I recently got back from a week in Paris.  I know what you are thinking, "poor Matthew, having to spend a Spring week in Paris away from his family."  For those who know me, you know that I lived in France previously and am pretty hooked on the country, thus the week wasn't exactly a hardship.

But, I was actually there to work, with the week built around CA Expo France 2009. CA runs one day expos periodically in various cities around the world.  They are great, efficient-to-attend events focusing on topics perfect for IT management professionals.  For this blog I will provide some brief observations on some customer and partner conversations that I participated in both during and in the days around this event.

• All global organizations, whether French or not, continue to struggle with how to efficiently and effectively manage their Web security. Those that recognize that Web access management (WAM) systems are a critical part of the solution, also understand that WAM systems must become part of the true enterprise infrastructure to attain the maximal cost, control, and speed benefits that it can provide. However, organizations often struggle with how to make the transition from WAM as a tactical solution, to WAM as true strategic enterprise infrastructure. But make it they do.
• Our story of Secure Web Business Enablement definitely continues to resonate (and excite) with people. As organizations mature their WAM deployments, the need and ability to federate, secure services, and automate the management of Web users becomes ever more pressing and attractive. Those are closely related security management challenges and thus should generally be solved together (which, of course CA can help you do). But not enough security people have a solid handle on federation and Web services and the security management implications of these technologies. My advice - start learning about security management for Web services and how to federate before things like SaaS and SOA overrun your security organizations. If you don't, you could face what many organizations faced some 10 years ago when they were overrun with the deployment of traditional Web applications ... and security suffered badly.
• Connecting Data Leak Prevention to identity also catches the imagination of those that hear about it. The logic of bringing the context of identity to who can access data has been obvious for a long time, thus it is not a big step to say that the same identity context should be important for determining who can actually possess and transport that same data. DLP & IAM are just two more security management areas that are converging.