|
Your organization faces significant security challenges in today’s world, where protecting vital business data can be an expensive and daunting proposition. For example, you must proactively address security concerns that impact applications, databases and other business assets that are essential to daily operations. You must convert raw security data into actionable business intelligence. You must comply with governmental and industry regulations. Most importantly, you must ensure continuous business operations by mitigating risk at virtually every level of your organization — all while maintaining budgets and achieving operational efficiencies.
In a dynamic computing environment with a variety of assets that need protection, as well as a large and diverse user population, it is critical to ensure:
- Protection of critical assets from malicious code, such as viruses, worms, rootkits, as well as malware such as spyware and spam
- Proactive risk mitigation by reducing system vulnerabilities
- Centralized enforcement of access policies for protection of hosts, applications and data
- Automated provisioning and management of digital identities
- Centralized auditing and reporting to enable effective regulatory compliance
Integrated Security Management
Meeting these challenges requires new thinking — a new model for security management weaving the disparate elements that protect your business assets into a complete and easily managed solution. The new security management model aligns security with business needs by integrating three critical components in the security environment: identity and access management, threat management and security information management. Each component must be open and flexible, easily integrating with one another as well as with third-party solutions. Finally, security management demands a proactive approach and on-demand response to events within the ever-changing security environment.
When properly implemented, integrated security management enables you to understand your security environment in all of its complexity, turning security data into actionable information, obtaining timely answers to critical questions about your IT environment and, based on those answers, taking proactive, aggressive action to protect assets and information across your entire enterprise. A comprehensive security management solution delivers multiple benefits, including reduced costs, less downtime, greatly reduced IT risk, improved regulatory compliance, and increased productivity. It enables you to make the right decisions at the right time.
The Key Components of Security Management
There are three key components of security management — identity and access management, security information management and threat management — and integrating them into a comprehensive solution helps you achieve operational efficiencies and regulatory compliance, as well as contain costs, mitigate risk and ensure continuous business operations.
Address All Your Critical Security Management Needs
Effective security management cannot exist in isolation. It should be viewed as part of an overall strategy that can serve to reduce overall IT security risk, as well as improving efficiencies and productivity across the environment. CA’s strategy is to provide all the key capabilities to enable enterprises to meet their IT security needs, as well as to integrate these capabilities with other management functions such as operations, storage, life cycle and service manage - ment. By offering a centralized management system to provide a unified view of all aspects of your IT environment, CA can provide a firm foundation for a truly business-centric IT organization. Let’s look at each of these three critical IT security areas, and consider the requirements for each one.
Identity and Access Management
In most companies, users’ identities and their access privileges are a critical requirement for conducting business. Behind those identities are the employees, contractors, partners, customers and others who drive every aspect of the business. Identity and access management automates and manages who has access to all critical applications, databases and platforms, and the conditions under which that access will be allowed.
The key questions that must be answered by the identity and access component of security management are:
- Who has access to what?
- What did they do?
- When did they do it?
By answering these questions, you can identify and remediate inappropriate access rights, and ensure that your IT assets are appropriately protected.
In many cases, user identity and access have been approached as separate initiatives when, in fact, they are highly related and should be considered together. A comprehensive Identity and Access Management (IAM) approach integrates these two functions, enabling integration of components and appropriate access based on identity.
|
