Control - CA Technologies
Control - CA Technologies
Control - CA Technologies
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The dynamic security landscape<br />
– Effective responses to today’s<br />
security challenges
Smart Architect<br />
OSA06SN<br />
The dynamic security landscape<br />
– Effective responses to today’s<br />
security challenges<br />
Tim Brown<br />
Jim Reno<br />
Nestor Morejon
Agenda<br />
• Today’s Challenges<br />
• <strong>CA</strong> Security products and solutions<br />
• A Drill down on Arcot Systems<br />
• The next generation of security solutions<br />
• Security Services<br />
3
Rapidly changing IT landscape<br />
73% of workers will be<br />
mobile by 2012 1<br />
62% of IT<br />
organizations will<br />
have flat or reduced<br />
budgets 2<br />
There are 750M<br />
Facebook users, and<br />
250M of them access it<br />
from their mobile phone 5<br />
67% of companies let<br />
employees get company<br />
email on their personal<br />
devices 3<br />
63% of companies<br />
are using, or<br />
implementing SaaS<br />
solutions 4<br />
4
The business of IT is changing…..<br />
The blurring of<br />
professional and personal<br />
lives brought on by<br />
pervasive connectivity<br />
Empowered users<br />
with high expectations as<br />
employees and customers<br />
Huge increase in social<br />
collaboration and sharing<br />
The Business is changing…<br />
The New Business of IT<br />
Externalization of<br />
the business<br />
…and so IT must also change<br />
Accessible data and<br />
applications – anytime,<br />
anywhere CV<br />
Deperimeterization of the<br />
business<br />
5
<strong>CA</strong> Security’s Mission<br />
We help you ensure the right people have the<br />
right access to the right information at the right time<br />
Employees,<br />
Contractors,<br />
Privileged Users<br />
Customers<br />
Supply Chain<br />
Partners<br />
Portals<br />
Security Systems<br />
Servers<br />
Applications<br />
Information<br />
Directories<br />
Operating Systems<br />
You have to Authenticate<br />
• People<br />
• Services<br />
• Devices<br />
You have to Authorize<br />
• Systems<br />
• Applications<br />
• Information use<br />
You have to Report<br />
• User/Service Activity<br />
• Information Activity<br />
• Privileged Activity<br />
• Privacy/Compliance<br />
6
how does it all come together<br />
<strong>CA</strong> Security building blocks of success<br />
<strong>Control</strong><br />
<strong>Control</strong><br />
<strong>Control</strong><br />
Identity<br />
Access<br />
Information<br />
Manage and govern<br />
identities and what<br />
they can access based<br />
on their role<br />
<strong>Control</strong> access to<br />
systems and applications<br />
across physical, virtual<br />
and cloud environments<br />
Find, classify and<br />
control how information<br />
is used based on<br />
content and identity<br />
Content-aware identity and access management<br />
7
identity lifecycle management<br />
<strong>Control</strong><br />
Employees,<br />
Contractors,<br />
Privileged Users<br />
Application IDs<br />
Identity<br />
Consumers<br />
Partners<br />
Products<br />
• <strong>CA</strong> Identity Manager<br />
• <strong>CA</strong> Role & Compliance<br />
Manager<br />
• User Activity Reporting<br />
Module<br />
Capabilities<br />
• Identity Governance<br />
• Role Management<br />
• Provisioning<br />
• User Activity Reporting<br />
Customer Profile<br />
• 1000+ customers<br />
• 6 of the top 10 global<br />
banks<br />
• 4 of the top 5 global<br />
telecomms<br />
8
authentication and authorization<br />
<strong>Control</strong><br />
Cloud<br />
Network<br />
UNIX/Linux<br />
Databases<br />
Access<br />
Virtual<br />
Applications<br />
Windows<br />
Storage<br />
Products<br />
• <strong>CA</strong> SiteMinder<br />
• <strong>CA</strong> Access <strong>Control</strong><br />
• <strong>CA</strong> Advanced Authentication<br />
• <strong>CA</strong> Risk-based Authentication<br />
Capabilities<br />
• Web Access Management<br />
• Privileged User Management<br />
• Virtualization Security<br />
• Federation<br />
• Authentication/Fraud Mgmt<br />
Customer Profile<br />
• 1500+ customers<br />
• 15 of the top 20 global banks<br />
• 5 of the top 10 financial data<br />
services<br />
9
Information protection and control<br />
<strong>Control</strong><br />
Regulated Data<br />
PII/PHI<br />
Information<br />
Intellectual<br />
Property<br />
Corporate<br />
Data<br />
Products<br />
• <strong>CA</strong> DLP<br />
Capabilities<br />
• Information Discovery<br />
• Classification<br />
• Data Policy Management<br />
Customer Profile<br />
• <strong>Control</strong>s over 100 million<br />
end-user<br />
transactions per day<br />
• 6 of the top 15 global<br />
banks<br />
10
Arcot Systems - Overview<br />
Cloud Authentication Leader<br />
—10 years experience<br />
—Level 4 SaaS<br />
– Multi-tenant, configurable<br />
—Redundant data centers<br />
– PCI-DSS compliant<br />
– SAS 70 certified<br />
Large User Base<br />
—Over 120 million users<br />
—13,000 organizations<br />
—Enterprises and consumers<br />
Innovation and Technology<br />
— Co-invented 3-D Secure<br />
— Patented software strong authN<br />
— Rules and model risk management<br />
— Tag-less DeviceDNA<br />
— Mobile One time password (OTP)<br />
— Over 35 patents<br />
History<br />
— 1997 – Arcot founded<br />
— 2000 – 3-D Secure 1.0<br />
— 2001 – A-OK for e-Commerce<br />
— 2006 – RiskFort launched<br />
— 2007 – WebFort VAS launched<br />
— 2008 – A-OK for enterprise<br />
— 2010 – Arcot acquired by <strong>CA</strong><br />
<strong>Technologies</strong>
Solution Mix<br />
<strong>CA</strong> Arcot RiskFort<br />
Risk assessment and fraud detection<br />
<strong>CA</strong> Arcot WebFort®<br />
Versatile, multi-channel authentication<br />
<strong>CA</strong> Arcot TransFort<br />
Transaction content and e-commerce<br />
authentication
Solutions In-the-Cloud<br />
• <strong>CA</strong> AuthMinder as-a-Service (formerly <strong>CA</strong> Arcot A-OK WebFort)<br />
− Authentication management<br />
− Strong authentication credentials<br />
− Popular for Web portals and VPN use cases<br />
• <strong>CA</strong> RiskMinder as-a-Service (formerly <strong>CA</strong> Arcot A-OK RiskFort)<br />
− Risk-based authentication scoring engine<br />
− Rule and model-based risk evaluations<br />
• <strong>CA</strong> Arcot A-OK for e-Commerce<br />
− CNP e-Commerce transactions<br />
− Fraud detection<br />
− Strong authentication
<strong>CA</strong> Arcot RiskFort<br />
Risk Assessment & Fraud Detection<br />
Risk Model,<br />
Historical Data<br />
Analytics<br />
Truth<br />
Data<br />
Case<br />
Management<br />
Policies<br />
User ID<br />
Device ID<br />
Location ID<br />
Risk<br />
Assessment<br />
Degree of<br />
Risk (Score)<br />
Business<br />
Rules<br />
Approve<br />
Alert CSR<br />
Additional Q&A<br />
2 nd Channel<br />
Decline<br />
Contextual Information<br />
(Date, Tx Type, Amount)<br />
User Profile/<br />
Preferences<br />
• Layered security enhances value of any credential<br />
• Detect and block fraud with real-time risk analysis and scoring<br />
• Dynamically require strong authentication for risky transactions<br />
• Works for e-Payments and online access
<strong>CA</strong> Arcot WebFort®<br />
Versatile Authentication Server<br />
Versatile Authentication Server<br />
ArcotID®<br />
ArcotOTP<br />
Q&A<br />
Authentication Methods<br />
OATH<br />
OTP-<br />
SMS,<br />
Email<br />
<strong>CA</strong>P/<br />
DPA<br />
Callout<br />
• LDAP<br />
• Mainframe<br />
• Other Proprietary<br />
• Policies<br />
• Business Rules<br />
• Configurations<br />
Authentication<br />
Engine<br />
Notifications,<br />
Alerts, Reports<br />
Authentication Interfaces<br />
SAML<br />
Challenge/<br />
Response<br />
RADIUS<br />
OpenID<br />
Custom<br />
Response
Direction<br />
• Bring together<br />
− Arcot strength in authentication, risk, cloud services<br />
− <strong>CA</strong> strength in authorization, content-aware security<br />
• Into a unified cloud service<br />
− Provided by <strong>CA</strong> or MSPs<br />
− Identity & security management on-premise or in the cloud<br />
− Cloud integration with on-premise systems<br />
− Content-aware, on-demand, consumerized security
The <strong>CA</strong> cloud-connected enterprise:<br />
On-premise and cloud – agility and choice<br />
Benefits to the Business<br />
‣ Improve IT agility<br />
‣ Improve operational cost<br />
efficiencies<br />
‣ Accelerate new business services<br />
‣ Expedite security services<br />
Access<br />
Auditing<br />
Advanced<br />
Authentication<br />
Identity<br />
Management<br />
Federated Single<br />
Sign-on<br />
Cloud<br />
platforms<br />
Partners<br />
Customers<br />
CloudMinder<br />
Saas Apps<br />
Employees<br />
Employees<br />
Cloud<br />
Gateway<br />
Identity<br />
Management<br />
Access<br />
Auditing<br />
Access<br />
Management<br />
Information<br />
Protection
Ten Golden Rules to a Successful Security Program<br />
1. Written policies<br />
2. Security mission statement<br />
3. Process and procedures defined and documented<br />
4. Security awareness program for all users<br />
5. Data classification and ownership<br />
6. Roles definition and maintenance procedures<br />
7. Identity & access management tools – an integrated solution<br />
8. Authoritative source – HR feed<br />
9. Automated workflows for approvals<br />
10. Governance model
Security Maturity Model<br />
19
Traditional IT System Design<br />
20
Data / Application Ownership<br />
21
Role-Based Identity Management<br />
22
Deployment Architecture Model<br />
23
Session QR Code<br />
Please provide us your feedback<br />
24
Q&A
thank you