Keynote: Making Security a Competitive Advantage
1 like524 views
The document outlines the importance of making security a competitive advantage within the application economy, emphasizing the need for new security strategies due to the increase in application defects and risks associated with shadow IT. It details CA Technologies' security strategy, which includes a focus on continuous delivery, identity management, and frictionless user experiences. Additionally, it highlights the integration of security into development processes to empower developers and improve the overall software security posture.
Keynote: Making Security a Competitive Advantage
- 1. Make Security a Competitive Advantage Mordecai (Mo) Rosen SECURITY SECURITY General Manager, Security CA Technologies General Manager CA Veracode Sam King
- 2. 2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Eliminate Barriers Between Ideas and Outcomes CREATE AN AGILE BUSINESS BUILD BETTER APPS FASTER MAKE SECURITY A COMPETITIVE ADVANTAGE MAXIMIZE APPLICATION PERFORMANCE
- 3. 3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS HOME AUTOMATION PHYSICAL SECURITY EHEALTH DEVICES WEARABLES SMART METERS SHIPPING LOGISTICS PROPERTY MANAGEMENT ECOLOGY FACTORY AUTOMATION SMART PHONES TABLETS CAMERAS PHONES TELEVISIONS AUTOMOBILES THERMOSTATS WWW CHAT & IM API SERVICES CLOUD SERVICES First a Brief History of THE EXPANDING DIGITAL EXPERIENCE
- 4. 4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS THE DIGITAL EXPERIENCE Is Between Users and Applications HOME AUTOMATION PHYSICAL SECURITY EHEALTH DEVICES WEARABLES SMART METERS SHIPPING LOGISTICS PROPERTY MANAGEMENT ECOLOGY FACTORY AUTOMATION SMART PHONES TABLETS CAMERAS PHONES TELEVISIONS AUTOMOBILES THERMOSTATS WWW CHAT & IM API SERVICES CLOUD SERVICES
- 5. 5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS MAKES EVERY COMPANY A SOFTWARE COMPANY APPLICATION EXPLOSION CONSUMERIZED IT CONNECTED ENTERPRISES DIGITAL MARKETPLACES DIGITAL WORKPLACES CONNECTED IOT The Application Economy
- 6. 6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Application Economy REQUIRES NEW THINKING ON SECURITY FIREWALL IDS/IPS WEB PROXY ANTI-VIRUS ANTI-MALWARE 100% INEFFECTIVE USERS & APPS UNDER ATTACK SHADOW IT 30% Of all attacks will be in shadow IT resources APP DEFECTS 90% Of breaches caused by application defects 3RD PARTY RISK 70% Of attacks targeted a secondary source IDENTITY FRAUD 80% Of breaches used lost stolen & weak credentials CREDIT FRAUD 42% Of all data stolen is credit card data FireEye Study of 6 Months of Penetration Testing
- 7. 7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS A QUESTION OF TRUST USERS INTERACTIONS APPLICATIONS Security Becomes
- 8. 8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Security Strategy To SECURING THE APPLICATION ECONOMY TRUSTED USERS & APPLICATIONS PREVENTATIVE DETECTION & RESPONSIVE INSIGHT ANALYTICS & INTELLIGENCE FRICTIONLESS SECURITY & EXPERIENCE CORE PRINCIPLES
- 9. 9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS IDENTITY & ACCESS APPLICATION SECURITY API SECRUITY PAYMENT SECURITY PRODUCT PORTFOLIO CA Security Strategy To SECURING THE APPLICATION ECONOMY
- 10. 10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS LINES OF CODE SCANNED6 TRILLION 1400 CUSTOMERS 400K APPLICATION SECURITY ADVISORY HOURS 35.5M SECURITY FLAWS FIXED 4X GARTNER MQ LEADER 24 LANGUAGES 77 FRAMEWORKS APPLICATION SECURITY CA VERACODE
- 11. 11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Ensuring GREAT SOFTWARE IS SECURE SOFTWARE EMPOWER DEVELOPERS TO SECURE CODE INTEGRATED INTO CONTINUOUS DELIVERY EARLY DETECT TO REDUCE COST AUTOMATED TO REDUCE MTTR
- 12. 12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CODECOMMIT BUILD TEST RELEASE OPERATE SECURITY INTO CONTINUOUS DELIVERY TEST TEST DevSecOps SECURE SOFTWARE DEVELOPENT SECURITY ASSURANCE OPERATIONAL APPLICATION SECURITY Merging
- 13. 13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CODECOMMIT BUILD TEST RELEASE OPERATE SECURE SOFTWARE DEVELOPENT SECURITY ASSURANCE OPERATIONAL APPLICATION SECURITY DevSecOps TEST TEST CA Veracode Greenlight CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Runtime Protection CA Veracode Software Composition Analysis CA Veracode Integrations, APIs CA Veracode eLearning
- 14. 14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Securing Applications With NEXT GENERATION IDENTITY MANAGEMENT 80%of all data breaches exploit lost, stolen & weak credentials HYBRID CLOUD DEVELOPER APIs BEHAVIOR ANALYTICS
- 15. 15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS API ENABLED HIGH SCALE APPLIANCE HYBRID CLOUD SECURE CONTINUOUS DELIVERY PRIVILEGED GOVERNANCE Central Authentication Credential Vault Policy Enforcement Role - Based Access Federated Identity Session Recording CA Privileged Access Manager PROTECTING PRIVILEGED IDENTITY
- 16. 16 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS ENABLING APP TO APP TRUST User & App Authentication API Mobile Authentication API Secure Server Communications Context Based Risk Analysis CA Rapid App Security Risk Based Analytics
- 17. 17 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS RISK ANALYTICS WORKS EMPIRICALLY
- 18. 18 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Digital Payments Fraud Directory Identity Management Privileged Access Management Single Sign-‐on Identity Governance Risk Based Authentication Orchestrating Identity & Access Employees & Administrators Customers & Partners Internet of Things Developers Cloud Services On Premise Apps Mobile Web API CA Security & Identity Management Portfolio
- 19. 19 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CONTROLLING PRIVILEGED ACCESS IN A WORLD ON TIME
- 20. 20 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CONTROLLING PRIVILEGED ACCESS IN A WORLD ON TIME
- 21. 21 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CONTROLLING PRIVILEGED ACCESS IN A WORLD ON TIME
- 22. 22 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CONTROLLING PRIVILEGED ACCESS IN A WORLD ON TIME
- 23. 23 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CONTROLLING PRIVILEGED ACCESS IN A WORLD ON TIME
- 24. 24 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS APPLICATION SECURITY TESTING FRICTIONLESS
- 25. 25 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS APPLICATION SECURITY TESTING FRICTIONLESS
- 26. 26 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS APPLICATION SECURITY TESTING FRICTIONLESS
- 27. 27 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS ARTHUR WONG Interview With SVP & GM DXC Security
- 28. 28 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS ARTHUR WONG Interview With SVP & GM DXC Security
- 29. 29 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS ARTHUR WONG Interview With SVP & GM DXC Security
- 30. 30 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS ARTHUR WONG Interview With SVP & GM DXC Security
- 31. 31 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS BREAKING BARRIERS AWARD Mo Ahddoud First UK critical infrastructure company running 100% in the cloud Todd Oxford Enabled disaster recovery access to comply with FEMA first & second line response regulations Mark Merkow Integrating app security testing into SDLC for 500+ developer organization
- 32. 32 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS BREAKING BARRIERS AWARD Mo Ahddoud First UK critical infrastructure company running 100% in the cloud Todd Oxford Enabled disaster recovery access to comply with FEMA first & second line response regulations Mark Merkow Integrating app security testing into SDLC for 500+ developer organization
- 33. 33 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS BREAKING BARRIERS AWARD Mo Ahddoud First UK critical infrastructure company running 100% in the cloud Todd Oxford Enabled disaster recovery access to comply with FEMA first & second line response regulations Mark Merkow Integrating app security testing into SDLC for 500+ developer organization
- 34. 34 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS BREAKING BARRIERS AWARD Mo Ahddoud First UK critical infrastructure company running 100% in the cloud Todd Oxford Enabled disaster recovery access to comply with FEMA first & second line response regulations Mark Merkow Integrating app security testing into SDLC for 500+ developer organization
- 35. 35 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA World ’17 See the latest innovation in the demo area Immerse in all of the customer case studies on stage Meet with our product teams at the executive center
- 36. 36 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Thank you. Stay connected at communities.ca.com & community.veracode.com
- 37. 37 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security and DevSecOps For more information on Security, please visit: http://cainc.to/CAW17-Security For more information on DevSecOps, please visit: http://cainc.to/CAW17-DevSecOps For more information on Veracode, please visit: http://community.veracode.com