SlideShare uma empresa Scribd logo

Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager

CA Technologies
CA Technologies

Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager For more information on DevSecOps, please visit: http://ow.ly/u2pN50g63tN

Tecnologia
1 de 43
Baixar para ler offline
Securing Your Enterprise Continuous Delivery Pipelines With CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager (CA PAM) Scott Willson DST45T DEVSECOPS Product Marketing Director – CA Automic Release Automation CA Technologies
2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of This Presentation
3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Abstract In this session, we will discuss why it's important to incorporate security into the software delivery pipeline. Lots of organizations are focused on continuous delivery and security, but most have not formulated an official strategy for combining the two; in short, they are complementary and need to be woven together broadly and deeply within a deployment pipeline. Included in the session will be recommendations, best practices, industry trends and practical tips for "baking" security within and across an automated release process. Scott Wilson CA Technologies Director, CA Application Release Automation
4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Agenda DEFINITION OF TERMS WHY CA AUTOMIC RELEASE AUTOMATION COMBINING CA AUTOMIC RELEASE AUTOMATION WITH CA DEVSECOPS SOLUTIONS CONTINUOUS DELIVERY CHALLENGES CA DEVSECOPS SOLUTIONS CA PRIVILEGED ACCESS MANAGER (CA PAM) 1 2 3 4 5 6
5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Definition of Terms
6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevOps Is a… Gartner – 2014 Cool Vendors in DevOps DevOps is a philosophy (not a market). There are no rules, no manuals, only guidelines.
7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps… Key Security Statistic Application-layer attacks were the leading cause of data breaches in 2016. -Verizon Data Breach Investigations Report
8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps… Key Thought About DevOps Without security, DevOps merely introduces vulnerabilities into software faster.
9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Application Release Automation Tools …  Combine: – Automation – Modeling (App/Env) – Release Coordination  Move: – Artifacts – Applications – Configurations – Data
10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS ARA Critical for DevOps & Continuous Delivery Gartner – 2017 Application Release Automation MQ [ARA] tools are a key part of enabling the DevOps goal of achieving continuous delivery with large numbers of rapid, small releases.
11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Up to 50% of Enterprises Will Have an ARA Tool Gartner – 2017 Application Release Automation MQ By 2020, 50% of global enterprises will have implemented at least one application release automation solution, up from less than 15% today.
12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS High Confidence = Release Promotion Continuous Delivery Humble, J., & Farley, D. (2011). Ch. 1. In Continuous Delivery (p. 4). 1 2 3 4 Every Change to App’s Code, Config, Env, or Data Creates New Pipeline Build Binaries & Installers Test Binaries + Config + Env + Data to Confirm Ability to Release
13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Goal of Continuous Delivery Humble, J., & Farley, D. (2011). Ch. 1. In Continuous Delivery (p. 4). Collaboration + Accountability: Makes build, deploy, & test visible Improved Feedback: Problems are found/addressed as early as possible Automation: Enables deployment & release of any version to any environment
14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Use Same Automation Mechanics for Every Environment Continuous Delivery Automation Humble, J., & Farley, D. (2011). Ch. 5. In Continuous Delivery (p. 115). • DEV is Deployed to All the Time • QA - Less Often • PRE-PROD - Even Less Often • PROD - Less Frequently Still
15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Why CA Automic Release Automation
16 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Shift Left  Extensive REST API  ChatOps  Marketplace  Integrations  Action Packs – Not just plugins Analysts  Recognized as a leader – Gartner – Forester Most Scalable  500k to 1 clustered svr  IPv6  IoT to Mainframe  COTS + Core Backend  Automation platform CA Automic Release Automation The Most Advance Automation Platform in the Market
17 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Current Status DevOps is SiloedUnprecedented Pressure 94%of executives face increased pressure to release apps more quickly 2014 Vanson Bourne study commissioned by CA
18 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS However … Not Achieving Speed, Reliability & Compliance Tool Chain Sprawl
19 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS How CA Automic Release Automation Works
20 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Continuous Delivery Challenges
21 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Continuous Delivery Challenges Poor / zero visibility of deployments • Managers and business users (customers) lack tracking of status or completion times • End-to-end transparency required for compliance Limited documentation of releases processes Lack of scalability and control • Managing multiple simultaneous releases with intricate dependency No visibility or governance of privileges • Automation mechanics’ agents/bots • User access within pipelines not accounted for
22 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS PRODisparticularlyvulnerable Automation Mechanics Touch Everything zDocker zMS Azure zAWS zOracle zSales Force zService Now
23 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps Challenges Process augmentation • Significant changes requires in governance models, workflows, and processes. Technology sophistication • Must support multiple teams, numerous languages, repositories, and web of OSS libraries, • Manually or semi-automatically addressing vulnerabilities leads to gaps in coverage. Security Culture • Company culture doesn’t support embedded security processes. • Abandon the mind-set of check-box compliance.
24 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA DevSecOps Solutions
25 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Enabling Developers  3 Second Scan times (with Greenlight)  24 Languages Supported  77 Frameworks Supported  29 Integrations Company Growth  6 Trillion + lines of Code Scanned*  4X Leader in Gartner Magic Quadrant  1400+ Customers  30+ Patents Customer Outcomes  36.5M Flaws Fixed All Time  3,100 Consultation Calls  400,000 Program Management Hours Veracode Overview Note: * indicates year-to-date
26 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Veracode Approach Outcome-Oriented Approach – Focus on Fixing Defects, not Just Discovering Them Coverage of entire SLC Integrations and API’s – Enable seamless integration into software development processes including DevOps SaaS Platform – Shortens Time to Value, Reduce Customer Complexity
27 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Focus on Outcomes Accelerate Secure Software Development Reduce Risks of Data Breaches Compliant with Customer Needs & Regulators Lower Costs of Securing Software Assets
28 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps How do you make security a competitive advantage? Test at every step, eliminate constraints, join disparate tools and processes — and automate everything Continuous Testing Assess and improve application security from initial code through production Functional + Secure = Quality Code 32 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
29 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps: Uniting Development and Security
30 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security Throughout the SLC Code Commit Build Test Release Deploy Operate CA Veracode Greenlight CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Runtime Protection CA Veracode Software Composition Analysis CA Veracode Integrations, APIs CA Veracode eLearning Code RepositoriesIDEs GRCs SIEMs WAFs Security Assurance Operational SecurityDevelopment Integration Bug Tracking Build and Deploy Systems
31 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Privileged Access Manager (CA PAM)
32 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security Threat to Network and Data Unrestricted “root” or “Administrator” access No segregation of duties Use of shared accounts Poor log integrity and quality All-Powerful Access Lack of Accountability Risk
33 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Management and Governance Identity/Credential Management Identity/Credential Governance • Fine-grained access controls • Shared account password management • Threat analytics • Identity activity reporting Control what each agent/bot can do within pipeline steps • Provisioning to privileged accounts • Access requests • Workflow • Certification Ensure the least amount of privileged access for agents/bots
34 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Combining CA Automic Release & CA DevSecOps & CA PAM
35 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS A Practical Blueprint for Achieving Continuous Delivery STAGE 1 ▪ Automate your scripts and root out manual work ▪ Assessment of DevOps competency ▪ Deliver Continuous Delivery roadmap STAGE 2 ▪ Model environments, components and state flows ▪ Construct automated deployment pipelines ▪ Promote and rollback versioned components on demand STAGE 3 ▪ Provision full stacks ▪ Orchestrate entire lifecycle including securing deployment pipeline, CM, and other ITSM procedures ▪ Enable self services STAGE 4 ▪ Automated release management across the entire application portfolio
36 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Secure Automated DevOps / Continuous Delivery Tool Chain Reduce development overhead by 30% by automating environment provisioning and setup Centrally manage and govern the security of your deployment pipelines Securely and fully automate deployments into production Orchestrated releases and fully governed environments Automate change, approval and release management processes Automate agent/bot privileged access Zero downtime production deployments and updates CA recently released integration with CA PAM so that the CA Identity Suite provides full privileged access provisioning, access requests, tracking and approvals, as well as automated access certifications. So, you now can have a single mechanism for governing the access of all users, both regular and privileged. CA Identity Suite CA PAM
37 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS How could it be done today? Benefits • Reduced risk of improper privileged access • Single method of governing access for all users • Outstanding user experience for all roles • Increased efficiency through automation • Flexible approval workflow to meet local needs Capabilities • Automated provisioning and de-provisioning • Access request • Access certification Agents/Bots CA Identity Suite Request Access Provision Access Approval Certifications Manager CA PAM
38 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Automic Release Automation + CA DevSecOps Solutions + CA PAM Visibility of deployments enterprise-wide  Shared visibility across DevOps personnel  Transparency of automation mechanics, credentials & security tests/analytics Security Automation  Identifying flaws early in lifecycle  Speed delivery of secure code Scale Continuous Delivery, safely, across the enterprise  Manage multiple simultaneous releases/deployments with dependencies  Code and deployment pipelines are safe, secure and compliant Real-time risk and security analysis
39 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS PROD The Most Secure Continuous Delivery Pipeline Detect Vulnerabilities Early JIT Credentials No Privilege Creep Secure Automation Mechanics DEV PRE-PRODTEST Security within and across the Continuous Delivery Pipeline Secure App Perimeters IoT to Mainframe Pipelines
40 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Recommended Sessions SESSION # TITLE DATE/TIME DST40T Scale Your Application Security Program Effectively with the Right Program Management Model 11/15/2017 at 3:30 pm DST38T Shifting Security to the Left – Watch End-to-End DevSecOps Solution in Action 11/15/2017 at 4:15 pm DST39T Assess and Guide Your DevOps Journey Leveraging Industry-leading DevOps Research 11/16/2017 at 11:30 am DST41T DevOps: Security’s Chance to Get It Right 11/16/2017 at 12:45 pm DST43T The CA Technologies Veracode Platform: 360 Degree View of Your Application’s Security 11/16/2017 at 2:30 pm
41 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Must See Demos Security Starts with Identity CA Identity Suite CA Identity Service Deliver Frictionless Access CA Advanced Authentication CA Single Sign-On CA Directory Control High Value Access CA Privileged Access Manager CA Threat Analytics for PAM Manage Your Software Risk CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Greenlight Sneak Peeks Cross-channel Fraud Prevention Threat Analytics Privileged Access for DevOps
42 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Stay connected at communities.ca.com Thank you.
43 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps For more information on DevSecOps, please visit: http://cainc.to/CAW17-DevSecOps

Recomendados

Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...CA Technologies
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...CA Technologies
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramCA Technologies
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...CA Technologies
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...CA Technologies
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCA Technologies
 

Recomendados

Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...CA Technologies
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...CA Technologies
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramCA Technologies
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...CA Technologies
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...CA Technologies
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCA Technologies
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...CA Technologies
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
Preparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home TransitionPreparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home TransitionQOS Networks
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assuranceNur Shiqim Chok
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Cisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assuranceCisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assuranceNetworkCollaborators
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition NetworkCollaborators
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...DevOps.com
 
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...CA Technologies
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleMarketingArrowECS_CZ
 
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringRSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringAaron Rinehart
 
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)Cisco Canada
 
Distributor-Cloud-Marketplaces
Distributor-Cloud-MarketplacesDistributor-Cloud-Marketplaces
Distributor-Cloud-MarketplacesDan Allaby
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...NetworkCollaborators
 
Cisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernellCisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernellNetworkCollaborators
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.LicensingLive! - SafeNet
 
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...Riverbed Technology
 
Value Plus July Edition - 2015
Value Plus July Edition - 2015Value Plus July Edition - 2015
Value Plus July Edition - 2015Redington Value Distribution
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantCA Technologies
 

Mais conteúdo relacionado

Mais procurados

The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...CA Technologies
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
Preparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home TransitionPreparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home TransitionQOS Networks
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assuranceNur Shiqim Chok
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Cisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assuranceCisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assuranceNetworkCollaborators
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition NetworkCollaborators
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...DevOps.com
 
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...CA Technologies
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleMarketingArrowECS_CZ
 
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringRSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringAaron Rinehart
 
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)Cisco Canada
 
Distributor-Cloud-Marketplaces
Distributor-Cloud-MarketplacesDistributor-Cloud-Marketplaces
Distributor-Cloud-MarketplacesDan Allaby
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...NetworkCollaborators
 
Cisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernellCisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernellNetworkCollaborators
 
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...Riverbed Technology
 

Mais procurados (20)

The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
Preparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home TransitionPreparing Your Customer's Network for the Work from Home Transition
Preparing Your Customer's Network for the Work from Home Transition
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Cisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assuranceCisco Connect 2018 Philippines - introducing cisco dna assurance
Cisco Connect 2018 Philippines - introducing cisco dna assurance
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
 
Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
 
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu Oracle
 
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringRSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
 
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
Building an Adoption Plan: Think Outside the Box (Part 1 of 2)
 
Distributor-Cloud-Marketplaces
Distributor-Cloud-MarketplacesDistributor-Cloud-Marketplaces
Distributor-Cloud-Marketplaces
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
 
Cisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernellCisco Connect 2018 Singapore - En06 jason pernell
Cisco Connect 2018 Singapore - En06 jason pernell
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.
 
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
 
Value Plus July Edition - 2015
Value Plus July Edition - 2015Value Plus July Edition - 2015
Value Plus July Edition - 2015
 

Semelhante a Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager

The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantCA Technologies
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceCA Technologies
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...Amazon Web Services
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAmazon Web Services
 
Shifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageShifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageDevOps.com
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Shannon Williams
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesDevOps.com
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesDeborah Schalm
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Priyanka Aash
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor
 
Continuous Delivery: From Mainframe to Mobile
Continuous Delivery: From Mainframe to MobileContinuous Delivery: From Mainframe to Mobile
Continuous Delivery: From Mainframe to MobileMark Sigler
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...Siva Rama Krishna Chunduru
 
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA MicrogatewayCA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA MicrogatewayCA Technologies
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveColin Domoney
 
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
SoCal DevOps Meetup 1/26/2017 - Habitat by ChefSoCal DevOps Meetup 1/26/2017 - Habitat by Chef
SoCal DevOps Meetup 1/26/2017 - Habitat by ChefTrevor Hess
 
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...Amazon Web Services
 
Microservice Lifecycle Demo Presentation
Microservice Lifecycle Demo PresentationMicroservice Lifecycle Demo Presentation
Microservice Lifecycle Demo PresentationMatt McLarty
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything CA Technologies
 

Semelhante a Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager (20)

The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
 
Shifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageShifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security Coverage
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Continuous Delivery: From Mainframe to Mobile
Continuous Delivery: From Mainframe to MobileContinuous Delivery: From Mainframe to Mobile
Continuous Delivery: From Mainframe to Mobile
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
 
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA MicrogatewayCA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
 
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
SoCal DevOps Meetup 1/26/2017 - Habitat by ChefSoCal DevOps Meetup 1/26/2017 - Habitat by Chef
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
 
Microservice Lifecycle Demo Presentation
Microservice Lifecycle Demo PresentationMicroservice Lifecycle Demo Presentation
Microservice Lifecycle Demo Presentation
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
 

Mais de CA Technologies

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...CA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCA Technologies
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageCA Technologies
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementCA Technologies
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentCA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseCA Technologies
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and RiskCA Technologies
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...CA Technologies
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.CA Technologies
 
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...CA Technologies
 
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...CA Technologies
 
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...CA Technologies
 

Mais de CA Technologies (18)

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and Risk
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
 
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...Case Study: United Airlines Transforms Release Management for Its Modern Soft...
Case Study: United Airlines Transforms Release Management for Its Modern Soft...
 
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
 
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
Industry Keynote: Redefine Operations in a DevOps World—The New Role for Site...
 

Último

What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Último (20)

What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager

  • 1. Securing Your Enterprise Continuous Delivery Pipelines With CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager (CA PAM) Scott Willson DST45T DEVSECOPS Product Marketing Director – CA Automic Release Automation CA Technologies
  • 2. 2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of This Presentation
  • 3. 3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Abstract In this session, we will discuss why it's important to incorporate security into the software delivery pipeline. Lots of organizations are focused on continuous delivery and security, but most have not formulated an official strategy for combining the two; in short, they are complementary and need to be woven together broadly and deeply within a deployment pipeline. Included in the session will be recommendations, best practices, industry trends and practical tips for "baking" security within and across an automated release process. Scott Wilson CA Technologies Director, CA Application Release Automation
  • 4. 4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Agenda DEFINITION OF TERMS WHY CA AUTOMIC RELEASE AUTOMATION COMBINING CA AUTOMIC RELEASE AUTOMATION WITH CA DEVSECOPS SOLUTIONS CONTINUOUS DELIVERY CHALLENGES CA DEVSECOPS SOLUTIONS CA PRIVILEGED ACCESS MANAGER (CA PAM) 1 2 3 4 5 6
  • 5. 5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Definition of Terms
  • 6. 6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevOps Is a… Gartner – 2014 Cool Vendors in DevOps DevOps is a philosophy (not a market). There are no rules, no manuals, only guidelines.
  • 7. 7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps… Key Security Statistic Application-layer attacks were the leading cause of data breaches in 2016. -Verizon Data Breach Investigations Report
  • 8. 8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps… Key Thought About DevOps Without security, DevOps merely introduces vulnerabilities into software faster.
  • 9. 9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Application Release Automation Tools …  Combine: – Automation – Modeling (App/Env) – Release Coordination  Move: – Artifacts – Applications – Configurations – Data
  • 10. 10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS ARA Critical for DevOps & Continuous Delivery Gartner – 2017 Application Release Automation MQ [ARA] tools are a key part of enabling the DevOps goal of achieving continuous delivery with large numbers of rapid, small releases.
  • 11. 11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Up to 50% of Enterprises Will Have an ARA Tool Gartner – 2017 Application Release Automation MQ By 2020, 50% of global enterprises will have implemented at least one application release automation solution, up from less than 15% today.
  • 12. 12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS High Confidence = Release Promotion Continuous Delivery Humble, J., & Farley, D. (2011). Ch. 1. In Continuous Delivery (p. 4). 1 2 3 4 Every Change to App’s Code, Config, Env, or Data Creates New Pipeline Build Binaries & Installers Test Binaries + Config + Env + Data to Confirm Ability to Release
  • 13. 13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Goal of Continuous Delivery Humble, J., & Farley, D. (2011). Ch. 1. In Continuous Delivery (p. 4). Collaboration + Accountability: Makes build, deploy, & test visible Improved Feedback: Problems are found/addressed as early as possible Automation: Enables deployment & release of any version to any environment
  • 14. 14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Use Same Automation Mechanics for Every Environment Continuous Delivery Automation Humble, J., & Farley, D. (2011). Ch. 5. In Continuous Delivery (p. 115). • DEV is Deployed to All the Time • QA - Less Often • PRE-PROD - Even Less Often • PROD - Less Frequently Still
  • 15. 15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Why CA Automic Release Automation
  • 16. 16 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Shift Left  Extensive REST API  ChatOps  Marketplace  Integrations  Action Packs – Not just plugins Analysts  Recognized as a leader – Gartner – Forester Most Scalable  500k to 1 clustered svr  IPv6  IoT to Mainframe  COTS + Core Backend  Automation platform CA Automic Release Automation The Most Advance Automation Platform in the Market
  • 17. 17 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Current Status DevOps is SiloedUnprecedented Pressure 94%of executives face increased pressure to release apps more quickly 2014 Vanson Bourne study commissioned by CA
  • 18. 18 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS However … Not Achieving Speed, Reliability & Compliance Tool Chain Sprawl
  • 19. 19 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS How CA Automic Release Automation Works
  • 20. 20 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Continuous Delivery Challenges
  • 21. 21 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Continuous Delivery Challenges Poor / zero visibility of deployments • Managers and business users (customers) lack tracking of status or completion times • End-to-end transparency required for compliance Limited documentation of releases processes Lack of scalability and control • Managing multiple simultaneous releases with intricate dependency No visibility or governance of privileges • Automation mechanics’ agents/bots • User access within pipelines not accounted for
  • 22. 22 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS PRODisparticularlyvulnerable Automation Mechanics Touch Everything zDocker zMS Azure zAWS zOracle zSales Force zService Now
  • 23. 23 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps Challenges Process augmentation • Significant changes requires in governance models, workflows, and processes. Technology sophistication • Must support multiple teams, numerous languages, repositories, and web of OSS libraries, • Manually or semi-automatically addressing vulnerabilities leads to gaps in coverage. Security Culture • Company culture doesn’t support embedded security processes. • Abandon the mind-set of check-box compliance.
  • 24. 24 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA DevSecOps Solutions
  • 25. 25 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Enabling Developers  3 Second Scan times (with Greenlight)  24 Languages Supported  77 Frameworks Supported  29 Integrations Company Growth  6 Trillion + lines of Code Scanned*  4X Leader in Gartner Magic Quadrant  1400+ Customers  30+ Patents Customer Outcomes  36.5M Flaws Fixed All Time  3,100 Consultation Calls  400,000 Program Management Hours Veracode Overview Note: * indicates year-to-date
  • 26. 26 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Veracode Approach Outcome-Oriented Approach – Focus on Fixing Defects, not Just Discovering Them Coverage of entire SLC Integrations and API’s – Enable seamless integration into software development processes including DevOps SaaS Platform – Shortens Time to Value, Reduce Customer Complexity
  • 27. 27 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Focus on Outcomes Accelerate Secure Software Development Reduce Risks of Data Breaches Compliant with Customer Needs & Regulators Lower Costs of Securing Software Assets
  • 28. 28 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps How do you make security a competitive advantage? Test at every step, eliminate constraints, join disparate tools and processes — and automate everything Continuous Testing Assess and improve application security from initial code through production Functional + Secure = Quality Code 32 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
  • 29. 29 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps: Uniting Development and Security
  • 30. 30 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security Throughout the SLC Code Commit Build Test Release Deploy Operate CA Veracode Greenlight CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Runtime Protection CA Veracode Software Composition Analysis CA Veracode Integrations, APIs CA Veracode eLearning Code RepositoriesIDEs GRCs SIEMs WAFs Security Assurance Operational SecurityDevelopment Integration Bug Tracking Build and Deploy Systems
  • 31. 31 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Privileged Access Manager (CA PAM)
  • 32. 32 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security Threat to Network and Data Unrestricted “root” or “Administrator” access No segregation of duties Use of shared accounts Poor log integrity and quality All-Powerful Access Lack of Accountability Risk
  • 33. 33 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Management and Governance Identity/Credential Management Identity/Credential Governance • Fine-grained access controls • Shared account password management • Threat analytics • Identity activity reporting Control what each agent/bot can do within pipeline steps • Provisioning to privileged accounts • Access requests • Workflow • Certification Ensure the least amount of privileged access for agents/bots
  • 34. 34 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Combining CA Automic Release & CA DevSecOps & CA PAM
  • 35. 35 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS A Practical Blueprint for Achieving Continuous Delivery STAGE 1 ▪ Automate your scripts and root out manual work ▪ Assessment of DevOps competency ▪ Deliver Continuous Delivery roadmap STAGE 2 ▪ Model environments, components and state flows ▪ Construct automated deployment pipelines ▪ Promote and rollback versioned components on demand STAGE 3 ▪ Provision full stacks ▪ Orchestrate entire lifecycle including securing deployment pipeline, CM, and other ITSM procedures ▪ Enable self services STAGE 4 ▪ Automated release management across the entire application portfolio
  • 36. 36 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Secure Automated DevOps / Continuous Delivery Tool Chain Reduce development overhead by 30% by automating environment provisioning and setup Centrally manage and govern the security of your deployment pipelines Securely and fully automate deployments into production Orchestrated releases and fully governed environments Automate change, approval and release management processes Automate agent/bot privileged access Zero downtime production deployments and updates CA recently released integration with CA PAM so that the CA Identity Suite provides full privileged access provisioning, access requests, tracking and approvals, as well as automated access certifications. So, you now can have a single mechanism for governing the access of all users, both regular and privileged. CA Identity Suite CA PAM
  • 37. 37 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS How could it be done today? Benefits • Reduced risk of improper privileged access • Single method of governing access for all users • Outstanding user experience for all roles • Increased efficiency through automation • Flexible approval workflow to meet local needs Capabilities • Automated provisioning and de-provisioning • Access request • Access certification Agents/Bots CA Identity Suite Request Access Provision Access Approval Certifications Manager CA PAM
  • 38. 38 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Automic Release Automation + CA DevSecOps Solutions + CA PAM Visibility of deployments enterprise-wide  Shared visibility across DevOps personnel  Transparency of automation mechanics, credentials & security tests/analytics Security Automation  Identifying flaws early in lifecycle  Speed delivery of secure code Scale Continuous Delivery, safely, across the enterprise  Manage multiple simultaneous releases/deployments with dependencies  Code and deployment pipelines are safe, secure and compliant Real-time risk and security analysis
  • 39. 39 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS PROD The Most Secure Continuous Delivery Pipeline Detect Vulnerabilities Early JIT Credentials No Privilege Creep Secure Automation Mechanics DEV PRE-PRODTEST Security within and across the Continuous Delivery Pipeline Secure App Perimeters IoT to Mainframe Pipelines
  • 40. 40 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Recommended Sessions SESSION # TITLE DATE/TIME DST40T Scale Your Application Security Program Effectively with the Right Program Management Model 11/15/2017 at 3:30 pm DST38T Shifting Security to the Left – Watch End-to-End DevSecOps Solution in Action 11/15/2017 at 4:15 pm DST39T Assess and Guide Your DevOps Journey Leveraging Industry-leading DevOps Research 11/16/2017 at 11:30 am DST41T DevOps: Security’s Chance to Get It Right 11/16/2017 at 12:45 pm DST43T The CA Technologies Veracode Platform: 360 Degree View of Your Application’s Security 11/16/2017 at 2:30 pm
  • 41. 41 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Must See Demos Security Starts with Identity CA Identity Suite CA Identity Service Deliver Frictionless Access CA Advanced Authentication CA Single Sign-On CA Directory Control High Value Access CA Privileged Access Manager CA Threat Analytics for PAM Manage Your Software Risk CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Greenlight Sneak Peeks Cross-channel Fraud Prevention Threat Analytics Privileged Access for DevOps
  • 42. 42 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Stay connected at communities.ca.com Thank you.
  • 43. 43 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps For more information on DevSecOps, please visit: http://cainc.to/CAW17-DevSecOps