1 / 41

Innovate and Integrate: CA’s Strategic Road Map for e Trust Identity and Access Management

Innovate and Integrate: CA’s Strategic Road Map for e Trust Identity and Access Management. Presented by: Paul Joseph Federation of Security Professionals Spring Seminar 2005. Agenda. Introduction Vision and Portfolio Direction IAM Suite Strategy IAM Product Road Map Summary.

stew
Download Presentation

Innovate and Integrate: CA’s Strategic Road Map for e Trust Identity and Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Innovate and Integrate:CA’s Strategic Road Map for eTrust Identity and Access Management Presented by: Paul Joseph Federation of Security Professionals Spring Seminar 2005

  2. Agenda • Introduction • Vision and Portfolio Direction • IAM Suite Strategy • IAM Product Road Map • Summary

  3. Introduction “So, what do you do?”

  4. Create Enable Identity Management automates the lifecycle of the user’s relationship with the enterprise Administration Disable Change What Is IAM? Identity and Access Management Access Management provides the foundation of security infrastructure Enforcement Legacy Apps Web Apps Web Services

  5. Why is this hard? Identity Information Is Scattered Throughout (and beyond!) the Enterprise Many Users CustomersEmployeesPartners Many Applications Logistics, Financial,Service Many Identities NT, RDBMS,LDAP, UNIX

  6. Innovation + Acquisition + Integration =Comprehensive, Industry Leading IAM Portfolio Comprehensive Coverage

  7. Organizational Success (“Q5”) • Business integration was a strong success • Continuity across all major functions, including: • Engineering, Support, PM, PMM, Sales, Pro Services • Patient, highly communicative process • Internal AND external communications were strong • “Partnership” approach

  8. Vision and Portfolio Direction

  9. eTrust IAM Vision Complete • All identity types: customers (B2C), partners (B2B), employees (Enterprise), assets • All platforms: Windows, Linux, Mainframe, others • All points of enforcement: Web, Web Services, Operating System, Applications, Networks • End-to-end: Transactional Integrated • Workflow-centric business processes to provide consistency and flexibility • Automation of Provisioning, Enforcement & Auditing • Common architecture – modular, reusable components, one GUI, one workflow, one agent, one policy infrastructure • End-to-end auditing • User Centric views – end-user, operator, deployment Open • Totally Standards Compliant • SOA Architecture

  10. Current-to-Future Portfolio Portfolio Direction Current Portfolio IAM Function CA Long Term Short Term Netegrity IdentityMinder - Web Admin IM – eProvision

  11. IAM Suite Strategy

  12. Web Service Employee Customer Partner Enterprise Resources WebApplications User Stores Enterprise Benefits of the Suite Strategy Identity and Access Management Provisioning Web SSO Enterprise SSO Web Svcs. Mgmt. Web ID Mgmt. Federation Password Mgmt. Common Roles, Policies, Reporting and Workflow Integration of administrative features reducescomplexity without limiting functionality

  13. Available Now! • eTrust IAM R8 Suite • Fully integrated, but also available as standalone offerings • eTrust Admin • eTrust Access Control • eTrust Single Sign-on • eTrust Directory • Integration – CA’s view of integration • Depth of integration is our differentiator • One installer and one documentation set • Common components shared across products • All of the components have new features

  14. Suite Strategy: Moving Forward IAM Suite R9 (mid 2006) IAM Suite R8 End-User End-User Admin/Operator Admin/Operator From IM-Web Superset Provisioning AC Admin AC SSO SSO Site Minder Trans- action Minder IAM Suite Common IAM Suite Common

  15. eTrust IAM Suite IAM Functional Areas Access Mgmt Security Information Management and Compliance Auditing and Reporting Identity Mgmt

  16. IAM Product Road Map • Auditing / Reporting • Federation • Web Services • Web Access Control • Host Access Control • Identity Administration • Provisioning • Policy Management • Directory • Additional Innovations

  17. Auditing / Reporting

  18. Security Information Management Roadmap • All Netegrity Products will be integrated to eTrust Security Command Center (SCC) in Late 2005 • Collate events from multiple sources • BENEFIT: Will enable Netegrity auditing data to be correlated other security products • Netegrity products will continue to offer their native reporting and logging capabilities • SCC will feature enhanced reporting capabilities • Customizable reports • Visibility across enterprise from multiple data sources

  19. Federation

  20. Feb 2005 SAML 2.0 Interop 2H 2005 SiteMinder 6.0 SP3 with SAML 2.0 Support Federation End-Point IdentityMinder Web Edition self-registration from SAML assertion Next Year R9 Release of Suite Additional SAML 2.x Support WS Federation Federation Road Map • SiteMinder1 with SAML support enables browser-based Federation that can be deployed using multiple deployment scenarios (e.g., hub and spoke/end-point) • Provides SSO across domains (Federated SSO) *: Support SAML artifact profile **: Supports SAML artifact and post profile 1 in combination with add-on affiliate agents = “Federation Security Services” (FSS)

  21. Web Services

  22. Next Year Continue toinnovate on XML security requirements Integration with UDDI / WSDL More integrated edge-security (anti-virus, denial of service, WSDM, etc.) Continue to enhance the appliance Integration of TransactionMinder into the IAM Suite R9 2H 2005 Appliance (TxMinder XML Firewall v6.0) delivering enhanced Web services security functionality : Edge security (new), Access management (new PEP) Integration with eTrust SCC and WSDM Web Services Security Road Map • TransactionMinder will offer extended support for operating platforms and industry standards (e.g., SAML 2.0, SOAP With Attachments, WS-I Basic Security Profile) • Further innovations include: hardened XML Agent and broader integration

  23. Web Access Control

  24. 2H 2005 SiteMinder (5.5 & 6.0) to use eTrust SCC Integrate SM and eTrust Enterprise Single Sign-On (eSSO) Federation support, including Hub & spoke support SAML 2.0 Broader/faster platform support Next Year Integrate with R9 Suite Unified policy framework Reusable policy engine eSSO, others New policy management UI Application management Delegation, task model Continue Standards-based approach Web Services APIs SAML 2.x, 3.0 WS-Federation XACML Web Access Control Road Map • SiteMinder (SM) will replace eTrust Web Access Control (eWAC) • eWAC customers will be supported until version of SiteMinder containing superset of functionality is released • SiteMinder will remain available as a standalone offering

  25. Host Access Control

  26. February 2005 eTrust Access Control (eAC) integrated into IAM R8 Suite Web GUI LDAP Support Application Profiler for HIPS Best practice Application Policies 2H 2005 SAP Policies PeopleSoft Policies SiteMinder Policies Performance Enhancement Additional Platform Support Next Year eAC integrated into IAM R9 Suite SiteMinder Application IAM / SMA KGEM Keyboard logger Windows HIPS Host Access Control Road Map • eTrust Access Control remains primary Enterprise/Host Access Control solution

  27. Identity Administration

  28. 2H 2005 IM WE integrates with eTrust Admin Self-service, Password Mgmt, Provisioning roles Common install and workflow IM WE auditing with eTrust SCC Expanded workflow use Temporary delegation, Business process integration Federation Identity Administration Road Map • IdentityMinder Web Edition (IM WE) will become CA’s lead identity administration product • Fully customizable interface includes WSDL support • Comprehensive self service support including self registration and password management • Task oriented UI supports delegation of identity management business processes Next Year • IM WE becomes framework for R9 suite • Also, single (modular) solution UI • Expanding the Suite • Application Mgmt (*New*) • Resource Mgmt (*New*) • Access policy provisioning

  29. Provisioning

  30. Next Year Deliver Best-of-breed Provisioning solution (R9) leveraging and improving on the existing technologies of both eTrust Admin and IdentityMinder eProvision Innovations within provisioning Policy Provisioning Federated Provisioning Web Services Provisioning Resource Provisioning 2H 2005 Next releases of CA’s eTrust Admin (r8.1) and Netegrity’s eProvision (4.0.3) will be released as planned Demonstrate evolving integration of eProvision features in each successive minor release of eTrust Admin (r8.1-Options and Clients Pack and r8.2) IdentityMinder Web Edition will be available for self-service across both products (Q3 IdM 6.0SP) Provisioning Road Map • Provisioning vision remains unchanged: CA intends to evolve solution to leverage strengths of IdentityMinder eProvision and eTrust Admin • Existing eProvision and Admin customers will continue to be supported. Options for migration path to “superset” provisioning solution will be managed by account

  31. Policy Management • Objective: to communicate the vision in the white paper.

  32. Policy Management Vision • CA will create a “Universal” Policy Management Platform based upon the XACML Standard – providing unified policy management across CA and 3rd-Party applications – using SiteMinder’s Policy Server CA will create a “Universal” Policy Management Platform • How? • Leveraging Netegrity’s Policy Server as its framework • Using XACML and other standards to manage policies on 3rd Party products • Delivering cascading policy enforcement across federated domains, hosts, application containers and applications, using • Agents, Plug-ins, SDKs • Why? • Compliance, centralization, control, and consistency • Consistent policy management platform improves TCO

  33. Directory

  34. Directory Strategy • CA committed to open directory strategy across ALL products • CA to retain open strategy for supporting broadest range of user stores and directories • CA will continue to offer eTrust Directory for large mission-critical directory deployments that require high availability and scalability

  35. Additional Innovations

  36. Additional eTrust IAM Innovations Application IAM • An SDKenabling Authentication, Authorization, Auditing at the application layer • Local policy engine • Fine-grained authorization • For example: “Can Dr. John prescribe ‘drug A’ to Sally Patient?” instead of merely “Can Dr. John prescribe a drug?” Security Management Architecture • Enables secure business transactions thru the federation of identities across process boundaries – from the web to the mainframe • End-to-End audit trail of individual user • Identity mapping • Session- and presence-based policies

  37. Summary

  38. Delivering on CA eTrust’s IAM Vision Feb 2005 2H 2005 Mid 2006 Integrate Integrate Integrate IAM R8 Suite Admin Access Control SSO IdentityMinder Web SiteMinder + eSSO WSDM +TransactionMinder Security Command Center Integrated IAM Suite R9 Best in Class Provisioning Innovation Innovation Innovation Application IAM End-to-End Transaction Auditing Federated Provisioning Policy Management Federation (SAML 2.0)

  39. eTrust Momentum • Strong, growing customer base across IAM product lines • More than 4,000 eTrust customers • Recent customer successes include: • Market leading financial services firm extends its commitment to “Minder” product line with multi-million deal • Major insurance company invests in eTrust provisioning, Web access management and Web services security to enter new market • US telecommunications company relies on strategic investment in IAM software to “transform” its business • Acquired Cleanup for ACF2 and Top Secret • More to come!

  40. “Takeaways” • Security that Protects and Enables • Complete, Integrated, and Open

  41. Thank You! • Paul Joseph, Director of eTrust IAM Product Marketing • paul.joseph@ca.com • 781-530-6210

More Related