CA cloud authentication assesses security risk

CA Technologies today announced its cloud-authentication service now features advanced controls to let customers more effectively control who gets into corporate applications.

The CA Advanced Authentication Cloud Service offers risk-based scoring that ties the strength of the authentication needed to the specific application the user wants to do after initial logon. For instance, a simple password might be deemed sufficient for some applications such as e-mail, while stronger two-factor authentication might be required when trying to access more sensitive information, such as a payroll application.


“When you hit a URL, it will check how you authenticated against a risk core,” says Lina Liberti, vice president of marketing at CA, about the software-as-a-service. The initial way that the user gained access to some corporate resources via the service may be deemed not fully sufficient to gain access to other resources and the user may be prompted to provide a stronger type of authentication.

The service is based on the Arcot technology that CA acquired late last year, which has now been integrated into CA’s SiteMinder Web authentication product and service. Previously, the Arcot technology working in conjunction with SiteMinder would only offer a “yes” or “no” guidance on authentication by the user, not a risk score related to all the activities the user wants to do after online authentication.

In addition, CA announced its cloud authentication service now supports what’s called “tagless” device identification which allows the service to uniquely identify a device — whether it’s a PC or smart phone or anything else — via fingerprint method based on collecting device data. The tagless device identification method does not depend on use of cookies or agents, however.

“It’s basically taking a snapshot of the machine, like a machine DNA,” says Liberti, saying the technique CA has developed works on “anything that has a chip on it.” The underlying idea is that the user is associated with the device and that identification information can be registered and used as part of the risk-based scoring approach. In addition, CA says it has developed apps for mobile smart phones that allow them to be used for one-time passwords based on the CA Arcot OTP technology.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now