CIAM as Key Factor in the Digital Transformation

A vast part of customer access runs via APIs today. Things connect via APIs. Apps work through APIs. The standard HTML-based access through websites is not the norm anymore. APIs thus must be well-secured, starting from the authentication to continuously control what happens via APIs. Because APIs have created a new, attractive path for hackers to gain access to sensitive data, multiple methods have been invented to circumvent traditional security practices to gain access. Intelligence helps stop the most common API attacks not covered by foundational API security tools. API management tools provide an important set of security features to protect APIs. These often include authentication and rate limiting, which ensure resources are securely accessible by internal groups, partners, customers, and third-party developers. But these practices are often deficient in stopping attacks that are built specifically to breach APIs and the data and systems to which they provide access.

The prevalence of API Attacks increasing more and more, and most all go unnoticed until it is far too late. However, many have been very visible lately including recent attacks on Instagram, Verizon, and Facebook. Many of the Security and DevOps leaders we speak to will tell us they: 1. don’t know if they are under attack, 2. don't know how many APIs they have, and 3. don't have detailed visibility into API activity once authentication has occurred.

Key takeaways

- What are the most common API attacks today
- How to secure the customer data
- How Machine Learning is helping in creating the best first line of defense against API attacks
- How dynamic ML behavioral analysis can find attacks faster and with more precision than conventional, static, policy-based security rules

As your IAM deployment grows and covers increasing numbers of uses cases its vital to ensure that the business requirements continue to be met, this can lead to increased amount of testing and regression testing on each subsequent change adding significant burdens and reducing the velocity of change much ultimately prevents

In this session we will look at how your business requirement documents can be translated into automated test suites utilising Cucumber, Selenium, JUnit and docker amongst other tools to provide automated testing against the defined requirements and your IAM platform ensuring that the all your requirements, both business and technical, are met at every stage of the development pipeline ensuring reliable delivery and deployment as part of your CI pipeline.

Key takeaways:

* Writing user stories to describe your requirements
* How to use cucumber and selenium to write tests which meet the requirements
* How to build the above into your development lifecycle