api security with ca layer 7 and ca siteminder

8/10/2019 API Security With CA Layer 7 and CA SiteMinder

1/24

1

David S. Linthicum

SaaS Versus On-PremiseDeployment Reality


2/24

2

Some of the issues that need analysis when making a cloud/no-

cloud decision include analysis of the costs, understanding theuse cases, looking at security and governance, and the value of

time-to-market and agility. The idea is to weigh the positives

and the negatives, understand the core metrics, and then make

a decision based upon the best available information.

Well explore how to understand the deployment realities when

considering an on-premises versus SaaS solution. Well

suggest a decision model and step-by-step process to define

the core metrics for the decision, and provide some helpful

experiences from the trenches from those who have made

these critical calls in the last several years.

Abstract


3/24

3

Step 1: Comparing Costs

Step 2: Understanding Use Cases

Step 3: Considering Security

Step 4: Considering Time-to-Market and Agility

Step 5: Pulling the Trigger

Step 6: Considering Operations

Agenda


4/24

4

Not an Easy Decision


5/24

5

Step 1: Comparing Costs


6/24

6

Many Moving Parts

Source: TechNet


7/24

7

Organizations that have pre-invested in a large amount of

hardware and software, without any way to recover thatcapital.

Organizations under regulations that require that information

reside on private and tightly controlled hardware and

software.

Organizations where the cost of SaaS services for

comparable on-premise systems are exorbitant.

Organizations that do not have a culture that will readily

accept the use of software systems not owned and controlledby the company.

Cost Advantages of On-Premise


8/24

8

The ability to operate at

a lower cost ofproduction.

The ability to reduce

risk.

The ability to shift

around technology

changes.

Time-to-market. Business agility.

Cost Advantages of SaaS


9/24

9

Example: Cumulative Total Cost Comparison for SaaS and On-Premise Mid-market with 100 Users

Source: The TCO Advantages of SaaS-Based Budgeting, Forecasting & Reporting,

Hurwitz & Associates, 2010, Aggarwall and McCabe.


10/24

10

Step 2: Understanding Use Cases


11/24

11

Uti l i ty services are services that perform specific

tasks related to the management of computer

functions, resources, or files, memory

management, virus protection, file compression,etc., and these utility software services can be

delivered using a SaaS model.

Management s ervices are SaaS services that

focus on managing software systems, either

those that exist on public or private clouds, or

traditional systems that exist on-premise.

Middleware services are software services thatare built specifically to facilitate communications

with one or more on-premise or cloud-based

systems or data stores.

Business serv ices are true applications that are

delivered as a service. This is what most people

think of when they consider SaaS-based

providers.

Securi ty services are services such as

encryption and identity management that allow

you to manage access to the SaaS-based

system.

SaaS Use Cases


12/24

12

Step 3: Considering Security


13/24

13

Understanding the Basics


14/24

14

Understanding your security

requirements for a specificsystem and/or data store.

Understanding that

controlled access is much

more important than thelocation of the data.

Vulnerability testing is an

absolute necessity.

The Process


15/24

15

According to Alert Logic's Fall 2012 State of Cloud Security Report:

Variations in threat activity are not as important as where the

infrastructure is located.

Anything that can be possibly accessed from outside -- whether

enterprise or cloud -- has equal chances of being attacked, because

attacks are opportunistic in nature.

Control does not Mean Security


16/24

16

Step 4: Considering Time-to-Market and Agility


17/24

17

The Value of Agility


18/24

18

The Value of Time-To-Market


19/24

19

Step 5: Pulling the Trigger


20/24

20

Understand your business case.

Understand your requirements.

Understand your user.

Understand the technology. Understand the migration

strategy.

Understand the risks.

Understand what successmeans.

Its all about the execution


21/24

21

Path to the clouds

Path to clouds: startwith the requirements

Understand:

Mission drivers Information under

management

Existing services under

management Core business

processes


22/24

22

Step 6: Considering Operations


23/24

23

Cloud Operations? Its Not What You Think

Source: Rackspace


24/24

24

api security with ca layer 7 and ca siteminder

Documents