CA Outlines Three-Pronged Cloud Security Strategy

The trifecta leverages CA's Identity and Access Management (IAM) offerings for governing cloud computing applications, as well as on-premise system, said Bill Mann, senior vice president of security strategy at CA.

"We think it's very important to have a pragmatic approach to solve the issues of cloud security," Mann said. "We view this strategy as complete because it addresses it from all three angles."

CA's approach involves a new product, a new customer case study and a new partner that enables CA to target cloud security on three different levels to boost security, ease compliance efforts and automate processes.

Putting pen to paper on a cloud security strategy continues CA's push into cloud computing. At its CA World event in Las Vegas in May, CA unveiled its Cloud-Connected Management Suite, a combination of several recently acquired cloud computing tools designed to make CA a dominating force in cloud computing management software. The Suite was the result of a nearly year-long acquisition shopping spree that included the acquisition of Cassatt and its software for operating data centers like cloud computing utilities; 3Tera and its platform for building and deploying cloud services; Oblicore and its service-level management applications; and Nimsoft and its line of IT performance and system availability tools

Central to CA's cloud security strategy is the launch of new CA Identity Manager capabilities that bring identity management tools to cloud applications. Mann said CA Identity Manager now supports user provisioning to Google Apps, Google's widely popular suite of cloud-based productivity applications like Gmail and Google Docs. Mann said users can now automate identity management functions, like role-based user provisioning and de-provisioning or self-service access requests to a single system for managing identities, for Google Apps in the cloud as well as applications that reside in-house.

The addition of Google Apps support "to the cloud" builds on Identity Manager's integration with Salesforce.com's application platform and applications in March. And Mann said CA won't stop with Google Apps.

"As our customers use more SaaS applications, we'll be supporting more and more," he said.

Second, CA showcased how its existing IAM solutions can control users, their access and how they can use information in public, private or hybrid clouds and achieve the same level of security as on-premise deployments. To highlight it's "for the cloud" strategy, Mann said MEDecision, a CA customer that offers collaborative health care management based in Wayne, Penn., is leveraging a host of CA solutions to manage its healthcare services.

For example, MEDecision is using CA SiteMinder, CA Federation Manager and CA SOA Security Manager to control access to its SaaS-based health management applications. Those systems include Alineo, a collaborative healthcare management platform for delivering outcome-driven case, disease and utilization management, and Nexalign, MEDecision’s collaborative healthcare decision support service that fosters better payer-patient-physician interactions.

Lastly, CA teamed up with a new partner, Acxiom Corporation, to delivery identity and access management as a service "from the cloud." Mann said the two companies will offer a fully managed service to streamline and simplify identifying, authenticating and granting security access to on-premise and cloud applications and services. In the relationship, CA provides the IAM technology while Acxiom adds the cloud platform, Mann said.

"The Acxiom service will be up and running in the summer," he said, adding that the partnership with Acxiom will open the door for more partners and providers to reach smaller clients, which haven't been targeted heavily in the identity management market.

"We built this strategy by spending time with customers," Mann said. "They want to know how they connect to the cloud and how they get access to cloud services."