CA Aims Security Efforts at Access Control

Large vendors start to take on identity management.

Web security needs are beginning to attract the attention of larger vendors that are combining elements of traditional access control with new protection for legacy and mainframe applications.

Computer Associates International Inc., for instance, is readying eTrust Web Access Control, the companys biggest foray yet into Web security and the beginning of a shift in the companys security strategy, said Simon Perry, divisional vice president and security strategist at CA, in Islandia, N.Y.

Web Access Control provides some context around users authentication credentials by extending them from the back end through the enterprise and onto the Web. Utilizing single-sign-on technology, users will be able to authenticate themselves to the system one time and have all their permissions and system resources allocated to them.

There is also a built-in directory database and an open LDAP interface if users want to use repositories.

The new tool will support public-key infrastructure and token authentication as well as simple passwords. "We can pass the authentication all the way back through the infrastructure to the mainframe," Perry said.

"This move to the Web is a significant one for us. The traditional desktop world of security is not going to keep growing," Perry said. "Organizations are still looking to Web-enable applications, and to do that you have to [have] strong authentication and administration tools."

CAs attempt at Web security/identity management comes as a number of other large vendors—notably Novell Inc. and the partnership of IBM and VeriSign Inc.—are trying the same. Novell has made security a key focus, and identity management will play a big part in the companys plans, officials said.

Longtime users of identity management software say that its value goes beyond just security and convenience. "We save a lot of money by using identity management. We have 3,800 users and manage our network with just four administrators," said Bill Kannberg, chief technology officer/technology manager for Hillsborough County, Fla., and a user of several of Novells identity management products. "We just rolled out a Web portal to replace our remote access system, and it can render Web pages on the fly as users log in. Its extendable, and its safe."

Meanwhile, established identity management players, such as Netegrity Inc., are moving ahead as well. Net- egritys newest version of its access control tool SiteMinder, which includes support for Microsoft Corp.s Passport authentication service and Security Assertion Markup Language, is set to add support for the merging Web Services-Security standard and will enable richer federation, officials said.

"Cross-company federation is the key," said Amit Jasuja, vice president of product management at Netegrity, in Waltham, Mass. "Web security requires policies to protect access to a resource, and sharing that across companies can be very valuable."

The company is also planning the release of its Identity-Minder software early next month. It will rely on role-based authorization and centralized management to help manage users identities.