CA Technologies added new security capabilities to its cloud-authentication service that allows customers to have more control over how users access corporate applications.
CA added tagless identification and module authentication capabilities to its CA Advanced Authentication Cloud Service and deepened the integration with CA SiteMinder, the company said Feb. 16. SiteMinder is a centralized Web access-management system to improve Web application and information security by offering single sign-on and identity federation, according to CA.
"CA Technologies identity and access-management solutions are developed to address the needs of our customers, no matter how they want their security solution delivered," said Mike Denning, general manager of security at CA Technologies.
CA acquired the cloud service, formerly known as Arcot A-OK for Enterprise, as part of its acquisition of Arcot, which closed in October. The new security mechanisms have also been added to other Arcot products, the on-premise CA Arcot WebFort and CA ArcotRiskFort, the company said. Other Arcot technology has been integrated into SiteMinder.
The Arcot acquisition was intended to expand CA's portfolio with products that provide security "to, for and from" the cloud.
"Some opt to move to the cloud; some opt to keep things on-premise, while many are adopting a hybrid model using both cloud services and on-premise software," Denning said.
Regardless of where the applications are stored, IT managers have to secure the applications consistently across the entire enterprise. "Organizations are under more pressure than ever to evaluate their security solutions and how they are deployed," he said.
CA Advanced Authentication Cloud Service scores risk to determine the authentication strength required for a particular application, CA said. For example, a simple user name and password combination may be sufficient for some applications, but a stronger two-factor authentication, or even biometrics, may be required to access more sensitive or confidential data, such as payroll information, according to the company.
The tagless identification allows the software as a service to identify a device by "fingerprinting" a device to uniquely identify it. Fingerprinted devices such as laptops or phones are able to access the application via the service. The fingerprint is generated based on available data collected and analyzed by the service. Cookies and agents are not used for the data collection, CA said. An unknown device would have to encounter more security hoops, but a suspicious device would be profiled and blocked if its risk score exceeds what is considered safe, according to the company.
The previous version of the technology only offered "yes" or "no" as guidance instead of a risk score calculated on the user's list of activities.
"The new features in CA Advanced Authentication Cloud Service and in CA Arcot WebFort and CA Arcot RiskFort on premise solutions help address security concerns of a growing mobile workforce, and step up the authentication levels with every log-in and transaction," Denning said.
CA also developed mobile phone applications that allow the devices to be used for one-time passwords based on the CA Arcot one-time password technology. Since the application generates the password, users don't need to carry a separate authentication devices, the company said.