CA has entered into a reseller agreement with software company Eurekify in an attempt to add broader role-based identity management offerings to its portfolio in a crowded market.
As part of the deal, CA will resell Eurekify Enterprise Role Manager and provide support and services. The move, according to Burton Group analyst Kevin Kampman, gives CA a degree of parity with efforts by Sun Microsystems and Oracle to provide a comprehensive answer to enterprise identity management woes.
"Working with Eurekify gives CA a more complete approach to identity management, especially with regard to understanding the rationale for business access to technical resources," Kampman said. "Roles provide a business focus that is generally lacking in administration-oriented tools like resource provisioning."
CA remains one of the leaders in the identity management space, alongside companies such as Sun, Oracle, IBM and Novell. Eurekify specializes in role design, management and auditing. Officials at CA said the combination of CA Identity Manager and Eurekify Enterprise Role Manager will give customers a system for smart provisioning, meaning customers can clean up identity data first and then model roles with the best available information.
"Customers are asking for role-based identity management because it truly is the only way to successfully manage identities," said Bilhar Mann, senior vice president of security management at CA. "For example, if you have a 20,000 person organization, there are likely hundreds of systems and applications that those 20,000 individuals could have access to. This could amount to 1 million access privileges that need to be granted, monitored and managed."
The constant changes that occur in the business world, such as people leaving or getting hired, make it difficult to find violations and exceptions among millions of access rights, he continued.
"However, if you mine and model those jobs and identities into roles, you get a much more manageable way to provision a user and manage his or her identity," Mann said. "You could feasibly have just 1,000 roles to manage for that 20,000-person company versus 1 million access privileges."
The data from Eurekify Enterprise Role Manager is exported transparently into CA Identity Manager. Since it is a back-end system, the front-end user interface is whatever the customer is using, Mann said. The company manages identity life cycles for multiple systems, including SAP and Oracle databases, he said.
Kampman said he expects integration between role management and identity management technology to continue.
"Role management and provisioning address different problems; I do think they are complementary," he said. "There will be a direct coupling relative to the management of authoritative information for roles-what roles, who has them-and the resources-what roles get access to what tools, under what conditions."