The updated CA IAM offering brings a number of additions to the five individual applications that make up the product, which are the companys eTrust SiteMinder 6.0, Identity Manager 8.1, eTrust Access Control 8, eTrust Single Sign-On 8.1 and Embedded Entitlements Manager 8.2.
CAs overarching goal for the new release was to help companies simplify identity and password management systems while building new capabilities to integrate their efforts with partners and other organizations they may provide with some level of external network access, company officials said. One of CAs main simplification methods was further adoption of several industry standards, including one piloted by Microsoft.
The release also allows users to replace traditional passwords and user IDs with stronger authentication methods, including so-called two-factor identification systems, and to provide support for securing multiple virtual software systems running on the same devices.
Many companies still maintain multiple identification and authentication systems to control access to their various business applications, but CA officials said a growing number are seeking to pull their operations under a single umbrella. However, the projects tend to become complex very fast, putting some companies in a jam when they have not planned sufficiently, according to CA.
"For a lot of organizations, centralized ID access and management is still new, and many of those considering projects find the technology is only part of the problem—they must also change the mindset of their organization to make it work," said Matthew Gardiner, senior manager of IAM products at CA, based in Islandia, N.Y. "Instead of doing security on each application, theyre trying to centralize, and thats not easy, but there are multiple drivers for these efforts that are also causing pain, including compliance and corporate data loss."
CAs eTrust SiteMinder 6.0 SP5 software offers federation, or expanded capabilities for integrating ID management systems with those of other companies. The package now offers support for Microsofts ADFS (Active Directory Federation Services) and the introduction of a new "federation end point" for managing shared authentication information between organizations.
The company says its new release also simplifies the use of stronger forms of authentication such as tokens, smart cards and biometrics, and lets users build such devices into components of access management policies. The software is meant to provide more flexible control of SSO (single sign-on) systems by making it easier to group associated applications into zones, using the eTrust SiteMinder infrastructure.
In CA Identity Manager 8.1 SP1, the company said it has included new connectors that will help streamline and simplify administration of internal and external users and their usage permissions, including an ActivIdentity CMS (Card Management System) connector that aims to help expedite the process of granting and revoking worker IDs such as smart cards.
With eTrust Access Control 8 SP1, the firm has attempted to addresses growing customer needs related to server virtualization, with new support for Suns Solaris 10 systems and VMwares ESX Server software. By further locking down the systems, CA said companies can ensure more consistent security management across virtual operating systems as well as host systems.
eTrust Single Sign-On 8.1 now allows companies to use single sign-on to access client-side applications, even when a device is not connected to a network. CA said tighter integration between its eTrust Single Sign-On and eTrust SiteMinder products will also provide users with single sign-on capabilities for the Web, client-server and mainframe environments.
Embedded Entitlements Manager 8.2, formerly known as the IAM Toolkit, offers customers the ability to extend the reach of the products security policy engine to protect their internally developed applications. Many businesses with comprehensive identity management programs in place are still struggling to find intelligent ways to link their efforts to homegrown applications, Gardiner said.
"The … area never addressed from a centralized security perspective is typically the custom-built applications; larger companies have always made a lot of software for internal use, and historically theyve been forced to build security into each application on its own," Gardiner said. "As such, it typically takes a long time to alter every application ever time you need to make some sort of change, so companies end up living with out-of-date security for those systems."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.