Security management, SaaS headline CAWorld

LAS VEGAS – With IT managers increasingly outsourcing their key infrastructure to third-party service providers, security and risk management is getting lost in the shuffle, according to CA Inc.

To address this, the company announced the release of two new CA Identity and Access Management (IAM) upgrades designed to strengthen security for external IT services.

During Monday’s sessions at CAWorld 2008 in Las Vegas, nearly every CA executive stressed the need for IT to adapt to the sputtering economy and reduce unnecessary spending wherever possible. With capital budgets for new IT projects at a complete standstill in many organizations, CA argued that companies have almost no choice but to move some IT services to a hosted, pay-as-you-go model.

Dave Hansen, corporate senior vice-president and GM of security management at CA, said that as individual business units such as marketing, HR and sales continue to go around IT and sign-up with their own Web-based consulting services, the need to secure and authenticate outgoing data is crucial.

“ is not a trivial thing to roll out,” he said. “Data is leaving your environment and you can’t keep up with it.”

The latest additions to CA’s IAM product portfolio are CA’s Federation Manager product, designed to simplify the deployment of federated partnerships, and CA’s SOA Security Manager, a policy-based administration tool that secures access to services by inspecting the content in XML messages.

“People are very immature in this space,” Hansen said. “About five or six years ago, most companies had their entire application portfolio inside their firewalls. Now, more apps are outside and everything requires a level of authentication.”

Most companies, he added, don’t have a process for how to manage security as they roll out new third-party applications and services.

Both products will be generally available next month.

Adnan Amjad, a security and privacy services partner at Deloitte, said that CA is addressing a big gap in the security market and sees a significant opportunity for the company.

“People aren’t waiting for IT anymore, they are blazing down this path to look for things quicker and cheaper,” he said. Even though other business units are commissioning these products on their own, most industry experts would agree that IT is the most likely candidate to be held responsible in the event of a data breach.

According to a recent CA sponsored survey of 555 global IT managers, 43 per cent of respondents perceive security threats, such as XML targeted attacks, as the most critical issue in the implementation of service oriented architecture (SOA) and Web-based IT apps.

CA’s CEO John Swainson said that technologies like virtualization, server SOA, social networking apps, cloud computing and networked devices, are all contributing to IT complexity.

“These six technologies will change the nature of enterprise IT for ever, and simply cannot be managed in the conventional ways,” he said. “Without a new approach to automating the IT environment, the complexity will make it impossible.”

CA’s CTO Al Nugent continued to hammered CA’s point home at the conference, describing the data centre of the future as a hybrid of physical, virtual, and third-party IT services. With IT managers seeing more and more of their control leaving the “four walls” of their data centres, he said, the need for automated governance, risk and security management software is essential.

A central theme to Swainson’s CAWorld keynote address was his desire for CA to emerge from this economic downturn stronger than ever before. To accomplish this, he said, CA rolled out a new SaaS strategy geared toward helping cash-strapped IT shops stay up-to-date on emerging technologies, while also managing that complexity.

The company introduced on demand-based versions of its CA Clarity Product & Portfolio Management, CA Governance Risk & Compliance Manager, and CA Instant Recovery products.

“The benefits of SaaS are compelling, especially in challenging economic times,” Swainson said. “With SaaS, customers can focus on using an application, rather than operating it. They share more of the risk of deployment with the provider. And there are no up-front capital costs.” He added that struggling economy or not, SaaS is a concept who’s time has come and will continue to be an attractive option long after the economic crisis recedes.

Hansen said that both the CA Federation Manager and SOA Security Manager tools were designed with SaaS in mind and could potentially see an on demand release in the near future.

CA continues to make acquisitions in this space as well, with the company announcing the purchase of IDFocus LLC, an identity management firm that will build new capabilities into CA’s Identity Manager tool. And just prior to CAWorld, the company officially announced the purchase of Israel-based role management software provider Eurekify Ltd.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now