Published: February 25 2010, 02:22 PM | no comments
by David Gormley

Few would question the value of collaboration to speed time to completion in any number of typical business processes.  New technologies and Web connectivity have fueled the growth of this dynamic marketplace. IDC estimates that SharePoint’s growth was double that of the other tier one Collaborative Content Workspace vendors in 2008 and at this year’s SharePoint Conference, Microsoft claimed over $1.3 billion in SharePoint sales in 2009, with the total number of licenses sold well over 1 billion.  There is no doubt that SharePoint is rapidly gaining acceptance as a valuable collaborative tool in many enterprises. 

Two logical needs have developed as a result of this.  First, end users and IT management are both requesting that this high-use application be integrated into the company’s overall SSO/Web access management environment to improve user experience and reduce administration/help desk costs.  Second, end users who are now comfortable using SharePoint for collaboration and content management internally, are pushing IT to enable the same functionality with the contractors, partners and customers that they need to collaborate with.

The security groups in these organizations are faced with a variety of challenges related to the increased use of collaboration. One concern is protecting confidential data, another is secure, automated access and a third is centralized control and reporting. These issues are growing and evolving as collaboration technology proliferates and matures.

CA is helping large organizations deal with these security challenges and manage specific types of content within their SharePoint environment. We will be demonstrating these solutions at the RSA conference next week in San Francisco. Stop by booth #1533 if you are interested in discussing secure collaboration!

Share this post:  Email

Share

Published: February 24 2010, 04:36 PM | no comments
by Merritt Maxim

The excitement and buzz around cloud computing touts lower costs, simplified deployments, and flexibility as significant business benefits, all of which are well founded.  However, cloud computing delivers another significant benefit for IT vendors, especially for vendors like CA that offer both on-premises and cloud-based applications.  This benefit is the ability to deliver real-time visibility into product usage and activities.

One of product management's biggest challenges is understanding which features and components of individual products are being used by individual customers.  This challenge exists when you have just a handful of deployed customers, but it gets considerably harder once customer deployments number in the hundreds (or in the case of many CA Security products, the thousands).  As a former product manager, I can confirm that understanding all the use cases across the entire customer base was always a challenge, especially when it came time to design the new release.  And while the 80/20 rule often holds in enterprise software (80% of customer base rely on 20% of product's features), it is often difficult to know which 20% they are actually using.  Although questions, surveys and open dialogues can assist greatly at gathering this intelligence, the reality is that it is always hard to get the full picture.

Cloud computing offers unprecedented visibility into application usage for product managers and development teams unlike.  With this usage data, IT vendors can easily observe which features and capabilities are getting the most use.  This in turn allows for better and faster product development for both the on-premises and cloud-based version of the application.

Even if your organization is not ready for cloud-based services, partnering with a vendor who offers both cloud based and on-premises applications is essential.  Working with such a vendor means that you can expect product capabilities that are well aligned with customer's evolving requirements as the vendor leverages that usage intelligence into new product releases.  In this model, cloud computing offers considerable benefits to IT vendors and customers alike.

Share this post:  Email

Share

Published: February 22 2010, 08:45 PM | no comments
by Matthew Gardiner

At this year's RSA 2010 Conference the Kantara Initiative is celebrating its first birthday with a day-long workshop entitled Technology, Policy, and Compliance for Identity Services in 2010 & Beyond.  It was just a year ago at the RSA Conference 2009 that a number of organizations publicly announced their intention to found this identity focused industry consortium.  Soon after, in June of 2009, the Kantara Initiative was officially born.  This prompted my first blog about the organization.

In many ways this workshop shows both the progress of and the need for Kantara.  As the identity industry has matured and broadened so must the collaboration around the issues of technology, policy, privacy, and compliance.  No longer is identity an exclusively large enterprise issue.  Like with other technologies, what is for the consumer and what is for the enterprise are blurring and colliding.  Just look at the participating organizations for the workshop, in addition to identity and security vendor mainstays such as CA and Oracle, you have well known organizations that at first blush might not be considered identity-centric organizations, such as PayPal, NTT, Google, NIH and others.  This workshop really represents a microcosm of the broader identity marketplace - all in one convenient room at the Moscone Center.

In my session, Identity as Security Glue for the Cloud, I will be presenting with Chris Sharp of MEDecision.  Without tipping my hand too much, I plan to review the models of cloud computing (SaaS, PaaS, IaaS) and how categories of identity and access management and related standards play a central role in how security must be managed both for and in the cloud.  As a live example, Chris will discuss his healthcare related service and how he is using standards-based identity services to keep operations running smoothly.

If you are coming to the RSA Conference I encourage you to register for this Kantara workshop and take part in the celebration.

Share this post:  Email

Share

Published: February 19 2010, 10:58 AM | no comments
by Yves Le Roux

On February 11, 2010, the European Parliament refused to give its consent to the EU's (European Union) interim agreement on banking data transfers to the USA via the SWIFT network, amid concerns for privacy, proportionality and reciprocity. This move renders the text signed between the US and the 27 EU Member states legally void. The parliament's president, Jerzy Buzek, said the assembly wants more safeguards for civil liberties and believes human rights have been compromised in the name of security. Underscoring the importance of the agreement to the United States, Secretary of State Hillary Rodham Clinton and Treasury Secretary Timothy F. Geithner had promised to cooperate with the Parliament in negotiating the long-term accord.

This is a typical conflict of European data privacy laws vs.US counter-terrorism laws.

On one hand, the United States Department of the Treasury wants access to financial payment messaging data stored in the territory of the European Union for preventing and combating terrorism and its financing. On the other hand, this access is considered as a departure from European law and practice in how law enforcement agencies would acquire individuals' financial records for law enforcement activities, namely individual court-approved warrants or subpoenas to examine specific transactions instead of relying on broad administrative subpoenas for millions of records.

SWIFT is a member-owned cooperative that provides the communications platform, products and services to connect over 8,600 banking organisations, securities institutions and corporate customers in more than 208 countries. SWIFT is responsible for routing about $6 trillion daily among banks, brokerage houses, stock exchanges and other institutions

As a result, SWIFT is caught in the middle of a conflict between E.U. data privacy laws and US counter-terrorism laws. This may happen to other multi-national companies and may be solved at the national level only.

What are your views around this conflict of laws?

Share this post:  Email

Share

Published: February 12 2010, 09:06 AM | no comments
by Matthew Gardiner

Most everyone agrees that a key source of organizations' ongoing IT security vulnerability is the complexity resulting from technology heterogeneity.  The more individual systems and technologies in play, the more difficult it is to ensure sufficient control and consistency.  Given today's dynamic environment, security management systems and processes have a hard time keeping up.  This is certainly not a new phenomenon. It is probably one of the oldest IT challenges around, impacting not just security, but also all other areas of IT management.  But given the emergence of the newest technology wave, the cloud, the issue of heterogeneity -driven complexity is being discussed again.

Stepping back to the base problem of complexity driven by technology heterogeneity, one way perhaps to address the problem is to turn heterogeneity into homogeneity.  This however is probably the oldest proposed solution around and has really come true only in the dreams of the many application platform vendors out there.  In reality IT organizations don't have the luxury of picking a common platform for IT's convenience. Serving the business is IT's primary directive and that generally means employing varied technologies. 

Perhaps, as some say, the emergence of the cloud will finally do away with IT heterogeneity.  If everything is running in the cloud then organizations don't even care what the underlying technology is, and the heterogeneity-driven complexity goes away -- at least for the cloud consuming enterprise.  In effect this would push the IT complexity up into the cloud providers' domain and take the problem away from the enterprise.  Is this theoretically possible? Yes, but the key word I want to draw you to in the previous sentence is "everything."  Until such time as all IT services are in the cloud, heterogeneity-driven complexity actually goes up not down for enterprises.  While this is certainly not a reason to disregard use of cloud services, it must be recognized that during this cloud transition period (which if it is like any other IT transition period, never completely transitions) organizations will need to manage on-premise and cloud-based applications and services simultaneously.  Thus the management complexity for organizations goes up not down.

Of course the other way to address heterogeneity-driven complexity is thru IT management tools which were built to cross technologies, whether deployed on-premise or in the cloud.  It shouldn't be a surprise that this is exactly where CA is focused.  While no one at CA would claim this job is done, we continue to make progress in providing IT security and management systems that help IT organizations address the reality of today and tomorrow.  Just this week the security business at CA announced the recent expansion of our Web security solution to cover the critical open source based Red Hat JBoss platform.  This solution helps to address IT heterogeneity by centralizing security management, but distributing enforcement across a huge variety of underlying technologies.  So unless you are part of a very small organization that could in fact put "everything" in the cloud in short order, you will need to address you heterogeneity-driven complexity (whether or not you are moving to the cloud) without relying on the dream of IT homogeneity.

Share this post:  Email

Share