEngineer


MobileOptimizationIsNowaGivenforBusinessProcesses

World®’16©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD4


TopEnterpriseMobilityConcerns1

1SOTISurveyresults:118ITDMsresponded,September22-29,2015


✓ Networkseparation✓ NoprogrammaticaccessfromthepublicInternet✓ Safetythroughtotalisolationandcontrol

IntheOldDays,AppsLivedInsidetheFirewall

DatabaseWebAppServers



✓ Appshandle(andmishandle)usercredentials✓ Firewallsdesignedtoinspecthuman-readablemarkupcanmissAPIattackvectors✓ Securitystandardsdesignedforenterprise(e.g.WS-*,SAML)arenotidealforlightweightmobileapps

ButNowMobileAppsNeedProgrammaticAccesstoBusinessServices…

DataTiersBusinessServiceAPIs



••http://recode.net/2014/10/13/snapchat-blames-third-party-apps-for-hack-raising-questions-about-its-own-api/••http://www.programmableweb.com/news/why-attack-buffer-was-serious-wake-call-web/analysis/2013/11/04SocialMediaServices

••http://www.programmableweb.com/news/yahoo-breach-involved-api-servers/elsewhere-web/2014/10/07LeadingWebPortal

••http://www.shubhro.com/2014/12/18/reverse-engineering-kayak-mitmproxy/TravelBroker

••http://www.developer-tech.com/news/2015/jan/08/moonpigs-api-breach-could-cost-its-business/DotComCompany

••http://www.securityweek.com/api-vulnerability-exposed-accounts-delmarva-power-customersEnergyCompany

••http://www.pcworld.com/article/2138400/hacked-passwords-can-enable-remote-unlocking-tracking-of-tesla-cars.htmlAutoManufacturer

OldPerimeterSecurityMechanismsAreFailing


✓ Adoptnewaccesscontrolsdesignedtopreventmishandlingofusercredentials✓ IncludeAPIfirewalls✓ Replaceorbridgetoexistingsecuritysystems

ButNowMobileAppsNeedProgrammaticAccesstoBusinessServices…

DataTiersBusinessServiceAPIs






TheDemandforMobileAppsHasExceededIt’sAbilitytoDeliver


MobileRealEstateInspiresaWholeNewLifestyle

©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD12


TheFirstWayMostBusinessFailatMobilityIsbyAttemptingtoStuffTheirCustomerand/orEmployeePortalsIntoaMobileBrowser

Itdoesn’tfit…



CC#2:OfferingAppsThatSuittheMobileLifestyle

• Concentrateonfocusedexperiences

• Plantousenativedevicecapabilities

• Avoidfrustratingtextinput(e.g.forlogin)



We’reTotallyDifferentPeopleWhenWe’reMobile



MobileUsersAre

Busy,Distracted

&Impatient



CC#3:SupportingIdentitiesThattheUserAlreadyTrusts

Doesn’tallowingtheuseofsomeoftheseidentitiesopenupnewrisksforexploitssuchasidentitytheft?Yes,indeed,buttherearewaystomitigatetheserisksinwaysappropriatetoyourbusiness…moreaboutthatlater.

ü SocialIdentities

ü BankCards

ü Phonenumbers





IntegrationIsStilltheBiggestCostinMobileProjects


HowMobilityIsUsedTodayinYourOrganization?1



CC#4:PlanforIntegrationsWithEnterpriseSystems

ü EnterpriseUserDirectory

ü EnterpriseApplications

ü WebPortalInfrastructure





DataLossIsaSeriousThreatintheMobileWorld



✓ Ondevice✓ Duringtransmission✓ Atrestinenterpriseorcloud

EncryptALLoftheData

CloudStorage

OnPremStorage

OnDeviceStorage



CC#5:StoreandTransferEnterpriseDataSecurely

ü ConsiderusingPrivateClouds

ü Alwaysencrypton-devicedata

ü Keepdatainmotionencrypted





EnablingCommunication&CollaborationIstheNextBigThing



CC#6:FosterCommunication&Collaboration

Buildcommunicationfeaturesinyourapp

Exchangeyourdataviasecure channels

Implementbi-directionalreal-timenotifications


TheFutureIsAlreadyHere– It’sJustNotEvenlyDistributed



CC#7:StartPlanningforaScalableIoT Architecture

PlanfordeployingIoTaggregators/Gateways

ü Lesssophisticatedendpointdevicesü ConsolidatedisparateendpointprotocolsintotheIoT

platformprotocolü Consolidateandscaledevicemanagementü Addintelligencetoperformanalytics


OurEnterpriseMobile&IoTVision

Simplifycomplexsecurity,interactivityandbackendintegrationchallengesusing

developer-friendlyinterfaces

Increase theSpeedofEnterpriseMobileAppDevelopment

UnlockEnterpriseDataShare

DataSecurely


UnlockEnterpriseData

RapidCreationofEnterprise-classAPIsFromDataSources


DataSecurely


SecureMobileCollaboration

EnterpriseMobile&IoTCollaboration,MadeSimple andSecure


DataSecurely


Essentialmobileservices,deliveredsafeandsecure✓ DeliverIoTandMobileappsfaster✓ Reducesecurityexposure✓ Gaincontroloverfoundationservices

CAMobileAppGateway/MobileAppServices

SecureMassStorage

UserDirectory

SecurePub/Sub

SDK

SDK

SDK

• Simplifiedauthenticationandtokenmgmt.• SecureMQTTPub/Submessaging• Securecloudandon-devicestorage• Dynamicuser/groupmgmt.

AuthenticationandAPISecurity

Device-nativeSDKs



SevenCriticalConsiderationsforMobileandIoT Strategy

1. Ensuringthesecurityofenterprisedataandservices2. Offeringappsthatsuitthemobilelifestyle3. Supportingidentitiesthatusersalreadytrust4. Preparingforintegrationwithenterprisesystems5. Encryptingdatastillandinmotion6. Fosteringcommunicationandcollaboration7. PlanningforascalableIoTarchitecture



Questions?


Stayconnectedatcommunities.ca.com

Thankyou.


DevOps– APIManagementandApplicationDevelopment

FormoreinformationonDevOps– APIManagementandApplicationDevelopment,pleasevisit:http://cainc.to/DL8ozQ

Critical Considerations for Mobile and IoT Strategy

Technology