Platforms for Secure API Connectivity With Architecture as Code

The presentation titled "Platforms for Secure API Connectivity With Architecture as Code" was delivered by Jim Gough, a distinguished engineer and API platform lead architect at Morgan Stanley. The session addressed the challenge of ensuring secure API connectivity within complex and regulated environments while maintaining an optimal developer experience.

Key topics covered included:

• Introducing CALM: An open-source initiative from FINOS that provides a structured approach for defining secure and resilient architecture patterns.
• Live Demonstrations: Highlighting how CALM CLI can generate, validate architectures, and apply threat models for vulnerability assessment.
• Security Compliance: Emphasizing Zero Trust principles and network segmentation in microservices environments to enhance security.
• CalmHub and Visualizer: Tools designed to help visualize and manage architectures effectively over time.

Jim shared his experiences from Morgan Stanley, focusing on evolving API connectivity to adopt secure design approaches from the beginning. The session also delved into the complexity of integrating API management tools, coordinated deployments, and maintaining security compliance across API services.

The presentation concluded with insights into adopting Architecture as Code to streamline secure API connectivity and ensure compliance becomes an integral part of the deployment process.

This is the end of the AI-generated content.

As microservices and complex platforms become the standard, ensuring secure connectivity while maintaining a smooth developer experience is a significant challenge. Traditional security models often introduce friction, slowing down innovation and deployment. Regulated industries must balance stringent security controls with the need for agility.

In this session, you will learn how Architecture as Code with CALM, an open-source initiative from FINOS, provides a structured approach to defining Patterns and Architectures that incorporate security and resilience from the start. You will see how CALM CLI can generate and validate architectures against predefined patterns, ensuring security compliance without compromising developer experience.

Through a live demo, you will observe how an initial deployment lacks security and how a threat model can be applied to highlight vulnerabilities. You will then learn how controls enforce security requirements, including Zero Trust principles  to lock down the cluster. Finally, you will discover CalmHub and the Visualizer, tools that help review and maintain architectures over time.

Attendees will leave with a practical understanding of how to adopt Architecture as Code to streamline secure API connectivity, making compliance and security part of their deployment process.

Key Takeaways:

• Understanding the risks and complexity of secure API connectivity
• How CALM enables secure-by-design architectures
• Practical demonstration of CALM CLI and security controls
• Zero Trust and network segmentation in a microservices environment
• Visualizing and managing architectures with CalmHub

Target Audience: 
Architects, platform engineers, DevSecOps professionals, and developers working in regulated environments or those seeking to improve security automation in their platforms.