RealTime IT News

CA Refreshes Security Line With An Eye On Compliance

Mainframes aren't exactly in need of antivirus programs (yet), but they still have security concerns more closely related to compliance issues. CA today announced upgrades to five of its security products, for IBM mainframes running the z/OS operating system, with an emphasis on legal and regulatory compliance.

These updated products provide enhanced security analysis, compliance, reporting and data protection functionality and streamlining of administrative and management tasks. The emphasis is on identity and access management, where administrators need to enforce security policy enforcement for accounts, according to Kirk Willis, senior vice president and senior product line manager for CA's mainframe security solutions.

"Given today's landscape in terms of security and a lot of the regulatory bodies that look after lines of business, there's a lot of concern and need for tools and extensions to be made on the mainframe platform to allow sites to operate within a corporate policy based on regulations they need to be in compliance with," he told InternetNews.com.

The two most significant upgrades are CA ACF2 and CA Top Secret Release 12 for z/OS, which provide access control for z/OS operating systems and centralized DB2 security. CA has added Compliance Information Analysis for real-time analysis and reporting of user entitlements, groupings, and administrative privileges.

ACF2 and Top Secret allow administrators to define and implement a security methodology that can be flexible while also giving a complete and accurate picture of user access on the mainframe. Over the years, there may be many accumulated accounts with high levels of access or privilege that are overlooked or forgotten, and that could lead to trouble.

"Over time, access rights can accumulate and muddy the waters," said Willis. "Not all sites operate in best practices and they have collections of obsolete accounts. So they need to understand what is available and what constitutes an obsolete resource."

This user account checking is done through CA Auditor Release 12 for z/OS, which performs auditing, integrity check, and performs FIPS-200-compliant baseline analysis. FIPS-200 is a federal standard for determining the risk of data stored on a system.

Another part of the solution is CA Cleanup Release 12, which aids in restricting or eliminating access by outdated user accounts. It has been updated to better support federal regulation compliance and can track how well the system complies with specific regulations.

The last piece is CA Tape Encryption Release 12.5, which simplifies and automates the cryptography processes of data stored on tape backups. The new version supports tape selection based on external security manager criteria for enhanced control and flexibility in protecting data.