• No results found

Meet the Cloud API The New Enterprise Control Point

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Meet the Cloud API The New Enterprise Control Point"

Copied!
33
0
0

Loading.... (view fulltext now)

Download now ( 33 Page )

Full text

(1)

Presented by:

Meet the Cloud API

The New Enterprise Control Point

Katrina Kehlet

(2)

2

Agenda

Why Intel & McAfee-

“Security Connected”

Cloud Promise & Threat Environment

Why APIs are Central to Control for Cloud

Cloud API Fundamentals

Cloud API Deployment Models

(3)

Intel & McAfee: “Security Connected”

Security is no longer a siloed discipline for the Extended Enterprise. Security & Identity establish trust across the continuum

Devices & Infrastructure

Security Layers Cross Hardware & Software

On-Prem to Cloud Chip/CPU OS/VM Data App Services Cloud APIs Private, Public, Hybrid SaaS, PaaS, IaaS

• Unique insight into hardware, client, server platform security • Driving Innovation through

Ecosystem

• Endpoint, DLP, Threat, App Identity Security

• Network Edge & SaaS Delivery

Security

Connected!

(4)

4

Creating an Explosion of Internet Growth

Exponential growth driving need for a Billion Virtual Server Cloud

7

More

Users

More

Devices

More

Content

Today

2015

~80% of Internet connected devices are computers & phones3

Only 25% of the world is Internet connected today1

New technologies will connect over 1 billion additional users to the cloud2

Cars, TVs, households, etc. to increase connected devices 2.5x to >10 billion globally3

8X network, 16X storage & 20x compute capacity needed7 2.5B photos on Facebook4

30B videos viewed/mos5 Google indexes >1T pages6

(5)
(6)

6

The Promise of the Cloud-Scale out on Demand

(7)

• Business agility

• Cost efficiencies

• Enhanced innovation

• Improved IT services

The Power of

Cloud Computing

However, security

remains the roadblock

• Data loss

• Authentication, Authorization

and Audit

• Information governance

• Data control

(8)

8

Big Impact, Big Challenge, Big Opportunity

Intel Confidential

Q: How concerned are you about each of the following potential security threats to your IT environment? (1=not at all concerned, 7= very concerned)1

1, 2 Source: Intel Primary Research, August 2011

Q: On average, how many virus or malware attacks are you thwarting each month?2

Identity Theft: $37 billion, 8.1 Million US Adults affected (2010)

—2010 Identity Fraud Survey Report”, Javelin Research Group – Feb, 2011

Average Organizational Cost of a Data Breach in 2010: $7.24M ($213 per record)

—Ponemon Institute - 2010 Annual Study: Cost of a Data Breach . March 2011

Q: On average, how many virus or malware attacks are you thwarting each month?

(9)

Key Trends Affecting Security

Exponential Growth In

Connected Devices

Multiple Access Points

Manageability

Malware Explosion

Threat Sophistication

Targeted Attacks

Cloud = Changing Perimeters

SLAs

New Security Models

Compliance Concerns

Source: McAfee Malware Database July 2011

Q3/Q4-2009: + 8.6 million samples Q1/Q2-2010: +10.0 million samples Q3/Q4-2010: +10.8 million samples Q1/Q2-2011: +12.2 million samples

(10)

10

Goal? Build the Secure,Connected Chain to the Cloud

Text here

WHO

Devices Digital Identities Tied to Users and

Text here

WHAT

Data and Apps

Asserted/ Federated On-Behalf of Enterprise

WHERE

Private Public Hybrid Cloud Traffic Channels

Email Web Authentication

The Cloud API

(11)

Cloud API Growth Exploding

Top 5 API Types

1. Social

2. Internet

3. Mapping

4. Search

5. Mobile

(12)

12

Cloud Application & API Security Adoption

Technology Trigger

Peak of Inflated

Expectations DisillusionmentTrough of

Slope of Enlightenment Plateau of Productivity Time Federated Id Mgt Phone based AuthN

Security as a Service App Security as a Service

Security & Risk Standards Cloud Security Gateways

Secure Web Gateways

Email/Encryption

Cloud Security Hype Cycle 2011

Tokenization

Private Cloud Computing

Cloud Service Brokerage OAuth

(13)

Evolution to the Cloud API

(14)

14

Primary Challenges to Exposing Applications

& APIs in the Cloud

Don’t use API

Can’t Migrate to Cloud

Short Relationships Immature Provider APIs Changes Repeatable Model Packaged • Integration • Governance • Security Offset costs with way to make $? Single App Service V1 V2 V3 • WS* • WS-Trust • WSDL • OAuth • Encryption • … etc COTs Standards custom code

var JS_KeepTrying = "Keep Trying"; var JS_TryAgain = "Try Again"; var js_0001 = "Please select at least one vendor from the list."; var js_0002 = "Please choose dates in the future."; var js_0003 = "Please choose a check-out date that is at least one day later than your check-in date."; var js_0004 = "Please choose dates that are less than 330 days away."; var js_0005 = "Searching for deals ... this may take a few moments"; var js_0006 = "Your selections have not changed."; var js_0010 = "Please click again to open each window or adjust browser settin "Update"; var js_0012 = "Show next offer"; var

Var IS_DDPU_ ENABLED = false Security Hole What function call?

???

API Gateway Proxy

Standards based

XML Security

Abstraction Point

To Shield Dev

Versioning,

Governance,

Lifecycle Mgt

API Monetization

& Service Brokers

Broker to Interface

to 3

rd

Party

Cloud APIs

Custom Developed Security

One-off API Mgt Complexity

Fast Changing Cloud APIs Costs at Scale App Retooling for APIs

(15)

Traditional Web App Security Model

How Cloud Changes the Security Deployment

Model to Focus on APIs

IaaS Cloud Security Model

IPS

WAF

IPS

SAN

Apps must be re-tooled to

work with 3

rd

Party

Provider APIs

Web

Ent Apps

Data

Store

Enterprise

(16)

16

Cloud API Essentials

General programming interface

accessible over HTTP

Implementation

(REST, SOAP, JSON)

not important – it’s how to scale,

secure, manage, audit

Keep security & management

close to API but abstracted to

achieve scale

New I/O to interact with: smart

phones, apps, browsers,

middleware, legacy

Encapsulate functions & shield

from back end complexity

(17)

Enterprise vs Social APIs

• Enterprise class security, policy lifecycle management • Re-useable by large # of developers

• Discovery, key & service management • Mediation-protocol & token translation

• Scale high performance across global data centers.

• Basic security typically REST • Speed to implement is priority

• Monetization & scaling not a priority • Publishing focused

Today’s API Management Must Bridge Both Concerns

(18)

18 Test Pre-Production Production Retire Design Focus on Service Lifecycle Management to Share in One Domain

Focus on Policy Lifecycle Management for API to Share Across Many Clouds

Service

Policy

sfIdentity Is Glue to Establish Cloud Trust

From SOA Service Governance to API Management

API Service Tracking

• Versioning, usage, metering, performance

• Promote APIs- dev, test, prod • Storage, meta data, discovery

• Approval, rollback, upgrade, source control

• Endpoint update

API Consumption Policies

• Tracks how accessed, changed, tracked, translation

• Based on identity

• Transaction context & partner capabilities

• SLA or subscription agreements

Cloud API Governance manages terms for 3

rd

party consumption

Business Service Repository

(19)

Manual API Mgt Driving Cost Increases

2000 2010 2020 C os ts Exploding Costs Cloud Provider APIs Immature = Frequent Changes # of APIs Support Multi-Channel Traffic Versioning V.1 V.2 Dynamically Changing Providers Avg 10 Today

Must have an API monetization strategy to offset costs

Must have a way to “Auto” Manage APIs for scale

(20)

20

APIs are Strategic Control Points for Cloud

API Broker API Broker

Core Apps

• CRM

• Workflow

• Doc Mgt

• IAM

• ERP/Mainframe

Apps

• SaaS CRM

• Partner B2B

• Social Mashups

API Management Control

• Performance Management

• Integration & Service Lifecycle Management

• Enforce Access & ID Token Translation

• Threat Protection - DoS, Content Threats

• Visibility, Auditing, Usage

(21)

21

Software

as a Service

(SaaS)

Operating SystemHardware

Application

Platform

as a Service

(PaaS)

Infrastructure

as a Service

(IaaS)

Cloud Provider

Enterprise

Total Control Middleware Hardware Operating System Application Middleware Hypervisor Operating System Application Middleware Identity AuthN, SSO, Metering Total Control API Control: Data, Threat Protection, Mediation to on-prem SOA Hardware e.g., .Net Admin Control

Total API Control

Total Control

Throttle Requests Admin Control

Lower down the stack the provider stops,

the more security the enterprise is responsible for implementing

What can an Enterprise Control Across Cloud Models

with an API?

Software Available Today can Enable IT

or Cloud Providers to be a CSB

(22)

22

Cloud Provider

Rise of Cloud Service Broker - Widely Recognized

as Key Capability For Cloud

Cloud Service Management

NIST -USG Cloud Computing Reference Architecture

Cloud Auditor Cloud Consumer Provisioning/ Configuration Portability/ Interoperability Security Audit Privacy Impact Audit Performance Audit Business Support Secu ri ty Pri v acy Cloud Broker Service Intermediation Service Aggregation Service Arbitrage Physical Resource Layer

Hardware Facility

Resource Abstraction and Control Layer Service Layer

IaaS SaaS PaaS

“By 2015, at least 20% of all cloud

services will be intermediated via CSBs”

(23)

CSB

On Prem CSB

3

rd

party Intermediary

• Identity as a Service

• Security as a Service

• Trust as a Service

• Value added processing

• Packaged API Level Policies

• Security, Governance, Integration

• Solves Complexity, Overhead

Capabilities Available Today Using Gateway Cloud

Service Broker Appliance Software

(24)

24

New Primary Usage Models for CSBs

& API Control

Enterprise Enterprise G ate w ay G ate w ay G ate w ay G ate w ay E n te rp ris e M idd lew a re

Enterprise Edge Security

B2B & mobile to partners

Enterprise (Partner) Enterprise (Partner) Customer or Developers

Cloud Provider API Security

AuthN, mediation, & QOS packaged services

Hybrid Cloud-Data & Control Gateway

Security to platform provider – e.g. storage Security for VM spin up – EC2

Hybrid Cloud-Hosted Edge Security

– Secure enterprise services on cloud Provider

Provider

(25)

25

IT Tips to Move to API Centric World

Time Targeted Runtime Governance Service Proxy Ungoverned Retrofit Apps Adoption phases

• Retrofit Apps to Leverage API Broker Model as they are moved to cloud

(26)

26 Time 10/17/2011 26 10/17/2011 26 Targeted Runtime Governance SaaS Gateway

IT Tips to Move to API Centric World

Adoption

phases

Retrofit Apps

• Target SaaS. Widespread Adoption Will Drive Immediate ROI

• Broker IDs for Delegated API Level Auth

(27)

10/13/2011 27 10/13/2011 27 10/13/2011 27 10/13/2011 27

Policy Driven SOA Targeted Runtime

Governance

Hybrid Mediation

IT Tips to Move to API Centric World

Time

SaaS Gateway

Adoption

phases

Retrofit Apps

• SOA is not Dead - Evolve Services & Governance from Siloed Internal Domains to Cloud

• Enable the Hybrid Cloud Model by deploying Gateway on Prem

(28)

28

Targeted Runtime Governance

Cloud Service Brokerages

IT Tips to Move to API Centric World

Hybrid Mediation Time SaaS Gateway Adoption phases Retrofit Apps

• Leverage Your On-prem Gateway to Interact with 3rdParty CSBs as they Emerge

(29)

29

McAfee Cloud Security Platform

2

9

Build the Identity Driven Cloud

• Across Cloud Traffic Channels

• Unify App APIs, Collaboration, and Policy

• With Intel & McAfee Modules

(30)

30

Service Gateway

• REST.,SOAP • XML, Non-XML • HTTP, FTP, TCP Protocol Agnostic • 2x hard appliances • Tie-in to chip roadmap • Efficient XML parsing at machine level Performance • Simple visual environment No Programming CODING • Routing • Transform • Validation • Service Call-outs • Firewall rules Flexible

• FIPS 140-2 Level 3 Crypto

• Common Criteria EAL4+

• DoD STIG Ready & PKI Certified

• HSM PKI key storage

• Cavium crypto acceleration

• Form factors: software, virtual, and tamper

(31)

Your Path to Monetizing APIs and Apps in the Cloud

API

• API Throttling , metering , rate limits

• Data encryption, tokenization, translation • PCI compliant APIs

• Id token translation and authN

• Policy lifecycle governance & enforcement • Alerts

API Management

API Management Value

• Chargeback on usage or throughput • SLA wait time violations by partner • Correlate to web purchases, traffic,

dev registrations

• Restrict search API queries

• Geo restriction & visibility- by partner

Governance Value

• Track most active services • Enforce SLAs for middleware • Partner reports-usage, problems

(32)

32 •McAfee ePO

• Integrate API monitoring to central console

McAfee Web Gateway

• Leverages anti virus and web filtering

McAfee Data Loss Prevention

• Provides data leak protection for APIs

McAfee Global Threat Intelligence

• Provides URL and connection reputation

Complete API Security & Visibility - Tied to McAfee

(33)

More Info www.mcafee.com/cloudsecurity

Free Gartner Report on

Cloud Service Brokerage

5 Core API

Use Cases Video

Cloud API

Resource Page

References

Download now ( PDF - 33 Page - 3.74 MB )

Related documents

M I N U T E S LEGISLATIVE MEETING DECEMBER 16, 2020

A roll call vote was taken with the following tabulation: Commissioner DeHart – aye, Commissioner Paul – aye, Commissioner Davies – aye, Vice President Truntz – aye, President

The relation of structural integrity and task-related functional connectivity in the aging brain

We hypothesized that, in contrast to young adults, (i) older adults would show stronger FC to the frontal regions under low load, as ageing has been associated with

Hippocampal network abnormalities explain amnesia after VGKCC-Ab related autoimmune limbic encephalitis

(1) no thalamic or neocortical abnormality was observed in the acute clinical MRI; (2) volume reduction in the thalamus was strongly correlated with that in the hippocampus, and

"Reaching, Reclaiming, and Retraining for Kingdom Reigning"

James Saunders December 03 Doris Greene December 19.. Akin Sholaja December 03 Veotis Johnson

THIS IS PERSONAL. SUSTAINABILITY REPORT 2015/16 Delivering our strategy towards Net Positive

Real strides have been made on product innovation with 28% of sales from products that help create a sustainable home, 96% of timber products now responsibly sourced and

Epidemic model with isolation in multilayer networks

Hence we focus our study in an epidemic model in a two-layer network, and we use an isolation parameter w to measure the effect of quarantining infected individuals from both layers

Msds Natrium Boraks

Potential Acute Health Effects: Slightly hazardous in  Slightly hazardous in case of skin contact (irritant), of eye contact (irritant), of ingestion, of case of skin

Radio Galaxy Physics at Low Frequencies: Lobes, Jets and Environments

Observations of inverse-Compton emission from components of radio-loud AGN in principle allow us to determine the magnetic field strength in those components — the energy loss rate