Fortifying Identity Products


With mounting security concerns and compliance regulations putting pressure
on corporations to protect their enterprise assets, CA  has fortified its identity and access management (IAM)
portfolio at the behest of customers.


CA’s IAM suite governs users and their access to applications across
mainframe, distributed, Web and mobile computing systems, automating access
management, identity administration, user provisioning, identity federation,
single sign-on, directory services and Web services security.


CA is joined by HP , Oracle  and IBM
 in the highly competitive IAM market, where companies
are stepping up the granularity of their products to make them as secure and
unbreakable as possible.


At the IT level, comprehensive IAM platforms are crucial to meet the
increasing sophistication of hackers who can access corporate networks. At
the legal level, record retention rules such as Sarbanes-Oxley and Graham
Leach-Bliley dictate strict privacy policies for data housed on computer
networks.


Chief among CA’s IAM improvements are new security capabilities in
eTrust SiteMinder 6.0 service pack 5 (SP5) release that will help CA’s
enterprise customers safely exchange sensitive business applications with
multiple partners.

This identity federation, which connects disparate business applications and
processes across several organizations and internal business units, allows
business managers to provision access rights to make users part of the same
security domain.


SiteMinder 6.0 SP5, which securely provisions access rights across the
Internet as a key piece of CA’s IAM platform, now better supports so-called
“strong authentication,” which includes tokens, smartcards and biometrics.


Moreover, the software zones associated applications across the enterprise
for single sign-on, said Matthew Gardiner, senior manager of CA’s identity
and access management products.


SP5 also supports Microsoft’s Active Directory Federation Services (ADFS), a
federation protocol based on the OASIS WS-Federation specification.


With this support, users can log in once to internal Windows systems and
access Web applications protected by SiteMinder. This gives customers
another protocol choice because CA already supports the Security Assurance
Markup Language (SAML) .


Along the lines of providing more choice, SiteMinder provides a new
federation end point, which uses technology licensed from Ping Identity, to
improve security provisioning among partners in the federation.


“The idea of SiteMinder is that if you have a Web application that many
business partners need to get to, you’ll need a hub a platform on which to
support that federation,” Gardiner said.


SiteMinder, acquired through CA’s Netegrity purchase, is the key policy engine of CA’s IAM suite, but the company spruced up
other pieces of its IAM suite.


CA Identity Manager 8.1 SP1, which simplifies the administration of internal
and external users and their entitlements, uses an ActivIdentity Card
Management System (CMS) connector that integrates card management into
enterprise provisioning and de-provisioning processes.


eTrust Access Control 8 SP1, which sets user policies on Unix, Linux, and
Windows machines, adds virtualization support for Solaris 10 Zones and
VMware ESX Server.


eTrust Single Sign-On 8.1, available in December, enables single sign-on to
client-side applications even when the user’s machine is not connected to
the network, making it a boon for workers connecting from laptops or
handheld PCs.


Finally, CA’s Embedded Entitlements Manager 8.2, which improves security
policy for internal applications, now features tighter integration with CA’s
access management; support for the XACML, SAML and SPML standards; and the
ability to use C#.

HP Enhances IdM Suite

HP conducted some integration and improvements to its own identity and
access management software suite, according to Sai Allavarpu, director of
product management and marketing for identity and security management at HP.

In HP’s IdM suite, HP Select Audit software has been integrated with HP’s
Select Identity, Select Federation and Select Access, adding audit,
attestation, monitoring, alerting, reporting and archiving capabilities to
those applications.


HP Select Identity has been integrated with HP Service Desk Software to
automate, monitor and track the process of resetting user passwords across a
partner network.


HP Select Access boasts a new, open policy management application interface
to trigger easy integration with custom applications for program developers.


Select Access will also now be bundled with HP-UX 11i, allowing users to
apply high-level security policies with one click. For example, Allavarpu
said the tool automatically assigns system backup and restore rights when an
employee joins the operations team and withdraws these privileges when the
employee leaves.


Offered as a suite or individually, HP’s revamped IdM products are expected
to be available by the end of the year.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web