Subscribe
  • Home
  • /
  • TechForum
  • /
  • Getting to the bottom of those exhausting security issues

Getting to the bottom of those exhausting security issues


Johannesburg, 13 Sep 2005

End-to-end secure identity and access management across multiple platforms is one of those niggling, time-consuming and complex problems that leaves even the most experienced IT administrator contemplating his or her future in IT.

Why the aches and pains? Well, a typical business transaction flows as follows: through multiple layers of software and a variety of hardware platforms with the probability that each has its own, complex security scheme.

During transaction users might also be assigned to different, generic IDs and lose the ID and authentication with which they started. And this is by no means a laughable matter which is why companies should start mobilising towards an enterprise security management architecture and its resultant technologies.

"Planning is always the first step - not only does it enable your business to budget correctly for upcoming security upgrades but also mitigates a culture that sees small problems constantly fixed in a haphazard manner," says Danny Ilic, head of strategic business development at Computer Associates Africa.

"At CA, for example, our eTrust Security Management Architecture which drives our identity management and access security architecture is based on XML services and designed to aggregate and track assertions, create policies and grant authentication on platforms that call for without modifying underlying applications."

Commenting on identity and access management issues, he says few companies are truly spanning the entire transactional environment, the bulk of which is on the mainframe.

"For this reason it is important to deploy a product that provides transparency for more popular pieces of middleware."

An enterprise security architecture also lays a strong foundation for company risk management as well as the implementation of security policies that on the long run mitigate security vulnerabilities and quite obviously alleviates risk.

This architecture also allows for user provisioning that again streamlines a company`s security posture.

It is also important to deal with context that based on variable such as point of entry and authentication - this all will enable better decision-making during the processing.

Explains Ilic: "For example, an employee transacting from a mobile phone has access to one set of data, and a business partner a different data set. The architecture/Web service works with the usual litany of established and emerging standards such as SAML, SAF, WS-Security, PML, ISO-10181/AZN/API, Kerberos and X.509.

"Again, this is why it is so important that you have a product that can effectively deal with variables, saving time and costs."

Share

Editorial contacts

Danny Ilic
Computer Associates Africa
(011) 236 9111
Danny.ilic@ca.com