TECHNOLOGY BRIEF CA Technologies Solutions for Identity, Credential, and Access Management Michael Liou CA Security Management
|
|
- Brendan French
- 7 years ago
- Views:
Transcription
1 TECHNOLOGY BRIEF CA Technologies Solutions for Identity, Credential, and Access Management March 2011 CA Technologies solutions for identity, credential, and access management (ICAM) Michael Liou CA Security Management
2 table of contents EXECUTIVE SUMMARY 3 SECTION 1: Challenge 4 Enabling federal security and privacy ICAM Segment Architecture Use Cases SECTION 2: Opportunity 6 How CA Technologies solutions address ICAM Use Case 1: Create and Maintain Digital Identity Record for Internal User Use Case 2: Create and Maintain Digital Identity Record for External User Use Case 7: Provision and Deprovision User Account for an Application Use Case 10: Grant Logical Access SECTION 3: 15 Benefits SECTION 4: 16 Conclusions SECTION 5: 16 About the author 2
3 executive summary Challenge Virtually all government agencies conduct transactions involving sensitive data whether that be personally identifiable information (PII), electronic health records or other employee or citizen data. As the number of users and systems interacting with this data grows, the threats to this information and the IT infrastructure supporting it multiply as well. Identity, credential and access management (ICAM) plays a critical role in protecting the nation s IT infrastructure and citizens from cyber threats both internal and external. The challenge is that ICAM can be a complex and multifaceted requirement for each agency, supporting numerous organizational scenarios under varying conditions. Opportunity A daunting aspect of ICAM is the breadth of everyday scenarios in which identities, credentials and access decisions play a part. The good news is that robust solutions exist to aid in building not just a multi-layered defense-in-depth strategy, but an effective defense-in-detail infrastructure. This means truly understanding who is trying to access data, confirming the credentials they provide are accurate and enforcing the appropriate level of access for each user. In addressing these ICAM issues, agencies also have the opportunity to build a holistic infrastructure that not only secures sensitive resources, but enables collaboration and efficiency within and amongst agencies. Benefits The intent of the Federal Government s ICAM initiatives and related directives is to construct a consistent and secure IT infrastructure across agencies. If properly implemented, ICAM has the potential to deliver many benefits including improvements in: Security understanding who is attempting to gain access and having the necessary controls to limit that access reduces security risk. Compliance numerous cyber security directives and initiatives facing agencies today carry direct relevance to ICAM issues. Efficiency automated systems improve the cost of managing identity processes while consistency across agencies encourages interoperability and collaboration while also decreasing redundancy. User satisfaction all audiences, including employees, contractors, partners and citizens, can benefit from greater ability to directly interact with agency systems and higher levels of data protection. 3
4 Section 1: Challenge Enabling federal security and privacy In September 2008, the Federal CIO Council created the Identity, Credential, and Access Management Subcommittee (ICAMSC) with the charter of fostering government-wide identity and access management and enabling trust across organizational, operational, physical and network boundaries. Identity management has been highlighted as a critical cyber security issue, as stated by President Obama, The ICAM segment architecture will serve as an important tool for providing awareness to external mission partners and drive the development and implementation of interoperable solutions. 1 The considerable benefits of a consolidated federal approach to Identity, Credential, and Access Management was clearly evident long before the ICAMSC was created. Previously, the Homeland Security Presidential Directive 12 (HSPD-12) 2 and FIPS provided a directive and standard for the implementation of a common identity standard for federal employees and contractors. These requirements continue to be at the forefront of the federal cyber ecurity strategy. The Office of Management and Budget (OMB) Memorandum recently reiterated timelines for each federal agency to name officials responsible for monitoring and reporting on HSPD-12 PIV card adoption and for use in logical access to applications requiring NIST assurance level 3. ICAM segment architecture use cases The scenarios in which ICAM is involved can be complex consisting of a series of distinct identity issues, workflows and related solutions. Further complicating the issue is that these solutions often require interaction with one another. This provides dependencies but also opportunities to use them in conjunction to deliver greater value. Many agencies are struggling to determine a starting point with ICAM and worry that they may not have considered the requirements of other applications and stakeholders. To this end, the ICAMSC has published a Roadmap and Implementation Guidance document 4 which provides detailed guidance for federal agencies investing in ICAM programs. A particularly valuable aspect of that document is the definition of eleven ICAM use cases which describe the as-is state of identity management functions performed by federal agencies, the desired target state and the typical gaps between the two. These use cases are effective in demonstrating how the components of the ICAM segment architecture operate within the real-life context of related operational functions. ICAM use cases 1. Create and Maintain Digital Identity Record for Internal User 2. Create and Maintain Digital Identity Record for External User 3. Perform Background Investigation for Federal Applicant 4. Create, Issue, and Maintain PIV Card 5. Create, Issue, and Maintain PKI Credential 6. Create, Issue, and Maintain Password Token 7. Provision and Deprovision User Account for an Application 8. Grant Physical Access to Employee or Contractor 9. Grant Visitor or Local Access to Federally-Controlled Facility or Site 10. Grant Logical Access 11. Secure Document or Communication with PKI 4
5 Section 2: Opportunity How CA Technologies solutions address ICAM The Federal ICAM Roadmap and Implementation Guidance document provides a useful ICAM conceptual diagram, highlighting several individual components and how they work with one another. Agencies developing ICAM solutions will benefit from taking this same dual perspective: 1. A pragmatic determination of how each use case independently delivers value for your agency and how it can be efficiently addressed through a combination of people, processes and IT technologies. 2. A holistic view of how these use cases or individual ICAM systems interoperate with one another or leverage common infrastructure components. Figure A Security solutions from CA Technologies directly address the items highlighted in the ICAM conceptual diagram and complement Credential Management systems and processes. *Image provided by the ICAM Subcommittee and CIO Council Security Solutions from CA Technologies primarily address the Identity Management, Access Management, Federation and Auditing and Reporting functions depicted in the ICAMSC s conceptual diagram. The remainder of this paper examines how CA Technologies solutions function in the context of key ICAM use cases. Note, this paper is not comprehensive as CA Technologies solutions contribute in some manner to all eleven use cases. In addition, not all CA Technologies solutions which help address ICAM requirements are discussed in this paper. 5
6 Use Case 1: Create and Maintain Digital Identity Record for Internal User Target: the target state vision is for a digital identity to be created or modified once in the authoritative system(s) and for authoritative identity attributes to be linked and shared in an automated fashion with other systems across the enterprise. In this vision, a core identity record is established in a single authoritative repository. CA Technologies solutions: CA Identity Manager, CA Directory CA Identity Manager is a flexible and scalable solution for creating and maintaining identities and related user attributes. This enables administrators to establish and maintain a centralized source of user identity information while also delegating the management of specific attributes to the appropriate level of authority. It can also be accessed directly by end users to update selective aspects of their profile in a self-service approach. The attributes associated with each user profile can be based on custom configured attributes including contact information, physical characteristics, role information, user photo and many other details. CA Identity Manager can be integrated with end points to automatically synchronize user identity information across IT systems as they change. It also has the ability to identify when identity information is updated on an end point and can then make policy-based decisions about whether or not to update the central user profile and then synchronize these changes back out to other systems. This synchronization and provisioning of access associated with identities is discussed in more detail in Use Case 7. As identities are created and maintained on the massive scale required by many agencies, they must be stored in a high performance repository that is capable of handling this volume. CA Directory is a distributed directory which delivers superior levels of availability, reliability, scalability and performance. Independent testing has proven CA Directory s ability to scale to hundreds of millions of users and hundreds of servers in a distributed environment5. As an identity foundation, CA Directory imparts these enterprise class capabilities to each of the ICAM solutions which it supports. Use Case 2: Create and Maintain Digital Identity Record for External User Target: In the target state, many mission-specific external facing applications likely will continue to need to establish a basic record for users in order to grant access; however, it is intended that mission segments will have agreed upon standards for what information is collected to minimize the gathering of unnecessary data and enable greater information sharing where possible. CA Technologies Solutions: CA Siteminder, CA Identity Manager, CA Directory The requirements of creating and maintaining external user identities are similar to those of internal users (described in Use Case 1) in terms of establishing centralized identity stores and leveraging a scalable directory foundation. The difference when dealing with external user populations is that it 6
7 often involves user populations that are orders of magnitude larger than when dealing with internal users. For example, the number of US citizens potentially accessing an online taxpaying application (from tens of millions to over 100 million users) would greatly exceed the number of employees in even the largest agency. In addition, IT interactions between external users and federal agencies are often based on web applications. In addition to leveraging solutions described in Use Case 1, this requires considerations to securely register new users via the web and maintain these identities. CA SiteMinder works with CA Identity Manager to allow users to register new accounts and provides identity administration capabilities to maintain these identities. CA SiteMinder also provides a series of web access management capabilities which are further described in Use Case 10. Use Case 7: Provision and Deprovision User Account for an Application As-is: In the current state, the provisioning and deprovisioning of accounts are typically managed through manual, application-specific work streams. This creates a great administrative burden on application administrators across the large number of applications and associated users within the enterprise. Additionally, some provisioning processes employ paper-based approval workflows that are labor and time intensive. CA Technologies Solutions: CA Identity Manager, CA Role & Compliance Manager Virtually all agencies perform provisioning activities today, yet many are based on manual, paperbased processes and ad hoc coordination between Human Resources, IT staff and security personnel. Automating the workflow and approval processes associated with granting and removing access can significantly improve efficiency while allowing your agency to embed security controls such as segregation of duties, workflow and auditing into provisioning and deprovisioning activities. CA Identity Manager is a proven, enterprise solution for creating, modifying and removing access throughout the lifecycle of users, both internal and external. As new users are created or their entitlements change, the provisioning engine automatically creates accounts on related endpoint systems based on the user s roles or provisioning rules. As this access is granted, CA Identity Manager has the ability to evaluate security policies, such as segregation of duties, to confirm that users do not gain conflicting privileges which could put the agency at risk. CA Identity Manager is highly customizable, enabling automated processes to be configured to mirror the unique requirements of your agency. Provisioning actions can be triggered by a direct feed from an HR system or from the agency s existing service desk system, batch processes or direct input from administrators or the end users themselves. Workflow and delegation actions can be established to require proper approvals before sensitive access is granted or provide alerts at critical points along the process. In addition, when users change functions within the agency or cease to be employed, CA Identity Manager automatically disables or deprovisions a user by either suspending or completely deleting the user s accounts and privileges on end point systems. This prevents a situation where a terminated employee continues to have access after departing and their accounts represent a significant risk to the organization s sensitive data or systems. 7
8 Figure B CA Identity Manager provides a centralized solution for maintaining identity information, automating provisioning processes and auditing related actions. Process automation is critical to achieving the efficiency that reduces costs, time and personnel associated with provisioning and deprovisioning. However, even perfectly automated processes are only as good as the data that is being fed into the process itself. From an identity standpoint, this consists of the role and entitlements information that associates types of users to necessary access. CA Role & Compliance Manager enhances identity management projects through the identification of orphaned or ghost accounts, clean-up of user entitlements and development of accurate role-based access models. CA Role & Compliance Manager is built on a powerful analytics engine which enables optimization of user and entitlements information. This can be initially used to clean-up existing privileges by identifying users with excessive access rights or highlighting other anomalies associated with risky identity profiles. CA Role & Compliance Manager can then be used to identify patterns of access amongst users to suggest potential roles. CA Role & Compliance Manager includes a number of out-of-the-box role discovery methodologies, each with configurable parameters which can be adjusted to meet the needs of your agency. This accurate foundation of role and identity information can then be leveraged by provisioning processes automated by CA Identity Manager and other security processes such as entitlements certification and reporting. This can improve the effectiveness of provisioning actions as well as the experience for end users as they are presented meaningful identity data and business-friendly role descriptions. 8
9 Use Case 10: Grant Logical Access Target: Implementing LACS. A flexible centrally managed agency LACS is required to layer attributes and permissions, and map those to the authentication mechanism to make access decisions for all agency applications, including legacy. CA Technologies Solutions: CA Siteminder, CA Access Control Defense-in-depth is a common approach to logical access control where various controls are implemented to secure each layer of the IT infrastructure. These solutions must first authenticate users and then determine whether or not they are allowed to execute the desired action. One of the most exposed IT areas is the web layer. More and more applications are being ported to or developed for the web, providing users benefit with greater accessibility and convenience yet often presenting a broader risk profile for the organization. CA SiteMinder is an enterprise-class web access management solution providing user authentication, policy-based authorization, single sign-on and auditing. Instead of custom coding ICAM security into each distinct web application, agencies can implement a consistent set of best practice security capabilities across portal, internet and intranet applications. This reduces the cost of developing and maintaining these web applications while delivering a convenient web access experience for employees, contractors, partners and citizens. CA SiteMinder also provides centralized management of web authentication, authorization, auditing and reporting. Flexible access policies can be based on criteria such as user attributes or roles, group membership, location or time of access. These policies can restrict access to resources at various levels of granularity from the web page to the file or to the object level. In addition, CA SiteMinder supports the enforcement of different levels of strong authentication depending on the sensitivity of each application. Given the enterprise-wide nature of ICAM implementations and high traffic requirements of web applications, the scalability and reliability of web access management systems is critical. CA SiteMinder has proven ability to support populations of over 100 million users and high transaction rates 6. This superior performance is supported by robust capabilities such as load balancing, caching, server clustering, failover, replication and many others. 9
10 Figure C CA SiteMinder enables users to securely interact with web applications by authenticating users and enforcing appropriate policybased access. While not as accessible to general populations as the web layer, the operating system layer is perhaps the most critical area of vulnerability of the IT infrastructure. Insiders and privileged users with access at the host level often have the ability to compromise the sensitive data and systems which are running on a given server. CA Access Control is a host access control solution which authenticates privileged users and enforces policy-based authorization across physical and virtualized server environments. The challenge with operating systems is they often have all-powerful superuser accounts (such as root on UNIX) which are frequently shared among administrators. Any user with the superuser password can perform virtually any operation on a machine including copying data, starting/stopping services, installing software and even deleting audit logs. The risk presented by these accounts is intensified by virtue of their shared account usage if multiple users have the superuser password and are logging in via this account, there is no accountability for the individual user. CA Access Control provides the critical layer of security protection across server platforms, enabling fine-grained access control, policy-based management and the secure auditing essential for safeguarding electronic assets. Access policies can be designed to regulate access to server resources, programs, files and processes using a variety of criteria including the true user identity, login method, network attributes and many more. In addition, CA Access Control Privileged User Password Management helps provide accountability for access that is commonly performed via shared accounts by managing how users check-in and check-out passwords as needed. 10
11 Figure D CA Access Control enforces appropriate host-level access across physical and virtual environments based on fine-grained access policies. Gap: Need for enhanced role and attribute data to perform situational access control. The use of attributes for LACS decisions. Agencies should determine how to enable contextual (risk adaptive) role or attribute based access control based on established policy and rule sets and for real-time situational access control. CA Technologies Solutions: CA Arcot Webfort, CA Arcot Riskfort Username and password is the most common authentication method in use today. This is sufficient for some systems, but for applications, websites or operating systems containing sensitive or private data, basic username and password authentication is often unacceptable as defined by NIST requirements or for levels of assurance. CA Arcot Webfort is a flexible authentication server which allows you to secure your users and systems with a variety of effective, cost efficient multi-factor authentication methods. CA Arcot Webfort supports authentication types beyond username and password including security Q&A, OTP via SMS, or voice, OATH tokens, ArcotID, ArcotOTP or a combination of these. It also provides centralized authentication policy creation, management and enforcement for many applications and security systems including CA SiteMinder. CA Arcot Webfort can be deployed quickly and with the low total cost of ownership of a cloud-based model or as an on-premise solution. 11
12 Figure E CA Arcot WebFort enables efficient, centralized deployment of various strong authentication methods to increase the security of logical access. As stated in Use Case 10, a single method for authentication is not always sufficient at times contextual awareness is required to determine the level of sensitivity and thus, level of security control that must be enacted. CA Arcot Riskfort delivers risk-based, adaptive authentication by evaluating the level of security risk posed by logins or transactions before enforcing the appropriate level of authentication strength. For example, a data center has employees typically logging into a web application containing citizens personally identifiable information during business hours. In the event a login is attempted at midnight from an IP address outside the United States, CA Arcot Riskfort analytics would identify a heightened risk. The aggregate risk score can be created based on a number of criteria including defined access rules, location, transaction patterns, device fingerprints or other criteria consumed by the self-learning analytics engine. Based on this score, the user may be prompted to provide additional authentication or blocked from logging in. 12
13 Target: Enabling Federation. The target state will require agreement on versions, technologies, formats, and oversight mechanisms to transfer and trust identities and credentials across agency boundaries and with external entities. Establishing Trusted Identity Providers and similar mechanisms will enable service providers to make access decisions based on defined levels of trust. CA Solutions: CA Federation Manager Collaboration between agencies or even internally between agency divisions is becoming an increasingly common, and critical, requirement to federal operations. As users gain access to or securely authenticate with a single agency, they should be able to seamlessly access necessary resources on another trusted agency s infrastructure. CA Federation Manager is a standards-based identity federation solution that allows your agency to act as an identity provider, service provider or both in support of federated transactions. CA Federation Manager provides end-to-end administration to efficiently set up, test, deploy and manage federation partnerships. Federation is supported out-of-the-box via a number of standards including Security Assertion Markup Language (SAML) and WS-Federation. Once a relationship is established between partners, CA Federation Manager provides users with single sign-on and single logoff across federated security domains. Figure F CA Federation Manager provides standards-based identity federation for use by identity providers, service providers or both parties in a federated transaction. 13
14 Section 3: Benefits The most obvious objectives of ICAM are increasing security and data privacy. These goals are readily apparent in the desired target state of having LACS systems enforce the appropriate interaction with various web, host and mainframe IT systems. On the identity side, security begins with a trusted understanding of who each user is whether that is accomplished at a basic level through username and password or a stronger, advanced authentication method. Security is enhanced by continuing to manage the lifecycle of user identities to the point of removing access through automated deprovisioning. Properly implemented, these identity and LACS systems can combine to significantly reduce the risk of unknown, mistaken or improper access to sensitive infrastructure. Automating ICAM processes and controls also has the potential to offer significant benefits in terms of IT efficiency. The ability to establish an authoritative digital identity and automatically synchronize attributes among relevant systems can reduce redundancy and confusion. In addition, automating formerly manual identity processes, such as provisioning when users are created or modified as well as deleting account access, can minimize the cost and administrative overhead of maintaining appropriate user entitlements. Finally, enhanced ICAM processes serve the agency s internal security and IT organization while providing benefit to end users themselves. Intelligently providing security as needed for example, in risk-based strong authentication provides employees and citizens with the level of comfort that their interactions are protected and their data secure. Users have come to expect the convenience and confidence similar to the online banking experience which provides secure single sign-on across applications. Providing this experience across the Federal Government by leveraging a federated identity model can help to encourage greater collaboration. Your agency s approach to ICAM or the short- and long-term importance of each of the ICAM use cases will vary depending on your unique needs. Just as there is no single solution, there is no single benefit properly planned and implemented, ICAM solutions will provide a range of benefits across layers of your IT infrastructure and for each of the participating constituents. 14
15 Section 4: Conclusions Security breaches, originating from both internal and external sources, are increasing in frequency and severity. One needs only look as far as WikiLeaks or any number of other security events to see how the Federal ICAM strategy plays a strong role in safeguarding IT infrastructure, protecting confidential data and reducing risk. When current events do not serve as a weekly reminder, increasing regulatory pressures or Federal directives requiring security compliance provide another. The intent of these security mandates is not for the sake of legislation alone. It makes good sense that, at the most basic level, in order to protect data and key systems, you must understand two things: 1) Who is the person attempting to gain access, and 2) Should they be allowed to execute that access? While relatively simple questions, even a basic transaction such as a Federal employee logging into an agency s web portal can involve multiple decision points and require distinct controls which must be enacted. The good news is that the ICAMSC has developed a comprehensive and best practice approach to meeting the business needs associated with these identity and access issues. Furthermore, proven solutions exist which can empower your agency to successfully meet the security needs of the various use cases you may encounter. By combining an understanding of the scenarios which require identity and access security with the proper processes and controls, your agency can develop a secure, efficient and collaborative IT infrastructure and positive experience for users. Section 5: About the author Michael Liou is a Senior Principal Product Marketing Manager at CA Technologies, where he is responsible for the security product go-to-market strategy for the Public Sector. He has spent over 10 years in the software industry, with experience in solution consulting and most recently, leading product management at an enterprise mobile application software company. Michael has a Bachelor of Science in Operations Research and Industrial Engineering from Cornell University and is a Certified Information Systems Security Professional (CISSP). To learn more about CA Technologies Security solutions and how they can help you agency address ICAM or other security initiatives, please visit ca.com/us/products/industry-solutions/public-sector/ Security.aspx. 15
16 CA Technologies is an IT management software and solutions company with expertise across all IT environments from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 rely on CA Technologies to manage their evolving IT ecosystems. For additional information, visit CA Technologies at ca.com. 1 FY2010 Budget, 2 Homeland Security Presidential Directive 12, 3 Federal Information Processing Standard 201-1, 4 idmanagement.gov/documents/ficam_roadmap_implementation_guidance.pdf 5 ca.com/files/industryresearch/wam-solution-hmu-test-us_ pdf 6 ca.com/files/industryresearch/wam-solution-hmu-test-us_ pdf Copyright 2011 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. CS0899_0311
solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?
solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly
More informationHow can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?
SOLUTION BRIEF Content Aware Identity and Access Management May 2010 How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward? we can CA Content
More informationLeveraging Privileged Identity Governance to Improve Security Posture
Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both
More informationProduct overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities
PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to
More informationexpanding web single sign-on to cloud and mobile environments agility made possible
expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online
More informationHow can Identity and Access Management help me to improve compliance and drive business performance?
SOLUTION BRIEF: IDENTITY AND ACCESS MANAGEMENT (IAM) How can Identity and Access Management help me to improve compliance and drive business performance? CA Identity and Access Management automates the
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationSOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management
SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management improving SAP security with CA Identity and Access Management The CA Identity and Access Management (IAM) suite can help you
More informationCA Arcot RiskFort. Overview. Benefits
PRODUCT SHEET: CA Arcot RiskFort CA Arcot RiskFort CA Arcot RiskFort provides real-time protection against identity theft and online fraud via risk based, adaptive authentication. It evaluates the fraud
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationSOLUTION BRIEF SEPTEMBER 2014. Healthcare Security Solutions: Protecting your Organization, Patients, and Information
SOLUTION BRIEF SEPTEMBER 2014 Healthcare Security Solutions: Protecting your Organization, Patients, and Information SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT 94% of healthcare organizations
More informationTransforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency
EXECUTIVE BRIEF Service Operations Management November 2011 Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency agility made possible David Hayward Sr.
More informationTECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management
TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management Table of Contents Executive Summary 1 SECTION 1: CHALLENGE 2 The Need for
More informationCA Technologies Healthcare security solutions:
CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA
More informationidentity as the new perimeter: securely embracing cloud, mobile and social media agility made possible
identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,
More informationClosing the Biggest Security Hole in Web Application Delivery
WHITE PAPER DECEMBER 2014 Closing the Biggest Security Hole in Web Application Delivery Addressing Session Hijacking with CA Single Sign-On Enhanced Session Assurance with DeviceDNA Martin Yam CA Security
More informationagility made possible
SOLUTION BRIEF CA Technologies and NetApp Integrated Service Automation Across the Data Center can you automate the provisioning and management of both virtual and physical resources across your data center
More informationCA Technologies Solutions for Criminal Justice Information Security Compliance
WHITE PAPER OCTOBER 2014 CA Technologies Solutions for Criminal Justice Information Security Compliance William Harrod Advisor, Public Sector Cyber-Security Strategy 2 WHITE PAPER: SOLUTIONS FOR CRIMINAL
More informationIdentity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control
Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control agility made possible Enterprises Are Leveraging Both On-premise and Off-premise
More informationSOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?
SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY How Can I Both Enable and Protect My Organization in the New Application Economy? CA Security solutions can help you enable and protect your business
More informationhow can I comprehensively control sensitive content within Microsoft SharePoint?
SOLUTION BRIEF Information Lifecycle Control for Sharepoint how can I comprehensively control sensitive content within Microsoft SharePoint? agility made possible CA Information Lifecycle Control for SharePoint
More informationhow can I improve performance of my customer service level agreements while reducing cost?
SOLUTION BRIEF CA Business Service Insight for Service Level Management how can I improve performance of my customer service level agreements while reducing cost? agility made possible By automating service
More informationCA SiteMinder SSO Agents for ERP Systems
PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security
More informationHow To Comply With Ffiec
SOLUTION BRIEF authentication in the internet banking environment: The solution for FFIEC compliance from CA Technologies agility made possible Introduction to FFIEC Compliance In October of 2005, the
More informationcan you effectively plan for the migration and management of systems and applications on Vblock Platforms?
SOLUTION BRIEF CA Capacity Management and Reporting Suite for Vblock Platforms can you effectively plan for the migration and management of systems and applications on Vblock Platforms? agility made possible
More informationAuthentication Strategy: Balancing Security and Convenience
Authentication Strategy: Balancing Security and Convenience Today s Identity and Access Security Strategies Are Being Driven by Two Critical Imperatives: Enable business growth by: Quickly deploying new
More informationGrants Management for CA Clarity PPM gives you the confidence to choose the RIGHT applicants, make the RIGHT decisions, award the RIGHT funds, and to
SOLUTION BRIEF: Grants Management for CA Clarity PPM March 2011 Can you manage the lifecycle of grants, reduce unwanted paperwork, and track the performance of awarded funds? you can Grants Management
More informationIdentity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board
Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management An information exchange For Information Security and Privacy Advisory Board Deb Gallagher
More informationIs Your Identity Management Program Protecting Your Federal Systems?
Is Your Identity Management Program Protecting Your Federal Systems? With the increase in integrated, cloud and remote technologies, it is more challenging than ever for federal government agencies to
More informationagility made possible
SOLUTION BRIEF CA Private Cloud Accelerator for Vblock Platforms how quickly can your private cloud support the increasing demand for business services and accelerate time-to-value for your Vblock platforms
More informationCA Repository for z/os r7.2
PRODUCT SHEET CA Repository for z/os CA Repository for z/os r7.2 CA Repository for z/os is a powerful metadata management tool that helps organizations to identify, understand, manage and leverage enterprise-wide
More informationBUYER S GUIDE. Identity Management and Governance
BUYER S GUIDE Identity Management and Governance 2 BUYER S GUIDE: IDENTITY MANAGEMENT AND GOVERNANCE Overview For those charged with selecting all or part of their organization s Identity Management and
More informationcan I customize my identity management deployment without extensive coding and services?
SOLUTION BRIEF Connector Xpress and Policy Xpress Utilities in CA IdentityMinder can I customize my identity management deployment without extensive coding and services? agility made possible You can.
More informationcontent-aware identity & access management in a virtual environment
WHITE PAPER Content-Aware Identity & Access Management in a Virtual Environment June 2010 content-aware identity & access management in a virtual environment Chris Wraight CA Security Management we can
More informationSecurity management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.
Security management White paper Develop effective user management to demonstrate compliance efforts and achieve business value. September 2008 2 Contents 2 Overview 3 Understand the challenges of user
More informationCA point of view: Content-Aware Identity & Access Management
TECHNOLOGY BRIEF CA Point of View: Content-Aware Identity and Access Management March 2011 CA point of view: Content-Aware Identity & Access Management table of contents EXECUTIVE SUMMARY SECTION 1 Challenge
More informationSecurity Services. Benefits. The CA Advantage. Overview
PRODUCT BRIEF: CA SITEMINDER FEDERATION SECURITY SERVICES CA SiteMinder Federation Security Services CA SITEMINDER FEDERATION SECURITY SERVICES EXTENDS THE WEB SINGLE SIGN-ON EXPERIENCE PROVIDED BY CA
More informationCA Process Automation for System z 3.1
PRODUCT SHEET CA Process Automation for System z CA Process Automation for System z 3.1 CA Process Automation for System z helps enable enterprise organizations to design, deploy and administer automation
More informationUnderstanding Enterprise Cloud Governance
Understanding Enterprise Cloud Governance Maintaining control while delivering the agility of cloud computing Most large enterprises have a hybrid or multi-cloud environment comprised of a combination
More informationFederal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance
Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance December 2, 2011 Powered by the Federal Chief Information Officers Council and the Federal Enterprise Architecture
More information<Insert Picture Here> Oracle Identity And Access Management
Oracle Identity And Access Management Gautam Gopal, MSIST, CISSP Senior Security Sales Consultant Oracle Public Sector The following is intended to outline our general product direction.
More informationBUYER S GUIDE. Identity Management and Governance
BUYER S GUIDE Identity Management and Governance 2 BUYER S GUIDE: IDENTITY MANAGEMENT AND GOVERNANCE Overview For those charged with selecting all or part of their organization s identity management and
More informationCA Service Desk Manager
DATA SHEET CA Service Desk Manager CA Service Desk Manager (CA SDM), on-premise or on-demand, is designed to help you prevent service disruptions, better manage change risks, and provides a 360-degree
More informationCA NSM System Monitoring Option for OpenVMS r3.2
PRODUCT SHEET CA NSM System Monitoring Option for OpenVMS CA NSM System Monitoring Option for OpenVMS r3.2 CA NSM System Monitoring Option for OpenVMS helps you to proactively discover, monitor and display
More informationEnterprise On The Go: 5 Essentials For BYOD & Mobile Enablement
Enterprise On The Go: 5 Essentials For BYOD & Mobile Enablement Introduction: The Opportunities & Challenges of Enterprise Mobility Apps & the Enterprise The existence of smartphones and tablets able to
More informationjourney to a hybrid cloud
journey to a hybrid cloud Virtualization and Automation VI015SN journey to a hybrid cloud Jim Sweeney, CTO GTSI about the speaker Jim Sweeney GTSI, Chief Technology Officer 35 years of engineering experience
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationCA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam
CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as
More informationwe can Automating service delivery for the dynamic data center of the future Brandon Whichard
Executive Brief Automate Service Delivery September, 2010 addressing today s problems while setting the stage for an agile infrastructure Automating service delivery for the dynamic data center of the
More informationDEPARTMENTAL REGULATION
U.S. DEPARTMENT OF AGRICULTURE WASHINGTON, D.C. 20250 DEPARTMENTAL REGULATION SUBJECT: Identity, Credential, and Access Management Number: 3640-001 DATE: December 9, 2011 OPI: Office of the Chief Information
More informationNext-Generation Performance Testing with Service Virtualization and Application Performance Management
Next-Generation Performance Testing with Service Virtualization and Application Performance Management By Akshay Rao, Principal Consultant, CA Technologies Summary Current approaches for predicting with
More informationGovernance and Control of Privileged Identities to Reduce Risk
WHITE PAPER SEPTEMBER 2014 Governance and Control of Privileged Identities to Reduce Risk Merritt Maxim CA Security Management 2 WHITE PAPER: PRIVILEGED IDENTITY GOVERNANCE Table of Contents Executive
More informationCA Federation Manager
PRODUCT BRIEF: CA FEDERATION MANAGER CA FEDERATION MANAGER PROVIDES STANDARDS-BASED IDENTITY FEDERATION CAPABILITIES THAT ENABLE THE USERS OF ONE ORGANIZATION TO EASILY AND SECURELY ACCESS THE DATA AND
More informationRegulatory Compliance Using Identity Management
Regulatory Compliance Using Identity Management 2015 Hitachi ID Systems, Inc. All rights reserved. Regulations such as Sarbanes-Oxley, FDA 21-CFR-11 and HSPD-12 require stronger security, to protect sensitive
More informationManaging the Risk of Privileged Accounts and Privileged Passwords in Civilian Agencies
Managing the Risk of Privileged Accounts and Privileged Passwords in Civilian Agencies Reduce Risk while Streamlining Administrative Workflows Written by Dell Software Abstract Even IT environments that
More informationSOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio
SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY Identity-centric Security: The ca Securecenter Portfolio How can you leverage the benefits of cloud, mobile, and social media, while protecting
More informationassure the quality and availability of business services to your customers
SOLUTION BRIEF Service Assurance May 2010 assure the quality and availability of business services to your customers we can is a mature, integrated portfolio of management products for delivering exceptional
More informationAxway API Portal. Putting APIs first for your developer ecosystem
Axway API Portal Putting APIs first for your developer ecosystem To fully embrace an API-first strategy, it s no longer enough to simply develop and deploy APIs. Organizations need broad API management
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationCertified Identity and Access Manager (CIAM) Overview & Curriculum
Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management
More informationaccelerating time to value in Microsoft Hyper-V environments
SOLUTION BRIEF accelerating time to value in Microsoft Hyper-V environments 01 CA Technologies 30-year partnership with Microsoft uniquely positions us to help you exceed your Microsoft virtual and cloud
More informationSimplify Identity Management with the CA Identity Suite
SOLUTION BRIEF CA DATABASE IDENTITY SUITE MANAGEMENT IDENTITY FOR MANAGEMENT DB2 FOR z/os DRAFT Answer the cover question by stating how the solution can deliver the desired benefits; typically, technical
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationNetwork Performance Management Solutions Architecture
Network Performance Management Solutions Architecture agility made possible Network Performance Management solutions from CA Technologies compliment your services to deliver easily implemented and maintained
More informationSOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?
SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT
More informationCA Automation Suite for Data Centers
PRODUCT SHEET CA Automation Suite for Data Centers agility made possible Technology has outpaced the ability to manage it manually in every large enterprise and many smaller ones. Failure to build and
More informationWHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT
WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT IntelliDyne, LLC MARCH 2012 STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT
More informationagility made possible
SOLUTION BRIEF CA IT Asset Manager how can I manage my asset lifecycle, maximize the value of my IT investments, and get a portfolio view of all my assets? agility made possible helps reduce costs, automate
More informationcan you improve service quality and availability while optimizing operations on VCE Vblock Systems?
SOLUTION BRIEF Service Assurance Solutions from CA Technologies for VCE Vblock Systems can you improve service quality and availability while optimizing operations on VCE Vblock Systems? agility made possible
More informationare you helping your customers achieve their expectations for IT based service quality and availability?
PARTNER BRIEF Service Operations Management from CA Technologies are you helping your customers achieve their expectations for IT based service quality and availability? FOR PARTNER USE ONLY DO NOT DISTRIBUTE
More informationTECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.
TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA Colruyt ensures data privacy with Identity & Access Management. Table of Contents Executive Summary SECTION 1: CHALLENGE 2
More informationWhite paper December 2008. IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview
White paper December 2008 IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview Page 2 Contents 2 Executive summary 2 The enterprise access challenge 3 Seamless access to applications 4
More informationThe NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide
SOLUTION BRIEF NIST FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide SOLUTION BRIEF CA DATABASE
More informationagility made possible
SOLUTION BRIEF Mainframe Software Rationalization Program want to reduce costs and rationalize your mainframe software change management environment? agility made possible CA Endevor Software Change Manager
More informationOracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003
Oracle Identity Management Concepts and Architecture An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture Introduction... 3 Identity management... 3 What is Identity
More informationFederal Identity, Credentialing, and Access Management. Identity Scheme Adoption Process
Federal Identity, Credentialing, and Access Management Identity Scheme Adoption Process Version 1.0.0 Release Candidate July 8, 2009 ii Document History Status Release Date Comment Audience Draft 0.0.1
More informationhow can I provide strong authentication for VPN access in a user convenient and cost effective manner?
SOLUTION BRIEF CA Advanced Authentication how can I provide strong authentication for VPN access in a user convenient and cost effective manner? agility made possible provides a flexible set of user convenient,
More informationCA Viewpoint. Meeting the European Banking Authority Guidelines and EU Payment Security Directive for Secure Authentication
EXECUTIVE BRIEF AUGUST 2015 CA Viewpoint Summary of European Banking Authority Guidelines and How CA Can Help Meeting the European Banking Authority Guidelines and EU Payment Security Directive for Secure
More information5 Pillars of API Management with CA Technologies
5 Pillars of API Management with CA Technologies Introduction: Managing the new open enterprise Realizing the Opportunities of the API Economy Across industry sectors, the boundaries of the traditional
More informationEXECUTIVE VIEW. EmpowerID 2013. KuppingerCole Report. By Peter Cummings October 2013. By Peter Cummings pc@kuppingercole.
KuppingerCole Report EXECUTIVE VIEW By Peter Cummings October 2013 EmpowerID 2013 By Peter Cummings pc@kuppingercole.com October 2013 Content 1 Vendor Profile... 3 2 Product Description... 4 2.1 Single
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationhow can I virtualize my mission-critical servers while maintaining or improving security?
SOLUTION BRIEF Securing Virtual Environments how can I virtualize my mission-critical servers while maintaining or improving security? agility made possible CA ControlMinder for Virtual Environments provides
More informationSelect the right solution for identity and access governance
IBM Security Buyer s Guide June 2015 Select the right solution for identity and access governance Protecting critical assets from unauthorized access 2 Select the right solution for identity and access
More informationCA Clarity Integration
CA Clarity Integration Delivering Complete Cost, Resource and Change Visibility for IT Management CA has led the industry in providing integrated solutions. Enterprise IT Management (EITM) is CA s vision
More informationSpeeding Office 365 Implementation Using Identity-as-a-Service
August 2015 www.sarrelgroup.com info@sarrelgroup.com Speeding Office 365 Implementation Using Identity-as-a-Service White paper August 2015 This white paper is sponsored by Centrify. August 2015 www.sarrelgroup.com
More informationOffice of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)
Department of Energy Identity, Credential, and Access Management (ICAM) Cyber Security Training Conference Tuesday, May 18, 2010 1 Announcement LACS Birds-of-a-Feather Session Logistics Wednesday, May
More informationPRODUCT SHEET: CA Arcot Cloud Services Data Centers CA Arcot cloud services data centers. True multi-tenancy and scalability
PRODUCT SHEET: CA Arcot Cloud Services Data Centers CA Arcot cloud services data centers Delivering consistent quality of service, scalability and service level assurance When it comes to cloud-based online
More informationACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector
ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationOracle Role Manager. An Oracle White Paper Updated June 2009
Oracle Role Manager An Oracle White Paper Updated June 2009 Oracle Role Manager Introduction... 3 Key Benefits... 3 Features... 5 Enterprise Role Lifecycle Management... 5 Organization and Relationship
More informationAn Enterprise Architect s Guide to API Integration for ESB and SOA
An Enterprise Architect s Guide to API Integration for ESB and SOA The New Digital Imperative While some are still adjusting to the idea, you re well aware that we re living in an application economy.
More informationOracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004
Oracle Identity Management: Integration with Windows An Oracle White Paper December. 2004 Oracle Identity Management: Integration with Windows Introduction... 3 Goals for Windows Integration... 4 Directory
More informationSOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite
SOLUTION BRIEF Enterprise Mobility Management Critical Elements of an Enterprise Mobility Management Suite CA Technologies is unique in delivering Enterprise Mobility Management: the integration of the
More informationSOLUTION BRIEF CA Cloud Compass how do I know which applications and services to move to private, public and hybrid cloud? agility made possible
SOLUTION BRIEF CA Cloud Compass how do I know which applications and services to move to private, public and hybrid cloud? agility made possible You don t. But you can get complete visibility to the cloud
More informationSafeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
More informationCan I customize my identity management deployment without extensive coding and services?
SOLUTION BRIEF CONNECTOR XPRESS AND POLICY XPRESS UTILITIES IN CA IDENTITY MANAGER Can I customize my identity management deployment without extensive coding and services? SOLUTION BRIEF CA DATABASE MANAGEMENT
More informationCA Virtual Assurance for Infrastructure Managers
DATA SHEET CA Virtual Assurance for Infrastructure Managers (Includes CA Systems Performance for Infrastructure Managers) CA Virtual Assurance for Infrastructure Managers (formerly CA Virtual Performance
More informationTECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS
TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS BUSINESS BENEFITS Use of the Certified Partner seal and the Secured by RSA brand on product packaging and advertising Exposure in the Secured by RSA
More informationCA Spectrum and CA Embedded Entitlements Manager
CA Spectrum and CA Embedded Entitlements Manager Integration Guide CA Spectrum Release 9.4 - CA Embedded Entitlements Manager This Documentation, which includes embedded help systems and electronically
More informationLogica Sweden provides secure and compliant cloud services with CA IdentityMinder TM
CUSTOMER SUCCESS STORY Logica Sweden provides secure and compliant cloud services with CA IdentityMinder TM CUSTOMER PROFILE Industry: IT services Company: Logica Sweden Employees: 5,200 (41,000 globally)
More information