CA takes on security, software compliance chores

CA Inc. is beefing up its portfolio of software for managing compliance, including products that address security, software licensing and IT process automation.

The company offered a total of eight releases last week that covered various aspects of IT management, such as governance, identify management and access control, but only three are actually new additions to its lineup. These are CA Security Compliance Manager, CA Software Compliance Manager and CA IT Process Manager. CA, which operates out of Islandia, N.Y. but has its Canadian headquarters in Toronto, did not announce pricing at press time.

Don LeClair, senior vice-president of CA technology strategy, said many firms begin their compliance activities by looking at security issues, whether it’s dealing with U.S. legislation such as Sarbanes-Oxley or managing access to critical systems.

“You can’t afford to make mistakes or use manual processes. You have to make sure you’re complying with policy,” he said, adding that CA Security Compliance Manager offers a dashboard-like capability. “It lets you automate the validation process around people’s entitlements, and it also creates the audit trails and reporting.”

The software compliance product, on the other hand, is designed to help IT managers who are facing increased scrutiny from vendors such as Microsoft over the applications they have deployed in their enterprise. LeClair said the product is designed as an inventory tool.

“The fundamental goal here is to reconcile what software you have licences for versus what you have in your enterprise,” he said. “Usually you only have licences for so many copies of Microsoft Office.”

CA IT Process Manager is focused more on applying policies to the way technology infrastructure has run. LeClair said it offers dozens of connectors to other CA products as well as third-party vendors and includes around 1,000 pre-defined processes to help customers get started.

“In order to survive, you have to do automation. You can’t increase your staff,” he said, adding that despite the acquisitions of Opsware by HP and BladeLogic by BMC, “it’s still a relatively under-penetrated area in the industry. Many customers are using scripts and low-level technology.”

CA also updated its GRC Manager, which in r1.5 promises to bring more visibility to governance and compliance activities to audit and control staff in an enterprise. Marc Camm, senior vice-president and general manager of GRC products at CA, said the company has deployed the product internally and has seen a 50 per cent reduction in costs related to testing. It’s the same way many customers evaluate their compliance results, said Camm.

“They look at the ROI based in operational improvements and cost savings. It could be more streamlined testing of controls, or testing of controls across different compliance efforts,” he said. “This gives you that ability now to find out if you have redundant controls.”

Many technology executives are using the IT Infrastructure Library (ITIL) framework, now in its third iteration, to deal with their compliance work. This includes the City of Toronto, where CIO David Wallace is focused on improving governance.

“ITIL is great for dealing with things like delivery management, service desk,” he said in a recent interview with ComputerWorld Canada. “We’re looking right now at aligning our service level agreements with ITIL standards.”

CA still has some work to do before its product line offers a fast track to ITIL, however.

“The (GRC Manager) platform itself is highly configurable. You can put in different workflows and rules to support different frameworks. We don’t support the frameworks out of the box today, but that’s something we’re going to do in the future.”

Other updates to CA’s product line included CA Access Control Premium Edition, CA Identity Manager r12 and CA Advanced Systems Management r11.2.