CA makes security a priority

CA pushing layered security approach, eyeing virtualization security

Security technology isn't new for CA, but this year at its 12th CA World user conference in Las Vegas the company identified security as one of three focal areas (the others are governance and management). Senior Editor Denise Dubie sat down with Bilhar Mann, senior vice president and general manager of CA security management, to learn more.

If you look at the way we are talking about our Enterprise IT Management (EITM) strategy at the moment, we talk about this thing called the Unified Service Model, which includes all the relationships. I use the analogy with a house and a blueprint that everybody looks at, the electrician and plumbers and so on. Everybody looks at that blueprint to understand all the relationships between all the entities. Security now needs to leverage that same blueprint. It's not that security has not leveraged the blueprint before, but if you want to be able to connect security to the business and everything else connected to the business, then security needs to leverage the blueprint.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Security technology isn't new for CA, but this year at its 12th CA World user conference in Las Vegas the company identified security as one of three focal areas (the others are governance and management). Senior Editor Denise Dubie sat down with Bilhar Mann, senior vice president and general manager of CA security management, to learn more.

How do you see security fitting into CA's strategy to provide tools to govern, manage and secure IT for its customers?

If you look at the way we are talking about our Enterprise IT Management (EITM) strategy at the moment, we talk about this thing called the Unified Service Model, which includes all the relationships. I use the analogy with a house and a blueprint that everybody looks at, the electrician and plumbers and so on. Everybody looks at that blueprint to understand all the relationships between all the entities. Security now needs to leverage that same blueprint. It's not that security has not leveraged the blueprint before, but if you want to be able to connect security to the business and everything else connected to the business, then security needs to leverage the blueprint.

Could you give me an example of how this Unified Service Model would work in practice?

Let's take identity and access management, which is all about making sure you are secure in access on the Web with a product like SiteMinder and a product called Access Control for hosts and operating systems. If you look at an audit report, it tells you that this system administrator has access to a particular Unix box. That is a certain amount of information on which you can make only a certain amount of intelligent decisions. It doesn't really tell you the importance of that Unix system. If you take it up one more level and take that audit information and correlate it to the information that is held in the service model, now you will learn that that particular machine is part of your trading application.

How does that differ from the integration among CA products announced at the last CA World in 2005?

Now the level of information you have got about this particular event has been elevated from the infrastructure level, or the server, to a level that you actually understand within your business -- which is somebody is doing something they should not be doing within my mortgage application. These products will be leveraging that service model going forward to provide the business context. We will go into that dictionary and see how a security event relates to other things. There is a lot of information sharing that you are going to see -- specifically, with our security products -- that allows us to deliver on our EITM strategy. Where we are headed with this service model will give us the ability for an organization to become much more agile.

How does this deeper level of integration enable agility for businesses?

None of us know what is going to happen in 10 years' time in terms of new technology. Companies need to become much more agile in terms of how quickly can we set up a base in China, for instance. They need to be able to duplicate the outfit they have somewhere else. If they haven't been able to work out the relationships among all these components, how are they going to be able to react to that change? They won't be able to because they will have to rebuild everything. If the company gets itself lined up, it will be ready for such changes.