CA's Clarke: SOX Driving IM

Sarbanes Oxley is forcing users to think seriously about deploying identity management technologies, says Jeff Clarke, Computer Associates International Inc. (CA)'s (NYSE: CA) chief operating officer.

During his keynote at the C3 Expo conference in New York today, Clarke highlighted the growing need to control who gets access to what in corporate networks. Sarbanes Oxley is driving the identity management market, because the Act requires management to know who is accessing their systems,” he said.

In addition to worrying more about identity management, the new regulations have users approaching their entire business with a much more critical eye, according to Clarke. “SOX requires you to document and test your processes."

Clarke, who has overseen CA’s own compliance effort, admitted that SOX is “a headache of Olympian proportions,” although he also highlighted the long-term benefits of compliance. “There are major payoffs to be gained." One major benefit is confidence, at management, board, and investor level, he added.

Clarke has experienced this first-hand. Though he did not refer to the financial scandal that rocked CA last year, the company has been working to tighten up its own business processes over recent months (see CA Changes Shape, CA's Mea Culpa, and What's in a Name?).Indeed, Clarke was drafted into CA last year when the company was attempting to put its house back in order. Prior to CA, the exec was CFO at Compaq, where he worked on the merger with Hewlett-Packard Co. (NYSE: HPQ).

But CA’s drive towards compliance is still a work in progress. In a statement released today, the company confirmed that it had identified two weaknesses in its internal controls under Section 404 of SOX. These relate to financial reporting on the company’s restatement of its financial results, and a deficiency in maintaining an “effective control environment” for its Europe, Middle East and Africa (EMEA) operation (see CA Files FY05, Affirms Guidance).

In the statement, Bob Davis, CA’s chief financial officer, said that the company has “acted swiftly and decisively” to correct the problems. "We have made substantial progress and will work diligently over the coming months to complete the task," he added.

Clarke's references to SOX today, however, were aimed at improving its profile as one of the major players in the identity management space (see CA Intros eTrust IAM Toolkit and Identity Management Heats Up).

Users are certainly looking at these technologies, although there is a feeling in some quarters that existing offerings don't have the breadth of functionality that organizations need (see CIOs Face Identity Crisis).Clarke believes that with its recent acquisition of Netegrity, CA has an ace in its pack, though that remains to be proven (see CA Completes Netegrity Acquisition ). “That’s why we bought Netegrity. That will allow you to get into any element of the data.”

CA has certainly been extremely aggressive in this space, which it describes as Identity and Access Management (IAM). The vendor has made a slew of acquisitions over the last 12 months, including anti-spyware specialist PestPatrol, network management company Concord Communications, and, this week, firewall vendor Tiny Software (see CA Acquires PestPatrol, CA Completes Concord Acquisition, and CA Gets Tiny).

Is more M&A activity likely? “We’re certainly in digest mode now,” Clarke told NDCF. “But if other technologies emerge, we will look at them.”

— James Rogers, Site Editor, Next-Gen Data Center Forum