solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Similar documents
CA Technologies Strategy and Vision for Cloud Identity and Access Management

CA Arcot RiskFort. Overview. Benefits

Authentication Strategy: Balancing Security and Convenience

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

expanding web single sign-on to cloud and mobile environments agility made possible

CA SiteMinder SSO Agents for ERP Systems

Logica Sweden provides secure and compliant cloud services with CA IdentityMinder TM

CA Service Desk Manager

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM)

1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com. CA Security SaaS Validation Program. Copyright 2015 CA. All Rights Reserved.

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

CA Business Service Insight

How To Comply With Ffiec

How Can Central IT Use Cloud Technologies to Revolutionize Remote Store Operation?

agility made possible

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

agility made possible

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

Closing the Biggest Security Hole in Web Application Delivery

CA Federation Manager

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Security Services. Benefits. The CA Advantage. Overview

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

solution brief September 2011 Can You Effectively Plan For The Migration And Management of Systems And Applications on Vblock Platforms?

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

A FinCo Case Study - Using CA Business Service Insight to Manage Outsourcing Suppliers

A to Z Information Services stands out from the competition with CA Recovery Management solutions

An Enterprise Architect s Guide to API Integration for ESB and SOA

How To Use Ca Product Vision

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

agility made possible

5 Pillars of API Management with CA Technologies

CA Clarity PPM. Overview. Benefits. agility made possible

CA Automation Suite for Data Centers

IBM Tivoli Federated Identity Manager

How Can I Deliver Innovative Customer Services Across Increasingly Complex, Converged Infrastructure With Less Management Effort And Lower Cost?

agility made possible

can you effectively plan for the migration and management of systems and applications on Vblock Platforms?

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

how can I improve performance of my customer service level agreements while reducing cost?

Understanding Enterprise Cloud Governance

CA Service Desk Manager - Mobile Enabler 2.0

HP Software as a Service. Federated SSO Guide

CA Oblicore Guarantee for Managed Service Providers

CA Technologies optimizes business systems worldwide with enterprise data model

can I customize my identity management deployment without extensive coding and services?

Strengthen security with intelligent identity and access management

Building a Roadmap to Robust Identity and Access Management

Atkins safeguards availability of client s geospatial systems with a CA AppLogic private cloud environment

can you simplify your infrastructure?

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

Genesis Energy delivers IT projects faster with standardised processes and CA Clarity PPM.

Data center and cloud management. Enabling data center modernization and IT transformation while simplifying IT management

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

protect your assets. control your spending

Strong Authentication for Secure VPN Access

CA Workload Automation for SAP Software

STRONGER AUTHENTICATION for CA SiteMinder

Designing a CA Single Sign-On Architecture for Enhanced Security

managing SSO with shared credentials

White paper December Addressing single sign-on inside, outside, and between organizations

can you improve service quality and availability while optimizing operations on VCE Vblock Systems?

CA Cloud Service Delivery Platform

Work Smarter, Not Harder: Leveraging IT Analytics to Simplify Operations and Improve the Customer Experience

Securing Enterprise Mobility for Greater Competitive Advantage

journey to a hybrid cloud

Web Admin Console - Release Management. Steve Parker Richard Lechner

People-Focused Access Management. Software Consulting Support Services

Business-Driven, Compliant Identity Management

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

When millions need access: Identity management in an increasingly connected world

we can Automating service delivery for the dynamic data center of the future Brandon Whichard

Sallie Mae slashes change management costs and complexity with CA SCM

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

CA Technologies Solutions for Criminal Justice Information Security Compliance

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

agility made possible

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

The Top 5 Federated Single Sign-On Scenarios

A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD

CA Virtual Assurance for Infrastructure Managers

Transcription:

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

provides identity and access management capabilities as a hosted cloud service. This allows you to quickly obtain security capabilities without having to deploy or manage a large IT infrastructure typically associated with enterprise security deployments. 2

Executive Summary Challenge Organizations are facing a unique combination of market pressures including a heightened urgency for IT departments to do more with less while helping the business remain agile enough to take advantage of market opportunities. Meanwhile, security concerns abound with growing and increasingly diverse sets of users, applications and access methods. The question facing many is, How do we keep our business responsive while also minimizing security risk? Opportunity The cloud is changing the way businesses approach enterprise software as it provides an option to outsource the infrastructure and underlying maintenance that accompanies deployments. If organizations can fast forward beyond the process of procuring hardware and facilities, installing and configuring software or maintaining software patches and upgrades, they have more freedom to focus resources on the core competencies that make their business unique. Benefits Combining the operational benefits of the cloud deployment model with enterprise class security capabilities provides the best of both worlds. Organizations can quickly deploy flexible security services while maintaining the necessary control over their users and their access to cloud and on-premise applications. 3

Section 1: Challenge How to increase business agility and time-to-value In some ways the Identity and Access Management (IAM) challenges facing organizations have remained unchanged for the past several years. The number and diversity of users interacting with an organization s IT infrastructure continues to grow. The methods and conditions under which these users interact with the organization s websites, applications and servers are increasing as well. The IT infrastructure is being relied on more frequently to securely support sensitive data and transactions. In aggregate, organizations are being challenged to gain control over user identities, their access and the information they interact with. In other ways, the IT landscape is facing dramatic changes which are impacting IAM requirements and strategies. The demand for increased efficiency of IT operations is higher than ever. Markets are rapidly changing and the ability for businesses to maintain the agility to respond to these changes is being challenged. In addition, organizational boundaries are becoming less well defined and this externalization, or de-perimeterization, of the business introduces new security considerations. Enter the cloud The traditional enterprise software deployment model has been to install, configure and manage these solutions on-premise, often under the control of the IT organization. However, efficiency and agility benefits have led many to increasingly consider cloud-based deployment models as an alternative. If a trusted provider can deploy the necessary software solution on top of the necessary hardware, network and infrastructure resources, it can save organizations from ongoing overhead and allow faster solution implementation. An inhibitor of widespread cloud adoption has been concern about the security of applications and information that reside in the cloud. However, cloud hosting providers are addressing these concerns through measures such as providing multi-tenant environments which segregate each organization s data and systems and providing secure and audited hosting facilities. Each organization is facing a unique question of balance at a certain point, many are finding that the business requirements for agility are outweighing diminishing security concerns. Cloud adoption is not an all or nothing proposition and the reality is different for every organization. For those without existing security infrastructure, the cloud offers a low-barrier option to explore the benefits of enterprise-grade IAM. Those with highly sensitive data and extensive IT resources may decide to maintain in house control over security applications. Many will fit in between, following a hybrid model maintaining some security solutions on-premise, utilizing some new technologies in the cloud and making a gradual transition if the model seems to work for them. Regardless of their direction, the value offered by the cloud is worth consideration for most organizations. 4

Section 2: Solution CA CloudMinder delivers hosted security services CA CloudMinder delivers a set of robust IAM capabilities as hosted, cloud services. These services are based on CA Technologies existing portfolio of market-leading IAM security solutions. In addition, the CA CloudMinder service infrastructure is hosted, monitored and supported by CA Technologies 24x7x365. These solutions can operate independently, but also work with on-premise security deployments to support a hybrid cloud adoption strategy.. CA CloudMinder Advanced Authentication The front door to many applications is the authentication method by which users identify themselves and prove who they are. Many organizations are juggling a diverse set of applications with differing levels of sensitivity, and thus, multiple authentication methods which can be difficult to manage. CA CloudMinder Advanced Authentication provides a centralized versatile authentication service which consolidates the management of authentication methods across heterogeneous IT environments. This service provides support for a broad range of authentication methods including password, security Q&A, one-time password via SMS/email and OATH tokens. In addition, it offers several unique two-factor authentication credentials that are more cost effective and user friendly than traditional methods: CA ArcotID The CA ArcotID is a secure software credential that is uniquely assigned to each user. Combining the user s password and their CA ArcotID enables a secure two-factor authentication process that is protected against brute force and man-in-the-middle attacks. This method is transparent to the user so it does not change the login experience that they are accustomed to. CA ArcotID OTP The CA ArcotID OTP is a secure software one-time-password (OTP) generator which runs on most mobile devices, PDAs, or computers. CA ArcotID OTP provides patented key protection and the security of OTP authentication without the requirement for users to carry an extra hardware device. 5

Figure A. CA CloudMinder Advanced Authentication provides centralized management and assignment of authentication methods, including unique software token options Risk detection and prevention The risk of online identity fraud continues to grow with attackers often targeting identity credentials and using them to access sensitive systems. Organizations are constantly seeking a balance between providing the appropriate level of authentication security and convenience to the user. CA CloudMinder Advanced Authentication provides protection against online fraud by monitoring online access attempts and calculating a risk score based on a broad set of variables. The risk score can then be used to determine whether to allow access or initiate additional action. Rules engine CA CloudMinder Advanced Authentication provides a programmable rules engine that can be used to evaluate a wide range of transaction and session criteria to determine the risk level of an activity. The risk score is then evaluated against a predefined set of organizational policies to determine the recommended action. Potential outcomes include allowing access, allowing access but sending an alert, denying access or requiring step-up authentication. Modeling engine CA CloudMinder Advanced Authentication contains a self-learning analytics engine that examines past events and behavior to determine risk. The scoring engine is based on analytical modeling techniques. These models are built by conducting a statistical analysis of transaction and fraud data. The models use multivariate analysis and Bayesian techniques to return a score based on the relative values of multiple parameters. For example, if an employee logs into the corporate financial system from their office computer during business hours 99% of the time, the engine would assign a high level of risk to an authentication that was attempted from an unknown machine during the middle of the night. 6

CA CloudMinder Single Sign-On Business boundaries are quickly expanding beyond the IT domains directly controlled by your organization as users regularly need to access partner applications or those hosted in the cloud. Many of these sites are secured, requiring proper credentials and authentication, yet users do not want to be burdened with managing separate sets of credentials for disparate applications. The ultimate experience is a seamless single sign-on (SSO) experience regardless of who actually owns the application. Federated Single Sign-On CA CloudMinder Single Sign-On provides cross-domain single sign-on for both identity and service providers. This standards-based service leverages Security Assertion Markup Language (SAML) 1.1 and 2.0 to facilitate federation to a wide range of partner websites. Once users have properly authenticated, their credentials and related attributes will be securely shared to enable authentication to partner sites without requiring user action. Just-in-Time (JIT) Provisioning CA CloudMinder Single Sign-On can work with CA CloudMinder Identity Management to deliver JIT provisioning. JIT provisioning allows a user who does not have an account on a given application to have account creation and SSO into that application via a single seamless step. This includes leveraging a user s association to a given group or role to assign them certain privileges on target systems. Figure B. CA CloudMinder Single Sign-On provides standards-based identity federation and single sign-on. 7

CA CloudMinder Identity Management The growth in users, and systems for which they require access, is leading to a growth in digital identities that need to be managed. The management of identities throughout their lifecycle includes multiple aspects including account creation, assignment of access rights, fielding access requests and managing related identity attributes. Organizations require a solution which allows them centrally aggregate and control identities for use across the IT and cloud environment. User management Many organizations have customers and partners seeking to collaborate or access online portals. CA CloudMinder Identity Management can integrate with these applications to provide cloud-based identity management capabilities including user self-service, profile creation, password reset and distribution of forgotten user names. Provisioning CA CloudMinder Identity Management automates the process of adding, modifying and deleting user accounts, including user attributes and role associations which can be used to assign privileges on target systems. This service can be used to provision accounts to both cloud-based and on-premise applications, or to both in a hybrid model. Access request management When a user needs access to enterprise applications, they often reach out directly to IT or the help desk to fulfill the request which can be costly and inefficient. CA CloudMinder Identity Management provides the capability for users to submit these access requests online. The cloud service can then route requests through workflow approvals based on defined policies and where appropriate provision the user to those systems automatically. Figure C. CA CloudMinder identity management provides cloud-accessible identity services including provisioning, user management and self-service 8

Section 3: Benefits Cloud agility, enterprise security Leveraging enterprise security services from the cloud can deliver many important benefits to your organization, including: Elasticity The identity services your organization needs can be expanded, or contracted, based on your current needs. In addition, cloud licensing models mean you only pay for what you use. Low cost of entry The cloud-based model eliminates the need for you to procure hardware, facilities and other costly IT infrastructure that is often needed to support enterprise security solutions. Low cost of ownership Ongoing solution support and maintenance is handled by trusted service providers allowing you to focus your resources on initiatives that differentiate your business. The elasticity provided by this cloud model also allows you to maintain a cost that accurately reflects your usage of the service. Shorter deployment cycles Installation and configuration of the software solution s underlying cloud services has already been taken care of by service providers, meaning you can sign up for and implement services quickly and easily. Section 4: The CA Technologies advantage CA CloudMinder leverages market-leading Identity and Access Management solutions from CA Technologies including CA SiteMinder and CA IdentityMinder. These solutions have been proven at thousands of customer sites worldwide, across industries, company sizes and usage models. Combining the power of proven Identity and Access Management solutions with the convenience of a hosted, cloud-based service can deliver greater flexibility, lower costs and faster results. CA CloudMinder services for advanced authentication, federation and identity management allow your organization to reduce security risk while promoting a positive user experience. CA CloudMinder is hosted and supported 24x7x365 by CA Technologies, providing high levels of assurance that the services are set up and maintained by product experts. CA CloudMinder services can be adopted independently or integrated with one another or a variety of CA Technologies on-premise IAM solutions. And as a cloud service, you pay for only what you need while maintaining your ability to grow your services with the agility that your business requires. 9

Connect with CA Technologies at ca.com Agility Made Possible: The CA Technologies Advantage CA Technologies (NASDAQ: CA) provides IT management solutions that help customers manage and secure complex IT environments to support agile business services. Organizations leverage CA Technologies software and SaaS solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to the cloud. CA Technologies is committed to ensuring our customers achieve their desired outcomes and expected business value through the use of our technology. To learn more about our customer success programs, visit ca.com/customer-success. For more information about CA Technologies go to ca.com. Copyright 2012 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. acs1998_0212

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information