CA Beefs Up IAM Portfolio

With mounting security concerns and compliance regulations putting pressure on corporations to protect their enterprise assets, CA has fortified its identity and access management (IAM) portfolio at the behest of customers.

CA's IAM suite governs users and their access to applications across mainframe, distributed, Web and mobile computing systems, automating access management, identity administration, user provisioning, identity federation, single sign-on, directory services and Web services security.

CA is joined by HP and IBM in the highly competitive IAM market, where companies are stepping up the granularity of their products to make them as secure and unbreakable as possible.

At the IT level, comprehensive IAM platforms are crucial to meet the increasing sophistication of hackers who can access corporate networks. At the legal level, record retention rules such as Sarbanes-Oxley and Graham Leach-Bliley dictate strict privacy policies for data housed on computer networks.

Chief among CA's IAM improvements are new security capabilities in eTrust SiteMinder 6.0 service pack 5 (SP5) release that will help CA's enterprise customers safely exchange sensitive business applications with multiple partners.

This identity federation, which connects disparate business applications and processes across several organizations and internal business units, allows business managers to provision access rights to make users part of the same security domain.

SiteMinder 6.0 SP5, which securely provisions access rights across the Internet as a key piece of CA's IAM platform, now better supports so-called "strong authentication," which includes tokens, smartcards and biometrics.

Moreover, the software zones associated applications across the enterprise for single sign-on, said Matthew Gardiner, senior manager of CA's identity and access management products.

SP5 also supports Microsoft's Active Directory Federation Services (ADFS), a federation protocol based on the OASIS WS-Federation specification.

With this support, users can log in once to internal Windows systems and access Web applications protected by SiteMinder. This gives customers another protocol choice because CA already supports the Security Assurance Markup Language (SAML) (define).

Along the lines of providing more choice, SiteMinder provides a new federation end point, which uses technology licensed from Ping Identity, to improve security provisioning among partners in the federation.

"The idea of SiteMinder is that if you have a Web application that many business partners need to get to, you'll need a hub a platform on which to support that federation," Gardiner said.

SiteMinder, acquired through CA's Netegrity purchase, is the key policy engine of CA's IAM suite, but the company spruced up other pieces of its IAM suite.

CA Identity Manager 8.1 SP1, which simplifies the administration of internal and external users and their entitlements, uses an ActivIdentity Card Management System (CMS) connector that integrates card management into enterprise provisioning and de-provisioning processes.

eTrust Access Control 8 SP1, which sets user policies on Unix, Linux, and Windows machines, adds virtualization support for Solaris 10 Zones and VMware ESX Server.

eTrust Single Sign-On 8.1, available in December, enables single sign-on to client-side applications even when the user's machine is not connected to the network, making it a boon for workers connecting from laptops or handheld PCs.

Finally, CA's Embedded Entitlements Manager 8.2, which improves security policy for internal applications, now features tighter integration with CA's access management; support for the XACML, SAML and SPML standards; and the ability to use C#.

HP Enhances IdM Suite

HP conducted some integration and improvements to its own identity and access management software suite, according to Sai Allavarpu, director of product management and marketing for identity and security management at HP.

In HP's IdM suite, HP Select Audit software has been integrated with HP's Select Identity, Select Federation and Select Access, adding audit, attestation, monitoring, alerting, reporting and archiving capabilities to those applications.

HP Select Identity has been integrated with HP Service Desk Software to automate, monitor and track the process of resetting user passwords across a partner network.

HP Select Access boasts a new, open policy management application interface to trigger easy integration with custom applications for program developers.

Select Access will also now be bundled with HP-UX 11i, allowing users to apply high-level security policies with one click. For example, Allavarpu said the tool automatically assigns system backup and restore rights when an employee joins the operations team and withdraws these privileges when the employee leaves.

Offered as a suite or individually, HP's revamped IdM products are expected to be available by the end of the year.

Article courtesy of internetnews.com