|
FUNCTIONALITY
When considering the merits of I&AM for the average enterprise organisation, Butler Group believes that laying an identity-enabled protection foundation that is based on the principles of maintaining an unambiguous knowledge of the identity of an organisation’s systems users, represents a sound basis for building secure, enterprise-wide access control mechanisms. However, to date, if there has been a justified criticism of the I&AM sector, it is that the complete service-delivery model is too complex to deal with from a standing start. End-to-end projects that have been put forward to deal with all identity management and access control issues have often proved to be unrealistic, and indeed for some, far too difficult to achieve, whereas organisations that have taken a more structured approach to the I&AM service delivery model, have achieved better results in the long run.
Product Analysis
Since its early project-investments in I&AM technology back in the year 2000, CA has been consolidating its position as a supplier of leading-edge identity management and access control solutions. During this timeframe, CA has been working consistently on projects that have allowed it to acquire, develop, and integrate relevant, best-of-breed products into its IAM Suite. Today, the CA IAM product set has the functional capability to provide end-to-end solutions for organisations that are looking to deploy full identity management projects. Furthermore, and in Butler Group’s opinion, somewhat uniquely, the overall CA offering has the ability to deliver an integrated set of platform-agnostic products that span the Web-to-mainframe divide but, at the same time, retain an ability to be deployed in their own right as standalone components in a mixed identity management/access control environment. In this respect, the CA IAM Suite covers the key areas of:
- Federated Identity Management.
- Web services security controls.
- Web, legacy, and enterprise Single Sign-On (SSO).
- Workflow-driven user lifecycle provisioning that importantly covers all elements of the set up and creation of user access rights, ongoing modifications and concurrent maintenance, and ultimately, full deletion.
- Access control that ensures that only authorised users are allowed to gain access to systems resources, wherever each information resource resides.
- Granular control over operating systems, including facilities that can scale up to maintaining control over ‘super user’ status.
- A full range of audit and reporting services.
- Systems Developer Kit (SDK) facilities enable home-grown applications to be built as an integral part of an enterprise I&AM implementation, for example, by enabling automated provisioning of users to include home-grown applications which use proprietary user stores.
As highlighted in Figure 1 and detailed below, the core components of the full CA IAM Suite comprise of: CA Identity Manager; CA SiteMinder Web Access Control; CA Access Control; CA TransactionMinder; CA Single Sign-On; CA Directory; CA ACF and CA TopSecret; CA Cleanup; CA Embedded Entitlements Manager; and CA Security Command Center.
CA Identity Manager: provides the Suite’s identity management, provisioning, and password management facilities. In operational use, it delivers the capability to manage user identities in the common X.500 directory services provided by CA Directory. X.500 is a standard way to develop an electronic directory of people in an organisation so that it can be part of a global directory available to anyone in the world with Internet access. Therefore, within the CA IAM Suite, this becomes the user repository for the solution.
CA SiteMinder Web Access Control: is responsible for providing Web access control services and also for delivering the solution’s Web application SSO capabilities. In addition, SiteMinder provides the key federation services that support the sharing of identities between business partners, a requirement that, in Butler Group’s opinion, is starting to become more important as a growing number of organisations begin to manage business-led interoperability relationships with suppliers and business partners.
CA Access Control: has a primary role of delivering access control services for the organisation’s distributed server infrastructure. Additionally, it also provides the capability to deliver powerful levels of control over ‘super users’ in UNIX, Linux, and Windows environments. This is seen as an important issue because in organisations where administrators have had somewhat uncontrolled access to the sensitive information, the extra restrictions provided by CA Access Control can help to redress this key information-control imbalance.
|
