While analysts see confusion in the market around identity and access management technology, CA executives told reporters in Toronto recently that the company sees this as the software company’s next big growth area.
CA Canada’s general manager, Joanne Moretti, said security has been a major driver for CA in Canada over the past year.
She said customers increasingly want one console to manage security and network events in a business context, so fewer people can manage the infrastructure.
John Swainson, CA’s president and CEO, added the enterprise is moving away from point solutions toward broad management tools that measure both the availability and the security of service, and help companies understand what it costs them to deliver each service so they can align cost to business value.
On the security side, Swainson said while anti-virus and anti-spam adoption has grown more quickly because they are easier concepts to understand, a growing desire to federate security across the business will lead to slower but more durable growth in identity and access management.
“This is not a problem you can solve by fixing architectural holes in Windows, this is actually a problem that you need to deal with architecturally and systematically at an enterprise level,” said Swainson. “It’s a real bugger to fix.”
David Senf, manager of Canadian application development and infrastructure software with IDC Canada in Toronto, said there’s a disconnect in the marketplace between what identity and access management is and what it can deliver for the organization.
“We’re seeing confusion in the marketplace around what [it is] and why should I be investing in it, and shouldn’t my security focus be around anti-virus, anti-spam, spyware and network defence,” said Senf.
He added while it’s a growing market, there’s a way to go for it to really take off. But with the need to manage identities across services only increasing as adoption of technologies like SOA increases, Senf said he does see growth potential.
Despite the complexities around deployment, companies are making use of identity management technology today. Bell Canada began using CA’s eTrust SiteMinder product four years ago when it was Netegrity SiteMinder, and today Bell has implemented single sign-on across three main areas.
Internal users and retirees have one login to access all internal systems, from human resources to employee benefit sites, no longer needing to login to multiple systems to do their jobs. Retail partners in Bell’s storefronts have one window into all the systems needed to close a sale, and customers have one login through Bell’s Web site to access all their Bell services, from cellular to satellite TV.
Bruce Daly, director of professional services delivery with Bell Security Solutions in Ottawa, said in an interview that on the retail side the average time to close a complex sale across multiple business lines has dropped from 30 minutes to less than 15 minutes.
More strikingly, the cost to manage a password change went from $7 to seven cents, with online self-service password maintenance replacing the need to call the helpdesk, saving between $4 million and $6 million annually.
Daly said Bell had been involved with other identity and access management projects and had templates and processes in place, including an adoption kit to help users through the change. Still, he said it was a complicated undertaking.
As important as the implementation is laying the groundwork first, said Daly, particularly the directory consolidation.
As well, Daly said it’s important to understand the business drivers for the project from the start, whether your goal is better service delivery or cost reductions.
“It’s a journey; it’s not something you just turn on,” said Daly.