CA Technologies Strategy and Vision for Cloud Identity and Access Management



Similar documents
solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Authentication Strategy: Balancing Security and Convenience

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

expanding web single sign-on to cloud and mobile environments agility made possible

CA Automation Suite for Data Centers

CA SiteMinder SSO Agents for ERP Systems

The Top 5 Federated Single Sign-On Scenarios

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

agility made possible

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

An Enterprise Architect s Guide to API Integration for ESB and SOA

agility made possible

1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com. CA Security SaaS Validation Program. Copyright 2015 CA. All Rights Reserved.

CA Technologies Healthcare security solutions:

How Can I Deliver Innovative Customer Services Across Increasingly Complex, Converged Infrastructure With Less Management Effort And Lower Cost?

agility made possible

CA Arcot RiskFort. Overview. Benefits

agility made possible

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

SOLUTION BRIEF CA Cloud Compass how do I know which applications and services to move to private, public and hybrid cloud? agility made possible

Securely Outsourcing to the Cloud: Five Key Questions to Ask

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

CA Service Desk Manager

Governance and Control of Privileged Identities to Reduce Risk

Sallie Mae slashes change management costs and complexity with CA SCM

Simplify and Secure Cloud Access to Critical Business Data

managing SSO with shared credentials

CA Technologies optimizes business systems worldwide with enterprise data model

White paper December Addressing single sign-on inside, outside, and between organizations

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM)

SOLUTION BRIEF MOBILE SECURITY. Securely Accelerate Your Mobile Business

Security Services. Benefits. The CA Advantage. Overview

How To Use Ca Product Vision

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

How Can Central IT Use Cloud Technologies to Revolutionize Remote Store Operation?

5 Pillars of API Management with CA Technologies

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

content-aware identity & access management in a virtual environment

Datacenter Management and Virtualization. Microsoft Corporation

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

How To Comply With Ffiec

CA Federation Manager

agility made possible

Provide access control with innovative solutions from IBM.

Business-Driven, Compliant Identity Management

Interoperate in Cloud with Federation

agility made possible

solution brief September 2011 Can You Effectively Plan For The Migration And Management of Systems And Applications on Vblock Platforms?

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Strengthen security with intelligent identity and access management

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

accelerating time to value in Microsoft Hyper-V environments

Federated Identity and Single Sign-On using CA API Gateway

how can I virtualize my mission-critical servers while maintaining or improving security?

CA point of view: Content-Aware Identity & Access Management

journey to a hybrid cloud

How can Identity and Access Management help me to improve compliance and drive business performance?

can you effectively plan for the migration and management of systems and applications on Vblock Platforms?

How Technology Supports Project, Program and Portfolio Management

Achieve Your Business and IT Goals with Help from CA Services

Closing the Biggest Security Hole in Web Application Delivery

The Advantages of Converged Infrastructure Management

When millions need access: Identity management in an increasingly connected world

IBM Tivoli Federated Identity Manager

how can I comprehensively control sensitive content within Microsoft SharePoint?

A to Z Information Services stands out from the competition with CA Recovery Management solutions

An Overview of Samsung KNOX Active Directory and Group Policy Features

Asentinel Telecom Expense Management (TEM)

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Building a Roadmap to Robust Identity and Access Management

SOLUTION BRIEF BIG DATA MANAGEMENT. How Can You Streamline Big Data Management?

how can I improve performance of my customer service level agreements while reducing cost?

Broadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services

OPENIAM ACCESS MANAGER. Web Access Management made Easy

1 Introduction Product Description Strengths and Challenges Copyright... 5

Safeguarding the cloud with IBM Dynamic Cloud Security

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Can My Identity Management Solution Quickly Adapt to Changing Business Requirements and Processes?

CA Business Service Insight

Understanding Enterprise Cloud Governance

Citrix OpenCloud Access. Accelerate cloud computing adoption and simplify identity management.

can you simplify your infrastructure?

NCSU SSO. Case Study

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk

CA Clarity PPM. Overview. Benefits. agility made possible

Radix Technologies China establishes compelling cloud services using CA AppLogic

CA Technologies Empowers Employees with Better Access to Applications via OneAccess Mobile App

Genesis Energy delivers IT projects faster with standardised processes and CA Clarity PPM.

Identity and Access Management for the Cloud

People-Focused Access Management. Software Consulting Support Services

Moving Single Sign-on (SSO) Beyond Convenience

The Future of Workload Automation in the Application Economy

Transcription:

WHITE PAPER CLOUD IDENTITY AND ACCESS MANAGEMENT CA TECHNOLOGIES STRATEGY AND VISION FEBRUARY 2013 CA Technologies Strategy and Vision for Cloud Identity and Access Management Sumner Blount Merritt Maxim CA Security Management agility made possible

Table of Contents Executive Summary 3 Section 1: 4 Embrace the Hybrid Cloud Securely Section 2: 5 Security Challenges of the Cloud Section 3: 5 Three Perspectives on Cloud Security Section 4: 9 CA Technologies Strategy for Cloud Security Section 5: 14 Conclusions Section 6: 15 About the Authors 2

Executive Summary Challenge Cloud computing introduces new security challenges for both consumers and providers of cloud services across all types of IT environments. Organizations are seeking to extend existing investments in identity and access management (IAM) solutions to support cloud services and maintain interoperability between cloud and on-premise identity-based systems. A hybrid IAM solution empowers organizations to migrate to the cloud at a pace that meets their requirements to reduce operational costs and enhance agility. Cloud service providers also face ongoing security challenges relating to their existing and new cloud services, including securing virtualized multi-tenant environments and how to maintain the security and integrity of tenant data. Note: Identity and access management (IAM) is the set of processes and the supporting infrastructure for the creation, management, and use of digital identities and enforcement of access policies. Opportunity Cloud computing offers significant potential economic and operational efficiencies. However, these efficiencies are often accompanied with new regulatory requirements around the security of applications and data that are stored in the cloud. The CA Technologies vision and strategy for cloud-based identity services enable organizations and service providers to: Securely provision to, and access, cloud-based services and on-premise apps Choose the IAM deployment option (on-premise, hybrid, or cloud) that meets their unique organizational and security needs Simplify the management of IAM services across both on-premise and cloud deployments The cloud also provides opportunities for organizations which may have previously viewed IAM as out of reach because of perceived complexity or lack of appropriate internal skillsets. 3

Benefits CA CloudMinder offers cloud security solutions that enable organizations to access cloud IAM services and enterprise resources securely and from a centralized consistent interface. CA CloudMinder services enable organizations to centrally control users identities and their access to both SaaS services and on-premise applications in a hybrid environment. This helps organizations utilize the cloud with confidence and adopt a best-of-breed approach that relies on existing onpremise apps and SaaS services, while helping to reduce the cost of security administration. These services enable organizations of all types and sizes to realize efficiency gains while still protecting their critical digital resources, regardless of whether those resources are on-premise or in the cloud. This can result in: Reduced security risk for all systems, applications, and information Reduced administrative expenses and improved efficiency Improved IT agility through flexible deployment options across on-premise and cloud environments Ability to move to the cloud on a comfortable schedule Section 1: Embrace the Hybrid Cloud Securely Introduction CA Technologies has been an active leader in the IAM market for over a decade as part of our overarching strategy to help organizations govern, manage, and secure IT. We have continually expanded our IAM solutions to address a growing set of use cases that organizations face on a daily basis, and to incorporate new and evolving technologies. The cloud is a disruptive, business-driven IT model created in response to the economic realities and mounting pressures to reduce operating costs and increase efficiency, while improving overall business agility. It introduces new (yet familiar) models for consumption and delivery of applications that have a democratizing effect: applications and other IT services that were once only available to companies with large IT shops are now accessible to all. The cloud is the new opportunity leveler, providing the same capabilities to both large and small organizations. A hybrid cloud approach is one that enables organizations to continue to use on-premise IAM solutions while beginning to implement security in the cloud, and have the flexibility to move to the cloud on their own schedule, instead of being forced to adopt an all or nothing approach. One thing that is clear is that identity, and the management and controls dependent on it, are absolutely central to the secure adoption of cloud services. The goal of this paper is to provide the reader with an overview of the CA Technologies CloudMinder strategy and vision for identity and access management. 4

Section 2: Security Challenges of the Cloud As organizations increase their consumption of cloud services, they re becoming more concerned with how they can effectively secure their information and services in the cloud especially since they have limited direct control or visibility over them while remaining obligated to meet data protection legal and regulatory requirements. At the same time, cloud service providers (CSPs) are working to earn the trust of cloud consumers so that they can host increasingly sensitive applications and information. And, some specialized CSPs are looking into delivering security services from the cloud. Whether an organization is looking to provide or consume cloud services, security and control requirements must be addressed. This is true whether those cloud services are complete applications (SaaS), built on hosted application development and deployment services (PaaS) or are focused on basic IT infrastructure as a service (IaaS). Sensitive information and applications will be migrated at least in part to cloud services; the question is whether the cloud will be ready from a security and control perspective. So what needs to happen to make the cloud ready? First, cloud providers and consumers need to recognize that security is an issue and commit to collaborating on solutions. Second, IT professionals need to demonstrate through preparation, actions and investments that acquiring cloud services without such solutions in place is both unwise and unnecessary. Third, CSPs that desire to handle more sensitive workloads and data need to invest in putting greater security control and visibility into the hands of their cloud consumers. Finally, all participants must recognize that cloud security is inherently a joint effort between the cloud consumer and the CSP and that security controls, whether preventive or detective, need to operate reliably without a gap between the players. Section 3: Three Perspectives on Cloud Security TO THE CLOUD Extending IAM services such as provisioning and federated single sign-on to the cloud From the perspective of cloud-consuming organizations many of which already have hundreds of deployed, on-premise applications cloud-based services are implemented in addition to, rather than in place of, existing applications. Security and audit professionals at these organizations are challenged to extend consistent existing security systems and practices which may have continually evolved and improved over the years to encompass their cloud services, whether they are SaaS-, PaaS- or IaaS-based. An example of this would be an organization s extending identity management to the cloud by leveraging the established user identity, authentication and provisioning processes of their on- 5

premise applications. In this instance, access to cloud services can be managed as part of existing security systems and processes, thus helping to satisfy relevant security and compliance requirements. Another common use case is providing universal single sign-on (SSO) to cloud services and existing on-premise applications. In this scenario, the organization owns the application and identity and is merely looking to simplify the user experience. For users, the benefits are clear-no more need to remember lots of passwords for different sites, and a single seamless experience across application environments. And in cases where there are elevated concerns around accessing sensitive data in the cloud, organizations can layer strong two-factor authentication as an added security control. The common theme with these examples is that cloud security controls and processes can be implemented by extending existing enterprise systems and processes to the cloud. This approach depends on cloud consumers and providers being able to easily integrate their security systems with one another, normally through standard protocols. Fortunately, multiple well-vetted security standards exist that enable this type of cross-domain security interoperability, such as SAML, WS-Security, XACML, SCIM and more. The following illustrates extending IAM services to the cloud through user provisioning and SSO: Figure A. TO THE CLOUD Extending IAM services such as provisioning and federated single sign-on to the cloud. 6

FOR THE CLOUD - Providing privileged user management and data protection for cloud-based services If CSPs want to earn the level of trust required by potential cloud-consuming organizations to handle their most sensitive applications and data, they need to have the most effective and up-to-date security controls in place. For example, they must have sufficient control over application and data access for regular and privileged users as well as adequate control processes for user management, authentication, authorization, logging, reporting, delegated administration and more. Privileged users in the service provider s datacenter are an especially high risk area because they often have complete access to your critical applications and information. Granular access entitlements must be available that help ensure that Admins can perform only those actions that they need to based on their role, and only on appropriate systems. In addition, all privileged users must be uniquely identified and not use shared accounts, in order to reduce risk and simplify compliance audits. Furthermore, CSPs must be able to prove the existence and operation of these controls to both customers and external auditors in order to establish compliance with relevant policies and regulations. On top of that, CSPs security systems and processes must be open and interoperable via standards to the security systems of their cloud-consuming customers. A robust and comprehensive identity and access management platform is necessary to provide the level of security and automation that this requirement demands. When the CSP has deployed these core IAM capabilities, the security and privacy of clients key applications and data is significantly improved, and therefore the compliance profile of the client is also enhanced. The client may live and die by the reputation for security controls that they can establish with their own customer base, so a robust IAM platform in the CSP environment (similar to an on-premise IAM platform) can help enhance that image. The following highlights the key identity capabilities that cloud service providers will need to help ensure the security of their environments: Figure B. FOR THE CLOUD - Providing privileged user management and data protection for cloud-based services. 7

FROM THE CLOUD - Delivering a suite of cloud-based identity and access management services to suit the changing needs of your business from the cloud The emergence of the cloud is revolutionizing all aspects of IT service delivery. Organizations are now rationalizing their entire portfolio of IT applications, deciding which are core differentiators and value creators, and which are commodities that are better provided by suppliers. Security systems and processes are not immune to this reevaluation. In fact, it could be argued that many organizations are not particularly adept at providing their own security. And while good security is important to earning customer and partner trust, security in and of itself is not always a key business differentiator. Thus, there are many compelling business reasons to look to the cloud for the delivery of security services. Identity services from the cloud are particularly compelling. They can provide robust security services that can communicate with on-premise IAM services and identity stores, so as to present a unified, consistent set of security services to the application user or administrator. And, by moving various IAM capabilities to the cloud, enterprises can gain the often significant efficiency and agility benefits that a hybrid approach can provide. Another quickly emerging use case involving cloud-based identity services is around social media and marketing. The explosion of services such as Facebook now means that some organizations can utilize those existing third-party identities for accessing their cloud services. The benefit to the business is that they can utilize their existing trusted identities to develop deeper understanding and analytics of their end users, while the benefit to the end user is a simplified user experience especially around the account creation and registration process. The following highlights the importance of cloud-based identity services, and the flexibility and agility that can be achieved by this deployment model: Figure C. FROM THE CLOUD - Delivering a suite of cloud-based identity and access management services to suit the changing needs of your business from the cloud. 8

Although the two previous use case examples are important, this deployment model is the one that many organizations will find the most compelling, even though it requires careful planning and a staged implementation. It is also the model that enables organizations to take best advantage of the cloud s many operational benefits. Section 4: CA Technologies Strategy for Cloud Security Introduction Organizations of all sizes and types must now deal with several significant IT issues including: 1. Pressure to keep IT operating budgets in check Today, IT organizations face flat (or shrinking) budgets, but with an increasing demand for IT security services. As a result, organizations are interested in cloud-based services for things like identity and access management. These cloud IAM services can provide better predictability around budget issues by reducing hardware expenses and moving to more manageable per user utility based pricing. 2. Maintaining appropriate security over increasingly distributed environments In today s world with the need for more and more cooperation between companies, partners and customers, companies are looking to extend their resources to other groups of users outside their company. CA CloudMinder can allow them to simplify the process of getting access to and leveraging the validated identities of others, while still maintaining control. 3. Extending IAM to large new external user communities (B2B/B2C) With the exponential growth in Web-based marketing, organizations that want to grow revenue and reach new markets need to extend their reach to massively large user communities. The cost of managing these identities internally is very high. With cloud-based identity services, this becomes more cost effective, easily scalable, greatly simplifying the IT infrastructure and allowing support for new business models and initiatives. 4. Leveraging third-party identities through social login Social media marketing is becoming a standard marketing practice. The ability to consume and utilize identities issued by other trusted social media identity providers like Facebook, Google, LinkedIn, and others allows the business to direct their customers with seamless single sign-on into their marketing sites, register and track them and leverage the information available by their identity provider. This results in increased customer relationship management. 5. Reducing IT risk While organizations see the benefits of cloud services, they are equally concerned about the security of using a cloud service and are looking for ways that they can maintain the consistent security between on-premise and cloud environments. Therefore, they are looking for cloud services that can deliver consistent security for identities and access for on-premise and cloud environments without unnecessarily increasing risk. 9

These issues are driving many IT organizations to adopt cloud-based services. But, one major inhibitor of more widespread cloud adoption is concern about the security of applications and information that reside in the cloud. Because of these concerns, customers are adopting cloud services in a phased approach in order to limit risk and help ensure the success of their cloud initiatives. Over time, they will continue to move more applications to the cloud. As IAM becomes available as a service, it must be able to support the security requirements of both cloud and on-premise applications in order to allow customers to gradually and gracefully adopt cloud models over time. One solution approach will not fit all needs. In summary, organizations are adopting cloud models gradually and with caution. They need to be able to access comprehensive identity services, running either on-premise or in the cloud, in order to protect applications running either on-premise or in the cloud. Because of their phased deployment requirements, flexibility in their choice of IAM capabilities and in their choice of deployment options are essential. CA CloudMinder is an IAM cloud platform that organizations can utilize for identity services regardless of whether the services, or the applications being protected, are deployed on-premise or in the cloud. Ultimately, enterprises will be able to choose whether their identity components are running on-premise, or in the cloud, or in a hybrid configuration. And, regardless of where it is deployed, this solution can control access to either on-premise or cloud-based applications. These capabilities enable organizations to have very high flexibility in their deployment options, which leads to improved business agility. The goal of CA CloudMinder is to provide the identity services that organizations need, regardless of whether the services, or the applications being protected, are deployed on-premise or in the cloud. Ultimately, customers will be able to choose whether their identity components are running onpremise, or in the cloud, or in a hybrid configuration. And, regardless of where it is deployed, our solution will be able to control access to either on-premise or cloud-based applications. The CA CloudMinder strategy is to offer very high flexibility to our customers in terms of the IAM components they can choose, and how they access identity services. They can adopt cloud-based IAM services according to their own needs and timetables. They can start with a completely on-premise solution, and then migrate certain components to the cloud, operating in a hybrid manner, as their needs and security considerations dictate. 10

CA CloudMinder an Overview CA CloudMinder is a suite of IAM solutions that are delivered as hosted, cloud services. These services are based on CA Technologies existing portfolio of market-leading IAM security solutions and can be deployed individually or together in a modular fashion. The following illustrates the CA CloudMinder approach, and shows how it enables both access to cloud services from on-premise solutions, or identity services deployed in the cloud. CA CloudMinder services enable organizations to centrally control users identities and their access for both SaaS services and on-premise applications. This helps organizations utilize the cloud with confidence and adopt a best-of-breed approach that relies on existing on-premise apps and SaaS services, while helping to reduce the cost of security administration. CA CloudMinder delivers five major operational benefits: 1. Accelerated On-Boarding Process: on-boarding new customers to your service should take just minutes, accelerating your implementation and speeding adoption. 11

2. Increased Usage: reliable, seamless SSO access to your service accelerates adoption and usage, translating to a broader service footprint and higher renewal rates. 3. Predictable TCO: with a flat-rate pricing model, you keep your cost of ownership low and predictable. 4. High-Performance: SaaS operates at the speed of cloud, so cloud identity and access management must ensure high-availability, multi-tenant architecture and secure SAML-based SSO to enable performance. 5. Increased Usage: reliable, seamless SSO access to your service accelerates adoption and usage, translating to a broader service footprint and higher renewal rates. CA CloudMinder currently consists of the following distinct services: Advanced Authentication CA CloudMinder Advanced Authentication provides a centralized versatile authentication service which consolidates the management of authentication methods across heterogeneous IT environments. This service provides support for a broad range of authentication methods including password, security Q&A, one-time password via SMS/email and OATH tokens. In addition, it offers unique two-factor authentication credentials that are more cost effective and user friendly than traditional methods. The Advanced Authentication capabilities also include soft tokens that provide greater security over the familiar hard tokens, without all the management hassles and expense of continually re-licensing these tokens. Software tokens provide the same user experience as passwords, while providing significantly greater security for user authentications, at a lower TCO. In addition to strong authentication, the capability to detect and prevent potential fraudulent activities on the part of users is also important to reducing overall security risk. The risk of online identity fraud continues to grow with attackers often targeting identity credentials and using them to access sensitive systems. CA CloudMinder Advanced Authentication also includes a cloud-based fraud detection and prevention service based on our on-premise solution, CA RiskMinder. This capability provides protection against online fraud by monitoring online access attempts and calculating a risk score based on a broad set of variables. The risk score can then be used to determine whether to allow access or initiate additional action; the risk score is also shared with other CA CloudMinder components, like CA CloudMinder Single Sign-On. CA CloudMinder Advanced Authentication thereby provides an effective way to improve the security of user authentication while maintaining a convenient experience for users. Identity Management The growth in users, and systems for which they require access, is leading to a growth in digital identities that needs to be managed. The management of identities throughout their lifecycle includes multiple aspects including account creation, identity-proofing, assignment of access rights, fielding access requests and managing related identity attributes. Organizations require a solution which allows them to centrally aggregate and control identities for use across the IT and cloud environment. 12

CA CloudMinder Identity Management includes three critical capabilities for managing users across on-premise and cloud environments. User Management provides cloud-based identity management capabilities including user self-service, profile creation, password reset and distribution of forgotten user names. Provisioning automates the process of adding, modifying and deleting user accounts, including user attributes and role associations which can be used to assign privileges on target systems. Provisioning to popular SaaS applications such as Google Apps, SalesForce.com, and others are supported both from CA CloudMinder and from our on-premise provisioning solution, CA IdentityMinder. Access Request Management provides the capability for users to submit access requests online. The cloud service can then route requests through workflow approvals based on defined policies and, where appropriate, provision the user to those systems automatically. Single Sign-On Business boundaries are quickly expanding beyond the IT domains directly controlled by your organization as users regularly need to access partner applications or those hosted in the cloud. Many of these sites are secured, requiring proper credentials and authentication, yet users do not want to be burdened with managing separate sets of credentials for disparate applications. The ultimate experience is a seamless single sign-on experience regardless of who actually owns the application. CA CloudMinder Single Sign-On provides cross-domain federated single sign-on for both identity and service providers, through federation of identities across partner sites. Once users have properly authenticated, their credentials and related attributes will be securely shared to enable authentication to partner sites without requiring user action. CA CloudMinder Single Sign-On provides pre-tested application support for many common SAML applications and also provides support for a wide range of identity federation standards, including SAML 1.1 as well as 2.0, WS-Fed 1.2, OpenID 2.0, OAuth 2.0 and WS-Trust 1.4. In addition, CloudMinder support for standards like OpenID allows consumers to use their existing social identity to easily access your websites and applications in a simple and secure way. This streamlines the user experience but also enables organizations to track consumer identities and potentially even reduce the increasing costs of customer acquisition. It also provides Just-in-Time (JIT) Provisioning that allows a user who does not have an account on a specific application to have account creation and SSO into that application via a single seamless step. This includes leveraging a user s association to a given group or role to assign them certain privileges on target systems. CA Cloud Security looking to the future The overall CA Technologies strategy for CA CloudMinder is to provide flexibility in how our customers access and deploy identity services, and how they transition from their current environment. To that end, we will continue to offer additional identity services as both on-premise and cloud-based services. These additional cloud services would include, for example, access governance and privileged user management, among others. In this way, we will be able to provide organizations and managed service providers with very high flexibility in how they deploy critical identity services. The business agility that results from this flexibility can enable you to more effectively leverage the efficiency benefits of cloud services, while also improving your overall security posture. 13

Section 5: Conclusions Leveraging enterprise security services from the cloud can deliver many important benefits to your organization, including: Elasticity The identity services your organization needs can be expanded, or contracted, based on your current needs. In addition, cloud licensing models mean you only pay for what you use. Low cost of entry The cloud-based model can eliminate the need for you to procure hardware, facilities and other costly IT infrastructure that is often needed to support enterprise security solutions. Quick time-to-value The ability to get up and running with cloud-based security applications quickly gives you the business agility you need to effectively respond to changing competitive or market events Low cost of ownership Ongoing solution support and maintenance is handled by trusted service providers allowing you to focus your resources on initiatives that differentiate your business. The elasticity provided by this cloud model also allows you to maintain a cost that accurately reflects your usage of the service. Shorter deployment cycles Installation and configuration of the software solution s underlying cloud services has already been taken care of by service providers, meaning you can sign up for and implement services quickly and easily. CA Technologies has a clear and innovative strategy and vision for providing identity services for the cloud to our customers, based on the CA CloudMinder suite of solutions. CA CloudMinder gives you the flexibility to securely adopt cloud computing on your own schedule, according to your own needs. With CA Cloudminder, customers can leverage CA Technologies proven IAM capabilities to securely extend IAM services to new large external user communities that support your rapidly evolving business requirements for cloud services as well as existing on-premise applications while reducing the total cost of ownership. This gives organizations maximum flexibility and enables them to support new emerging business models in exponentially growing user communities in a cost effective and predictable manner while allowing them to focus on their core business. We empower you to securely and confidently adopt IAM in the cloud with a choice of capabilities and deployment models. 14

Section 6: About the Authors Sumner Blount has been associated with the development and marketing of software products for over 25 years. He has managed the large computer operating system development group at Digital Equipment and Prime Computer, and managed the Distributed Computing Product Management Group at Digital. More recently, he has held a number of product management positions, including product manager for the SiteMinder product family at Netegrity. He is currently focusing on security and compliance solutions at CA Technologies. Merritt Maxim has 15 years of product management and product marketing experience in the information security industry, including stints at RSA Security, Netegrity and OpenPages. In his current role at CA Technologies, Merritt handles product marketing for the CA Technologies identity management and cloud security initiatives. The co-author of Wireless Security Merritt blogs on a variety of IT security topics, and can be followed at www.twitter.com/merrittmaxim. Merritt received his BA cum laude from Colgate University and his MBA from the MIT Sloan School of Management. Agility Made Possible: The CA Technologies Advantage CA Technologies (NASDAQ: CA) provides IT management solutions that help customers manage and secure complex IT environments to support agile business services. Organizations leverage CA Technologies software and SaaS solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to the cloud. CA Technologies is committed to ensuring our customers achieve their desired outcomes and expected business value through the use of our technology. To learn more about our customer success programs, visit ca.com/ customer-success. For more information about CA Technologies go to ca.com. Copyright 2013 CA. All rights reserved. Windows Server and Active Directory are registered trademarks or trademarks of Microsoft Corporation in the United States and/ or other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. CA does not provide legal advice. Neither this document nor any software product referenced herein serves as a substitute for your compliance with any laws (including but not limited to any act, statute, regulation, rule, directive, standard, policy, administrative order, executive order, and so on (collectively, Laws )) referenced herein or any contract obligations with any third parties. You should consult with competent legal counsel regarding any such Laws or contract obligations. CS3516_0213

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information