CA Technologies has long had a strong presence in security; its CA ACF2 and CA Top Secret solutions for the mainframe world (z/OS) immediately come to mind. However, the company is making a notably strong push in security with a vision of Content Aware Identity and Access Management (IAM), as well as a focus on securing virtualized environments. Of course, CA Technologies is not unique among its competitors in evolving the security market, but what CA Technologies is really doing is illustrative of the necessary evolution of both the IT management and security markets.
The first thing one tends to think of when discussing information and system security is limiting access to data through identity control, which revolves around what is sometimes called identification and authentication (IA). Though this can be very complex, it is a vital and critical step. However, while it needs to be done well, and needs to evolve to meet new challenges, it is not the only thing enterprises need to consider.
The next step is to control or restrict information accessed for legitimate uses. For example, a privileged user--say, a system administrator or a database administrator--should be able to perform appropriate tasks related to the human resources system, but should not be allowed to read or take any other actions with sensitive HR data. Another example: An HR administrator may have read and update access to HR information on individual employees, but does not have the right to e-mail that sensitive data to unauthorized users.
These issues all touch on content-awareness, meaning that IT uses tools that identify sensitive information and how it is to be monitored and managed. Although these may relate to internal information, such as intellectual property or trade secrets, the main emphasis tends to be placed on personally identifiable information (PII), to comply with regulations including state and federal laws. Note that being able to monitor the information is not the only task; preventing the inappropriate use of that information through the necessary control mechanisms comes into place.
Another piece of the puzzle is data loss prevention (DLP) software, which is evolving to play an increasingly important role in Content Aware IAM. So it should come as no surprise that CA Technologies is emphasizing its CA DLP product. That, of course, includes a content registration detection feature that creates a digital "fingerprint" to identify sensitive information, as well as policy-driven encryption for data that is sent in e-mails. In addition, CA DLP integrates with CA Identity Manager to make sure that user and role changes are quickly reflected to ensure proper data-use entitlements. These changes and others reflected in CA's traditional security products are designed to provide IT better and more powerful controls for managing, monitoring and using information.
Though it was once restricted to the data centers of large enterprises, server virtualization is increasingly recognized as a major driver in every sort of IT organization. But while new technologies certainly have benefits, they also raise new challenges. In the case of server virtualization, these challenges include how to commonly manage security in infrastructures utilizing both physical and virtual servers.
