informa
/
Risk
News

CA Unveils IAM Solutions

CA announced the latest release of its Identity and Access Management (IAM) solution

ISLANDIA, N.Y. -- CA (NYSE: CA) today announced the latest release of its Identity and Access Management (IAM) solution that helps organizations minimize risk while reducing the cost of IT operations.

CA's IAM solution unifies and simplifies the management of enterprise-wide security through automated and centralized policy management. It integrates best-in-class products to provide complete, modular and scalable IAM capabilities. Enhancements include expanded identity federation, strong authentication management, expanded user provisioning, and improved virtualization support.

"We simultaneously have to provide more users inside and outside the University with access to a broader range of applications than ever—and we have to do it in a way that protects the integrity of sensitive information while ensuring we are in compliance with a wide range of federal regulations," said Karl Jackson, senior engineer, Office of Information Technology Engineering at Brigham Young University. "CA's comprehensive IAM solution enables us to meet this challenge in a centralized, cohesive and cost-effective way."

This release provides significant new capabilities for the products that comprise CA's IAM solution, including:

eTrust SiteMinder 6.0 SP5 – Expanded identity federation capabilities include support for Microsoft Active Directory Federation Services (ADFS) and the introduction of a new federation "end point"—both of which ease the establishment of secure business partnerships (see related release). The new release also simplifies the use of stronger forms of authentication—such as tokens, smartcards and biometrics—as components of access management policies. In addition, it provides more flexible control of single sign-on (SSO) environments by making it easy to group associated applications across the enterprise into SSO "zones" using the same eTrust SiteMinder infrastructure.

CA Identity Manager 8.1 SP1 – New connectors streamline and simplify administration of internal and external users and their entitlements—including an ActivIdentity Card Management System (CMS) connector that integrates card management into enterprise provisioning and de-provisioning processes. Another new feature enables point-and-click development of RDBMS connectors.

eTrust Access Control 8 SP1 – This component addresses growing customer needs around server virtualization with support for Solaris 10 Zones and VMware ESX Server, enabling customers to ensure consistent security management across virtual operating systems as well as host systems. Enhanced management and reporting capabilities help ensure appropriate enforcement of access policies.

eTrust Single Sign-On 8.1 – Enhancements provide a consistent user experience by enabling single sign-on to client-side applications, even when the user's machine is not connected to the network, which is particularly critical for organizations with a significant number of mobile workers. The seamless integration between eTrust Single Sign-On and eTrust SiteMinder provides customers with the industry's most comprehensive single sign-on solution spanning the Web, client-server and mainframe.

CA Embedded Entitlements Manager 8.2 – This component, formerly named the IAM Toolkit, enables customers to extend CA's security policy engine to internally-developed applications. Enhancements include:

  • Tighter integration with CA's access management solutions to extend single sign-on across the enterprise, including CA Embedded Entitlements Manager-instrumented applications.
  • The addition of support for the XACML, SAML and SPML standards, which eases interoperability with third-party authentication, user administration and policy management systems.
  • The ability to use C#, in addition to Java and C++ libraries, to externalize security policies for internally developed applications.

"The most effective and efficient way to manage user access rights across the enterprise is to drive identity, access and entitlement management from a single, centralized enterprise IAM system," said Bilhar Mann, senior vice president of Identity and Access Management at CA. "By providing such a centralized and complete solution, CA is meeting the evolving identity and access management needs of today's extended enterprise."

CA is working closely with key systems integrators to assist organizations in implementing robust identity and access management systems built around CA's IAM solution.

"Many companies are struggling to sustain compliance, improve governance, and reduce security management costs, while at the same time improving their end-user experience," said Deborah Golden, principal at Deloitte & Touche LLP ("Deloitte & Touche"). "CA's comprehensive IAM solution, combined with Deloitte & Touche's IAM leading practices, methodologies and frameworks, may help organizations achieve these critical and often conflicting objectives."

In a separate release:

ISLANDIA, N.Y. -- CA (NYSE: CA) today announced enhanced identity federation capabilities as part of its eTrust SiteMinder 6.0 SP5 release. These capabilities enable customers to more easily interconnect with partners, creating a seamless user experience across enterprise security domains in order to more rapidly capitalize on new business opportunities while minimizing IT costs.

Identity federation enables organizations to securely connect disparate business applications and processes between multiple organizations and/or autonomous internal business units—and to manage user access rights as if they were part of the same security domain. By enabling partners in a trusted business relationship to securely share user session and identity information, users enjoy seamless access to applications across and beyond the enterprise.

The new release further expands the federation capabilities of eTrust SiteMinder to make it even easier to simultaneously interconnect with many partners. These features include support for Microsoft Active Directory Federation Services (ADFS), which is based on the WS-Federation specification. In addition, the new federation "end point" of eTrust SiteMinder, which leverages technology licensed from Ping Identity, helps to ease the enablement of the partnership. Combined with existing support for SAML (Security Assertion Markup Language), this enables customers to use whichever method is best suited to enable each partner relationship.

"Identity specifications are essential to secure collaboration between business partners," said Michael Stephenson, director of identity and access product management at Microsoft. "We are pleased to see CA leverage Microsoft Active Directory Federation Services to fulfill this increasingly important IT requirement."

CA Inc. (NYSE: CA)

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5