Today, CA announced that it has [acquired IDFocus LLC ](http://www.ca.com/us/press/release.aspx?cid=186938)and its ACE identity management technology to strengthen its own identity management offerings.
The ACE application will be rolled into CA’s Identity and Access Management suite, which CA has been strengthening for some time.
In May, CA agreed to [resell Eurekify’s Enterprise Role Manager](/security/article.php/3746971), thus adding role-based ID management to its portfolio. In early June, CA [unveiled various tools to automate compliance management](/software/article.php/3752051), creating online workflow and tying in to remediation. All involve identity management.
Identity management is important because it helps prevent security and compliance breaches in-house, by controlling the access of staff and contractors of a company to applications. Part of that control involves retiring or rescinding access when a person is promoted, transferred or leaves the company.
Failing to retire or rescind accounts leads to [orphaned accounts](/security/article.php/3749586), which are a known security flaw.
One of the features IDFocus brings to CA’s products is a separation of duties (SoD) capability. SOD is critical to security as it creates a system of checks and balances. Essentially, SoD means that different people handle different aspects of a task. That’s the reason why, in a business, the accounts payable and accounts receivable departments are separate.
Failure to maintain SoD allowed rogue systems administrator [Terry Childs ](/tags/index.php/110002/Terry+Childs.htm)to hold the City of San Francisco hostage when he created a super password that locked everyone but him out of accessing the city’s network.