Control - CA Technologies

The dynamic security landscape
– Effective responses to today’s
security challenges

Smart Architect
OSA06SN
The dynamic security landscape
– Effective responses to today’s
security challenges
Tim Brown
Jim Reno
Nestor Morejon

Agenda
• Today’s Challenges
• CA Security products and solutions
• A Drill down on Arcot Systems
• The next generation of security solutions
• Security Services
3

Rapidly changing IT landscape
73% of workers will be
mobile by 2012 1
62% of IT
organizations will
have flat or reduced
budgets 2
There are 750M
Facebook users, and
250M of them access it
from their mobile phone 5
67% of companies let
employees get company
email on their personal
devices 3
63% of companies
are using, or
implementing SaaS
solutions 4
4

The business of IT is changing…..
The blurring of
professional and personal
lives brought on by
pervasive connectivity
Empowered users
with high expectations as
employees and customers
Huge increase in social
collaboration and sharing
The Business is changing…
The New Business of IT
Externalization of
the business
…and so IT must also change
Accessible data and
applications – anytime,
anywhere CV
Deperimeterization of the
business
5

CA Security’s Mission
We help you ensure the right people have the
right access to the right information at the right time
Employees,
Contractors,
Privileged Users
Customers
Supply Chain
Partners
Portals
Security Systems
Servers
Applications
Information
Directories
Operating Systems
You have to Authenticate
• People
• Services
• Devices
You have to Authorize
• Systems
• Applications
• Information use
You have to Report
• User/Service Activity
• Information Activity
• Privileged Activity
• Privacy/Compliance
6

how does it all come together
CA Security building blocks of success
Control
Control
Control
Identity
Access
Information
Manage and govern
identities and what
they can access based
on their role
Control access to
systems and applications
across physical, virtual
and cloud environments
Find, classify and
control how information
is used based on
content and identity
Content-aware identity and access management
7

identity lifecycle management
Control
Employees,
Contractors,
Privileged Users
Application IDs
Identity
Consumers
Partners
Products
• CA Identity Manager
• CA Role & Compliance
Manager
• User Activity Reporting
Module
Capabilities
• Identity Governance
• Role Management
• Provisioning
• User Activity Reporting
Customer Profile
• 1000+ customers
• 6 of the top 10 global
banks
• 4 of the top 5 global
telecomms
8

authentication and authorization
Control
Cloud
Network
UNIX/Linux
Databases
Access
Virtual
Applications
Windows
Storage
Products
• CA SiteMinder
• CA Access Control
• CA Advanced Authentication
• CA Risk-based Authentication
Capabilities
• Web Access Management
• Privileged User Management
• Virtualization Security
• Federation
• Authentication/Fraud Mgmt
Customer Profile
• 1500+ customers
• 15 of the top 20 global banks
• 5 of the top 10 financial data
services
9

Information protection and control
Control
Regulated Data
PII/PHI
Information
Intellectual
Property
Corporate
Data
Products
• CA DLP
Capabilities
• Information Discovery
• Classification
• Data Policy Management
Customer Profile
• Controls over 100 million
end-user
transactions per day
• 6 of the top 15 global
banks
10

Arcot Systems - Overview
Cloud Authentication Leader
—10 years experience
—Level 4 SaaS
– Multi-tenant, configurable
—Redundant data centers
– PCI-DSS compliant
– SAS 70 certified
Large User Base
—Over 120 million users
—13,000 organizations
—Enterprises and consumers
Innovation and Technology
— Co-invented 3-D Secure
— Patented software strong authN
— Rules and model risk management
— Tag-less DeviceDNA
— Mobile One time password (OTP)
— Over 35 patents
History
— 1997 – Arcot founded
— 2000 – 3-D Secure 1.0
— 2001 – A-OK for e-Commerce
— 2006 – RiskFort launched
— 2007 – WebFort VAS launched
— 2008 – A-OK for enterprise
— 2010 – Arcot acquired by CA
Technologies

Solution Mix
CA Arcot RiskFort
Risk assessment and fraud detection
CA Arcot WebFort®
Versatile, multi-channel authentication
CA Arcot TransFort
Transaction content and e-commerce
authentication

Solutions In-the-Cloud
• CA AuthMinder as-a-Service (formerly CA Arcot A-OK WebFort)
− Authentication management
− Strong authentication credentials
− Popular for Web portals and VPN use cases
• CA RiskMinder as-a-Service (formerly CA Arcot A-OK RiskFort)
− Risk-based authentication scoring engine
− Rule and model-based risk evaluations
• CA Arcot A-OK for e-Commerce
− CNP e-Commerce transactions
− Fraud detection
− Strong authentication

CA Arcot RiskFort
Risk Assessment & Fraud Detection
Risk Model,
Historical Data
Analytics
Truth
Data
Case
Management
Policies
User ID
Device ID
Location ID
Risk
Assessment
Degree of
Risk (Score)
Business
Rules
Approve
Alert CSR
Additional Q&A
2 nd Channel
Decline
Contextual Information
(Date, Tx Type, Amount)
User Profile/
Preferences
• Layered security enhances value of any credential
• Detect and block fraud with real-time risk analysis and scoring
• Dynamically require strong authentication for risky transactions
• Works for e-Payments and online access

CA Arcot WebFort®
Versatile Authentication Server
Versatile Authentication Server
ArcotID®
ArcotOTP
Q&A
Authentication Methods
OATH
OTP-
SMS,
Email
CAP/
DPA
Callout
• LDAP
• Mainframe
• Other Proprietary
• Policies
• Business Rules
• Configurations
Authentication
Engine
Notifications,
Alerts, Reports
Authentication Interfaces
SAML
Challenge/
Response
RADIUS
OpenID
Custom
Response

Direction
• Bring together
− Arcot strength in authentication, risk, cloud services
− CA strength in authorization, content-aware security
• Into a unified cloud service
− Provided by CA or MSPs
− Identity & security management on-premise or in the cloud
− Cloud integration with on-premise systems
− Content-aware, on-demand, consumerized security

The CA cloud-connected enterprise:
On-premise and cloud – agility and choice
Benefits to the Business
‣ Improve IT agility
‣ Improve operational cost
efficiencies
‣ Accelerate new business services
‣ Expedite security services
Access
Auditing
Advanced
Authentication
Identity
Management
Federated Single
Sign-on
Cloud
platforms
Partners
Customers
CloudMinder
Saas Apps
Employees
Employees
Cloud
Gateway
Identity
Management
Access
Auditing
Access
Management
Information
Protection

Ten Golden Rules to a Successful Security Program
1. Written policies
2. Security mission statement
3. Process and procedures defined and documented
4. Security awareness program for all users
5. Data classification and ownership
6. Roles definition and maintenance procedures
7. Identity & access management tools – an integrated solution
8. Authoritative source – HR feed
9. Automated workflows for approvals
10. Governance model

Security Maturity Model
19

Traditional IT System Design
20

Data / Application Ownership
21

Role-Based Identity Management
22

Deployment Architecture Model
23

Session QR Code
Please provide us your feedback
24

Q&A

thank you