CA World 2017: Session Recommendations Part 2

A CA Technologies | Veracode report may contain dozens of distinct flaw types, which can feel daunting and even dishearten developers. Is remediation really as hard as it seems? In this presentation, application security consultant Matt Runkle demonstrates a clear approach to learning AppSec that cuts through the fog and emphasizes pattern recognition over rote memorization. By the end of this presentation, you will understand common security flaws and gain insight to make future fixes easier. This talk is appropriate for all skill levels.

Learn how to build mobile applications with embedded security in hours with the use of CA Rapid App Security. Add frictionless access to your mobile applications and combine it with contextual authentication to provide higher security and improved user experience. Learn how to make it easier for your developers and more secure for your customers to do business with your organization through your mobile apps. You can provide the right level of security based on the risk associated with the transaction being performed. Advanced security capabilities include mobile single sign-on, touch ID, device certificates, contextual risk-based analysis, one-time password (OTP), social login, proximity login, integration with CA Single Sign-On for omni-channel support and more. Take advantage of an API-based framework to unlock efficiencies within your organization.

This session highlights CA Jarvis’ deep learning and big data analytical power, as the brain of Leo Robot. Learn how the advanced analytics capabilities of CA Jarvis can provide robots with the intelligence to solve complex business problems, and the ability to keep evolving to adjust to different working scenarios. Get insights on how CA Jarvis enables the next generation of real-time business solutions.

The first step in any data-centric security strategy is identifying where your sensitive data resides. After all, you can’t protect your data if you don’t know where it is. This session will explore how you can find sensitive and regulated mainframe data that may be lost, hidden or abandoned as well as automatically classify discovered data based on sensitivity level for compliance with the industry-first innovation of CA Data Content Discovery for z/OS. Topics will include defining scan criteria to simplify the identification of sensitive data, best practices for creating classifiers and insights to enhance data privacy and simplify regulatory compliance.

Using microservices has become a popular way to develop distributed software systems. Unfortunately, security is often an afterthought, including access controls for Web APIs. A number of security mechanisms—some borrowed from previous software architectures and some new—have been tried in order to address different pieces of the access control puzzle. This has resulted in a disjointed assortment of approaches. In this session, Rob Wilson will review the pros and cons of current approaches and discuss a proposed unified, multi-platform approach to API access control in a microservice architecture.

Learn about the latest features of CA Mobile API Gateway and the mobile SDK and how they can help increase the security of your mobile solution. We’ll dive deep into the core of the SDK and help you understand all the security mechanisms and standards it brings out of box to ensure your solution is protected.

This session will cover how to deliver a private cloud or on-premises version of CA API Developer Portal, and how to provide migration guidance for CA API Developer Portal 2.x or 3.x “Classic” customers.

CA API Developer Portal covers most API publisher use cases, with the publisher “telling” the developer what APIs they have access to via the account plan. This model works well when it comes to managing a set of external partners, but does not lend itself well to the most prevalent use case for portals today: empowering internal development teams. This capability is designed to provide app developers with a new way of finding learning about, requesting access to and consuming the internal or external APIs they require.

Cyber Threats continue to evolve year after year and the hackers are getting sophisticated. Most of the breaches that occurred over the past few years involve compromised usernames and passwords. Therefore, it is important to use risk based authentication to analyze the user behavior and present stronger authentication as per transactional risk. We present a case study on how a government entity used risk based authentication as an enterprise solution to protect confidential information of citizens.

Businesses want smaller and faster deployments that use modern automated processes, but also want to satisfy their complex business cases with the things they deploy. CA Microgateway provides the ability to extend base functionality to build complicated workflows quickly and seamlessly, as well as incorporate those workflows into existing automated processes. In this session, we will demonstrate how easy it is to extend the functionality of the gateway and automatically incorporate it into your environment.

Microservices architecture, widely adopted in the cloud space, has also gained popularity in enterprise IT to empower innovation and scalability. Unlike typical cloud vendors, enterprise IT faces a different set of challenges to microservices adoption, such as application security, organization and infrastructure. CA Microgateway is a new breed of API gateway that enables team autonomy for enterprise developers and provides end-to-end security solutions that are easy to integrate with modern microservices and DevOps infrastructure. In this session, you will learn about building a secure service mesh with optimized APIs using CA Microgateway, including demos of existing and future CA Microgateway capabilities.

A little over three years ago, the EU Parliament approved the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. Any company that maintains personal information for EU citizens is subject to this regulation, regardless of location. Testing teams who use production data for quality assurance should pay close attention to this upcoming deadline. This session will provide a brief overview of GDPR, its implications when using personal data during testing and how your company can implement solutions to avoid getting fined for noncompliance. It will also provide you with a list of numerous resources to help you get started on the path to GDPR compliance. Get your questions answered and learn more about how this legislation can impact your business.

Learn how IT as a service (ITaaS) on the IBM Services Platform with Watson™ applies cognitive capabilities across your IT infrastructure, enabling your IT processes to run by themselves while you and your teams can focus on innovation—all powered by the insights of augmented intelligence. Agility is critical to success. Today’s complex IT environments demand that businesses embrace a new, services-focused mindset. Your infrastructure runs itself and continues to learn. Your IT is optimized. Your innovation is unleashed. Learn how ITaaS on the IBM Services Platform with Watson—both a business and technology solution—is an entirely new way to do business.

Blockchain is a disruptive technology that will dramatically change the way enterprises interact with their ecosystem. Blockchain provides a system of trust that will revolutionize how assets are managed, operated and transferred, as well has how business policies will be applied to these interactions as enterprises look to innovate and differentiate themselves. The intent of this talk is to discuss the learnings from first Blockchain projects, how clients are using the technology, how consortiums are being formed, as well as how the technology works. This talk will focus on Hyperledger and its uses in forming business networks.

The Yipee.io team will be hosting a game of Jeopardy on Docker and microservices. Everyone is encouraged to participate. Categories include: Fictional Capabilities; Future Capabilities; Flawed Capabilities; Advanced Patterns; Saving Money, Time or Resources; and Orchestration Tools. Come test your knowledge and understanding or watch and learn as others test theirs. Winners earn prizes and everyone will walk away knowing more about Docker and microservices.

The most successful cities of the future will be smart—leveraging sensors, connected devices and the Internet of Things (IoT) to drastically streamline asset management, reduce costs and improve the quality of life for citizens. In this exclusive panel, CA is proud to host leading smart city thinkers and practitioners from across the globe in a lively discussion about their digital transformation and how they are using devices, digital services and APIs to reimagine their cities.

In this session, we will cover multiple topics surrounding the architecture of a PCI zone in a cloud environment needed by a global debt purchasing company to meet federal and state regulations. Specifically, we will examine the use of CA API Gateway as a tokenization server/secure token vault as well as CA API Gateway as an enterprise payment gateway and API security gateway in both a trusted and untrusted zone.

Neovera will do a technical deep dive on how it is leveraging CA security solutions—CA Identity Service and CA Privileged Access Manager—to provide a unique set of services through Neovera’s Secure Cloud Connect (SCC) to connect and protect an enterprise’s information from the enterprise to the cloud and back, regardless of private, hybrid and public cloud providers used. The session will also cover Neovera’s Secure Visibility SaaS offering that provides organizations’ executives with the current security posture of their business applications and IT services so intelligent business decisions and priorities can be set by management based on dynamic, near-real-time information.

Using containers to accelerate application development, but have security concerns? Want to improve reuse ability and decrease your risks at the same time? Looking to improve production application security? In this session we’ll explore containers and their security concerns for both public and private registries. We’ll discuss DevSecOps, examine the different vulnerability techniques, where they fit into the development lifecycle and how binary scanning for containers can improve your security profile, allow you to shift from reactive to proactive detection and help increase your confidence level in production.

The recent WannaCry and Petya ransomware attacks culminated in hundreds of hospitals, retail outlets and critical infrastructure being breached. They impacted commerce as well as patient care and innovation. On the surface, the attackers were looking to make a quick buck—asking for money in exchange for encryption keys and data. However, the fact that they did not collect contact information, or even provide encryption keys, suggests that money was not the primary objective. These attacks are a harbinger of what is possible and what we should expect. WannaCry and Petya foreshadow larger and more destructive attacks on our digital infrastructure, and on some of our most important institutions and capabilities. What we learned with Petya is that it wasn’t really ransomware at all—it was a destructive attack aimed at a sovereign nation, disguised as ransomware. Petya, and the use of digital means to attempt to influence our democratic processes, show that the contest of nations has already moved into the digital space and will be fought largely through software. Our adversaries are practicing these new techniques and getting better every day. The ability to create software that can resist these forms of attack and exploit will be crucial to our ability to protect not just applications but the social and political processes that depend on that software.