CA tackles identity management crisis

Network managers know how hard it is to manage the multiple user identities of their employees, but Computer Associates International Inc. (CA) thinks they have the answer with eTrust Admin 2.0.

Released in July, the upgrade from eTrust Admin 1.7 features role-based user provisioning functionality that is the hallmark of this product.

Simon Perry, vice-president of security solutions for CA, described the role-based user provisioning concept by saying is involves “providing to a user all the identities and access rights they’re entitled to according to their role.”

Employees usually have numerous identities to access different systems in the company, and keeping track of them can be difficult. eTrust Admin keeps them all in one directory, and can access other system directories. If an employee is fired, an administrator can access their profile and delete their access to all the company’s systems at once. If an organization laid off 7,000 employees, all their identities that give them access to systems would have to be deleted. If each employee had 5, that would mean 35,000 identities would need to be deleted.

eTrust Admin 2.0 manages all the employees’ identities in one directory, so when an employee’s file was deleted, all of their identities in all the different directories would also go, denying them access to systems. Thus, instead of making 35,000 deletions the administrator would only need to make 7,000.

Brigham Young University (BYU) in Provo, Utah purchased eTrust Admin 2.0 to control what systems people have access to when they’re hired, fired, or switch positions.

“We liked eTrust Admin 2.0 because it gives us a greater ability for identity management,” said Karl Jackson, an infrastructure engineer at BYU.