CA Stakes Another Mainframe Security Claim

The new standards-based security framework offerings should allow customer identities to propagate without interference from middleware.

CA on Tuesday will announce a new security framework for the mainframe that is designed to tie together the various aspects of identity, authentication and authorization in a standards-based architecture.

Computer Associates International Inc. has been moving full speed into the network and desktop security arenas, but company officials still believe that there is room for growth in the mainframe market and say that the current lack of an overarching solution in that sector makes it ripe for the picking. IBM is the only other real player in the mainframe security world.

CA executives estimate that 30 percent of their companys identity and access management business comes from mainframe security products.

The Security Management Architecture relies on a variety of standards, including Kerberos, WS-Security, SAML (Security Assertion Markup Language), SPML (Service Provisioning Markup Language), X.509 and others, to enable enterprises to propagate identity information throughout the environment, regardless of which avenue a user takes to the mainframe.

The framework can track user identities throughout the infrastructure using a common terminology.

"Weve been seeing a lot of customers with a lot of users signed up on the Web who come in and hit some middleware and then go on to a transaction on the mainframe and their identity doesnt propagate," said Toby Weiss, vice president of the eTrust security unit at CA, based in Islandia, N.Y.

/zimages/5/28571.gifTo read about new CEO John Swainsons views on CAs future, click here.

"We can fix that without changing the applications, which is key for these customers. The bulk of the transactions still happen on the mainframe," Weiss said.

The company also is announcing new versions of its two major mainframe security offerings, CA-ACF2 and CA-Top Secret.

Both products now include integration with the Security Management Architecture, as well as improved support for LDAP Directory Service, including recovery processing and the capability to send installation data.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.