Platform for Secure Digital Business
Transcript of Platform for Secure Digital Business
Platform for Secure Digital Business
Sachin Agarwal
70% of US population owns Smartphones
50 billion connected devices by 2020
Digital is disrupting the physical world with new business models
Why Digital?
Customers are becoming increasingly wired – new touch points
Digital is driving innovative new business models
Integrated digital eco-systems offer valuable insights
Every Business is a Digital Business
John Deere turns farm data and telemetry into a digital plan to optimize operations and increase yields/profits.
Get Visibility into Spend
Manage expenses anytime, anywhere
It’s all about automation
Key Aspects of Digital Enterprise Strategy
• Create Digital eco-systems with APIs
• Integrate data and applications to create a digital value chain
• Analyze interactions to extract meaningful insights
• Secure your digital interactions
The SOA Software Digital Business Platform
API MANAGEMENT
APIs Extend your Digital Ecosystems
Leverage Developers & Partners Ecosystems
Tap into an extended eco-system of developers with APIs
Capture new Opportunities with APIs
Drive Innovation
Increase Reach
Support New Devices
Discover New Business Models
Increase Partner Network
APIs Foster Internal Innovation and Efficiency
• Securely publish, share and use common services• Improve discoverability of internal services• Create internal communities to foster innovation
APIs: The Path to Digital Transformation
SOA Software API Management Platform
• Community Manager
• API Gateway
• Lifecycle Manager for APIs
CLOUD INTEGRATION
The New Enterprise is Fragmented
Cloud Platforms SaaS Applications
Mobile & IoT Apps
Data Services
Packaged Apps
Custom Apps
SaaS has leapt ahead
72%
*Source: North Bridge Venture Capital
2014
13%2011
Traditional Integration Approaches
ESB are too heavy weight, long integration cycles
Most Cloud Integration solutions still rely on ESB architecture
Proprietary connectors don’t scale for
IFTTT is innovative, but not for Enterprise
What Connected Enterprises Need?
• Integrate with growing number of Apps
• Configure, no-code
• Multi-channel focus
• Ubiquitous access (API)
• Multi-point
• Configurable Orchestration & Transformation
• Have Business, not your ESB drive your strategy
Integration Redefined
ESB
Public APIs B2B APIs Internal APIs
Cloud Integration Gateway
Cloud Integration Gateway
Gateway Architecture API based Open connectors Flexible Deployment Declarative Policies Multi-point Integration Orchestrate and Transform Publish as APIs No IDEs or Eclipse plug-ins Data and Policy Governance
#NoESB
SECURITY
A mobile app accessing your data has been compromised!
How do you securely share APIs with an open developer community? Can you selectively revoke access for compromised Apps?
DIGITAL ENTERPRISE: Securely share data
Make adoption easy
Make it SECURE
Securing the New Enterprise
Digital is disrupting how and where information is accessed
• Mobile and Social Apps don’t’ understand PKI, WS-Security, etc.
• Focus on human readability, developer adoption
Realizing End-to-End Security
Managing the User Experience
Securing the App - PII, PHI
Enabling Easy Developer Access
Securing the Channel
Securing the Backend
Understanding the Security Landscape
• Protocol specific threats• Key Management• OAuth• Monitoring• Licensing• Security Token Mediation
API Specific Security
Single Sign On MDM
ATP, Firewall, VPN etc.
API Security
1 Authentication & Authorization
2 App Key Validation/Licensing
3 Message Security
4 Threat Protection
5 Content Filtering
6 Rate Limiting
Developers
SOA Software API Gateway
Gateway
Security
Authentication
Protection
IAM Integration
Encryption
Mediation
Quality of
Service
Paging/Caching
Orchestration
Scripting
Out-of-the-box Security Policies
OpenID Provider/Relying Party
OAuth 1.0a & 2.0 (all grant-types)
Developer/Partner Key Auth & Az
CORS Management
HTTP Basic-Auth
Mutual SSL based Authentication
SAML 1.1 & 2.0 (STS included)
WS-Trust 1.2 & 1.3
WS-Security Transport Binding
WS-Security Username Token
WS-Security Message
Encryption/Signature
Integration with AD, SiteMinder, OAM,
RSA,
Cookie-based Authentication
Denial of Service attack Prevention
SQL Injection Prevention
Virus Scanning
XML Schema Validation
Malicious Pattern Detection
SLA/Throttling by a Developer/Partner
Certificate (PKI) Management (CA
Included)
ANALYTICS
Analytics
Which Application, Channels or APIs are driving the most business?
Analytics
Ensure 99.99% uptime
Proactive Operations
Identify bottleneck
Prevent security breaches
Analytics for your Enterprise
Business Analytics
• Track product, customer and monetization trends
• Identify new opportunities.
Operational Analytics
• Ensure operation excellence of your infrastructure
• Analyze errors and response codes
API Analytics
• Identity top APIs by usage, monetization, app type etc.
• Analyze API Licensing, monetization and fine-tune developer onboarding
Flexible Analytics Platform
Intercept & Collect
Store in Big Data Store
Process & Map
Reduce
Enrich & Customize
Analyze & Visualize
Analytics Manager
API Gateway
Community Manager
Analytics Manager
Data SetDimensionsMetricsAggregation Rules
EnrichmentMap ReduceExternal PluginsR
Import
Capture
Export
VisualizationCustomizeExport as Widgets
Custom Plug-ins
Business Analytics
API Analytics
Operational Analytics
Analytics Framework
Policy based data collection
Out of the box reports and dashboards
Configure (no-code) to create custom visualizations
Embed charts in dash board
Import data from any external source
Export easily into any other analytics infrastructure
The SOA Software Digital Business Platform
Leader in Gartner MQ and Forrester Wave
The Gartner document is available upon request.*Gartner, Inc., Magic Quadrant for Application Services Governance by Paolo Malinverno, Daryl C. Plummer, Gordon Van Huizen, August 8 th 2013.
Gartner Application Services Governance MQ 2013
Forrester Wave: API Management, Q3 2014
The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
Marquee Customers
PRODUCT OVERVIEW
APIs: The Path to Digital Transformation
Accelerate Digital Channels
• Delight customers with an engaging experience on any channel or device, at any moment
– Mobile-enable your enterprise, externalize your products and services as APIs, and stay ahead of consumer trends.
– Accelerate time to market and reduce TCO by leveraging existing applications
Capabilities• Orchestration• Mediation• Scripting• Caching/Paging• Security
Drive Partner Adoption
• Engage business partners and get developers up and running quickly
– Launch a secure online portal to quickly onboard business partners and establish interactive online social channels with them.
– Drive partner adoption with updated documentation and developer community. Connect with developers, inspire them, and drive your API usage.
Capabilities• Portal• Social• Documentation• Groups• Search
Monetize Digital Assets
• Package, market and license your assets to maximize revenue
– Transform any application, service or asset into elegant and simple APIs.
– Productize you data, create customized packages and tailored plans, and license them accordingly.
Capabilities
• Licensing• Rate Limiting• Provisioning• Documentation
Analyze your Business
• Get instant insights into your business and optimize the delivery and value of APIs
– Maximize your revenue by gaining complete visibility into how your partners and customers leverage your data.
– Monitor activity for a specific partner, app or developer and evaluate their impact on your business.
Capabilities
• Business Analytics
• Operational Insights
• App and Developer Metrics
An Unified API & SOA Platform
Transform & Secure
Publish
Monetize
Dev. Adoptio
nAPI
SOAP to RESTMobile- Optimization
OAuthMediation
Analytics API Documentation
Applications and
ServicesApps
API Producers
API Consumers
API Platform CapabilitiesPlatform
Licensing
Quota Mgmt.
Partner Mgmt.
PCI Compliance
Provisioning
Policy Mgmt.
Monitoring
OAuth
Federation
Analytics
Lifecycle
API/Services
Application
User
Compliance
Integrations
Gateway
Security
Authentication
Protection
IAM Integration
Encryption
Mediation
Quality of
Service
Paging/Caching
Orchestration
Scripting
API Portal
Search
Documentation
Groups
Social
The Unified SOA & API PlatformAnalytics
Developer
Engagement
Gateway Services
Service Integration
Lifecycle Management
Flexible Deployment Model
API Resources and API University
• Resource Center– http://resource.soa.com/
• Follow us on:
www.facebook.com/soasoftware
www.linkedin.com/company/soasoftware
@soasoftwareinc