Home > CA Community > Security Management

CA Community





This Blog

Security Management

Insight and opinion on the world of security management. Visit often for commentary on security industry issues around identity and access management, data protection, advanced authentication, single sign-on and access management, cloud security and more.

Bring Your Own Identity: the Rise of the User

Published: May 14 2013, 04:01 PM | no comments
by Henk van der Heijden

Social media is fast becoming the identity mechanism of choice to log into popular sites and company information. Looking to find the right music on Spotify? Want to connect with the world’s professionals on LinkedIn? You can now simply log in via your Facebook account. The UK Government may even soon allow citizens to use their social media identity to access public services safely and securely as part of the Identity Assurance (IDA) program. It’s called ‘Bring Your Own Identity’—and it is set to go mainstream. Don’t just take my word for it. A recent study commissioned by CA Technologies and produced by the research firm Quocirca, for example, found that more than a quarter of commercial organizations use social media as a source of identity...
Read more...
Share this post:  

 

By: Henk van der Heijden
Henk is responsible for Security Sales in Europe. He is an information security professional with over 24 years’ experience in IT sales and services. Henk has an illustrious history of producing results through new sales and business development both in the Netherlands and across Europe. In his previous...
Read More..

Supporting Industry Standards

Published: May 14 2013, 02:07 PM | no comments
by Chris Wraight

On May 7, Andras Cser of Forrester Research, Inc. posted a thought-provoking blog entry entitled “ XACML is Dead ” which postulated that there wasn’t any future for XACML. At CA Technologies we have long supported a broad range of industry standards such as LDAP, X.509, WS-Federation, SAML, WS-Security, REST, SPML as well as more recent standards like OpenID, OpenID Connect and OAuth, thereby successfully shielding our customers from having to develop support for complex security protocols such as these. This has the benefit of helping our customers to quickly incorporate them into their application infrastructure as needed and at a lower overall cost. From our perspective, XACML 3.0 was recently ratified and we endorse the additional activity...
Read more...
Share this post:  

 

By: Chris Wraight
Chris Wraight has spent 25+ years in the technology world in various positions of product management, marketing and sales. He is currently working on CA Inc.'s Access Control security product in its Security Management business. Chris has a B.S. in Management with Computer Applications from WPI.
Read More..

Identity-centric Security

Published: May 13 2013, 10:20 AM | no comments
by Sumner Blount

The “good old days” are gone forever. Those were the days when IT environments were more predictable and easier to control. The user population and their access patterns were more easily defined. Stick a firewall in front of key systems, create some controls around who can access what, and you’re done. The world is far different now. The headlong march towards the cloud has made the prototypical datacenter a thing of the past, or at least has caused a significant evolution in its essential characteristics. Applications and data are now distributed around multiple datacenters, possibly even globally, and possibly in locations that you might not even be aware of. But this is a good thing, because cloud services have enabled a level of business...
Read more...
Share this post:  

 

By: Sumner Blount
Sumner Blount has spent his 25-year career focused on the development and marketing of software products for a range of top-tier enterprise IT firms. Currently, he’s a Director in the Security business unit at CA. Previously he managed the large computer operating system development group at Digital...
Read More..

The Changing Face of Cyber-Attacks

Published: May 10 2013, 01:51 PM | no comments
by Russell Miller

It is tempting to think about cyber-attacks as an ever-present, but unchanging threat. To the contrary, attacker profiles have shifted, and new goals and sources of motivation have fundamentally altered the nature of the threat landscape. The trends driving this shift include: The militarization of cyber-attacks. Network penetrations to cause damage and steal intellectual property are now commonly state-sponsored, with highly-trained, disciplined and patient attackers. Military attackers can have access to resources such as training, computing power, and cutting-edge R&D not available to previous generations of attackers. Targets include critical infrastructure to the capture of foreign intellectual property. Recent reports have gone so...
Read more...
Share this post:  

 

By: Russell Miller
Russell Miller has spent over five years in network security in various roles from ethical hacking to solutions marketing. He currently manages marketing activities for the CA ControlMinder products. Russell has a B.A. in Computer Science from Middlebury College and an M.B.A. from the MIT Sloan School...
Read More..

The Two-Step Tradeoff

Published: May 06 2013, 10:18 AM | no comments
by Jim Reno

Like Google and others, Apple recently rolled out new two-factor authentication technology, under the name “two-step verification,” which users can add to their Apple IDs. It’s an optional security measure that applies when the user tries to perform account management operations. Again like Google, it isn’t used for every login, although the specific cases when it is used are different: Google uses the additional factor sometimes during normal login, but Apple uses it only when doing things like changing or resetting a password. I explored the information on Apple’s web site, particularly the FAQs, relating to two-step verification. I also tried adding it to an Apple ID myself to get a feel for the user experience. It’s interesting to me because...
Read more...
Share this post:  

 

By: Jim Reno
Jim Reno is Chief Security architect at CA Technologies. He joined the company with the Arcot acquisition which was completed in October 2010. Jim is one of the inventors of the 3-D Secure protocol used in the Verified by Visa and MasterCard SecureCode programs and he holds multiple patents in the area...
Read More..

More Posts Next page »