CA Technologies Steps Up Its Focus on Security

CA Technologies has long had a strong presence in security; its CA ACF2 and CA Top Secret solutions for the mainframe world (z/OS) immediately come to mind. However, the company is making a notably strong push in security with a vision of Content Aware Identity and Access Management (IAM), as well as a focus on securing virtualized environments. Of course, CA Technologies is not unique among its competitors in evolving the security market, but what CA Technologies is really doing is illustrative of the necessary evolution of both the IT management and security markets.

The first thing one tends to think of when discussing information and system security is limiting access to data through identity control, which revolves around what is sometimes called identification and authentication (IA). Though this can be very complex, it is a vital and critical step. However, while it needs to be done well, and needs to evolve to meet new challenges, it is not the only thing enterprises need to consider.

The next step is to control or restrict information accessed for legitimate uses. For example, a privileged user--say, a system administrator or a database administrator--should be able to perform appropriate tasks related to the human resources system, but should not be allowed to read or take any other actions with sensitive HR data. Another example: An HR administrator may have read and update access to HR information on individual employees, but does not have the right to e-mail that sensitive data to unauthorized users.
 
These issues all touch on content-awareness, meaning that IT uses tools that identify sensitive information and how it is to be monitored and managed. Although these may relate to internal information, such as intellectual property or trade secrets, the main emphasis tends to be placed on personally identifiable information (PII), to comply with regulations including state and federal laws. Note that being able to monitor the information is not the only task; preventing the inappropriate use of that information through the necessary control mechanisms comes into place.

Another piece of the puzzle is data loss prevention (DLP) software, which is evolving to play an increasingly important role in Content Aware IAM. So it should come as no surprise that CA Technologies is emphasizing its CA DLP product. That, of course, includes a content registration detection feature that creates a digital "fingerprint" to identify sensitive information, as well as policy-driven encryption for data that is sent in e-mails. In addition, CA DLP integrates with CA Identity Manager to make sure that user and role changes are quickly reflected to ensure proper data-use entitlements. These changes and others reflected in CA's traditional security products are designed to provide IT better and more powerful controls for managing, monitoring and using information.

Though it was once restricted to the data centers of large enterprises, server virtualization is increasingly recognized as a major driver in every sort of IT organization. But while new technologies certainly have benefits, they also raise new challenges. In the case of server virtualization, these challenges include how to commonly manage security in infrastructures utilizing both physical and virtual servers.  To increase the understanding of this issue, CA Technologies commissioned Kuppinger Cole, a European firm, to do a cross industry survey whose results highlighted virtualization security trends and insights. The survey covered 335 respondents in more than 15 countries. Not surprisingly, while the most important driver for virtualization is IT operational efficiency, the Kuppinger Cole survey shows that virtualization security is a concern for organizations. The survey also shows that organizations expect security to be integrated across both virtual and physical environments.  

Although not in the survey, CA Technologies points out that server virtualization can result in a virtual sprawl--for example, where as much as 30 percent of servers are virtualized, which makes it more of a management problem. That leads to a number of problems--problems that the survey identifies and that CA Technologies offers potential solutions for. For example, preventing sensitive data from creeping into less secure virtual environments was an important security concern that CA DLP is designed to address.  

The risks related to privileged users in virtualized environments were also identified as an issue in the Kuppinger Cole survey. This is where CA's IAM products play a key role under the context of what is called PUM (Privileged User Management). In addition, while survey respondents note the need for the adoption of a number of security software tools, they also understand that effective virtualization security requires good practices.   

CA Technologies is not currently a client of David Hill and the Mesabi Group.