Protect data, not just access to it, with CA Technologies Content-Aware IAM

If you are a regular reader of this blog, you may be aware of our ongoing vision and strategy relating to Content-Aware IAM.  The core tenet of this vision is to provide not only control over user identities and their access, but also over their information use.  And, further, we will be integrating our IAM components such that knowledge of information content will be used by the other components (e.g., CA SiteMinder) to make better and more granular access management decisions. The goal is to more effectively enforce information use policies, improve security, and simplify compliance across the entire IAM suite.
This is our strategy and roadmap.  We have heard very positive responses from both analysts and customers, and we are excited about the potential this provides for our existing and future customers as they embark on their next-generation IAM initiatives.
Today we announced several products that support Content-Aware IAM:
  • CA Identity Manager -can now directly provision, de-provision, and modify users into the CA DLP user hierarchy. As users' roles change, those changes are passed into DLP, which then automatically changes each user's data usage entitlements. For example, a user in the Finance organization accesses and sends sensitive financial information via email on a regular basis. When the user changes roles from Finance to Marketing, their entitlements will also be changed so that they won't be able to access financial information anymore.  In addition, CA Identity Manager makes this change within DLP, modifying the user's data usage privileges. Now, if this user attempts to email financial information already in his/her possession, the email will be blocked.
  • CA DLP - in addition to the integration with CA Identity Manager described above, this release includes:
    • Content registration detection technique - Scans files and creates a digital "fingerprint" to identify sensitive content as it travels within or exits an organization.
    • Policy driven data encryption for data in use - Initiates the encryption of emails, including attachments and files sent to removable devices, via integration with native and third-party encryption technologies.
    • Role-based event review - Delivers policy and role-based delegation that helps control visibility to events and enable segregation of duties in environments where CA DLP is deployed for multiple disciplines. For example, IT Security, Legal, Compliance, or HR could all deploy their own data policies and review infractions in isolation, protecting confidentiality and privacy.
  • CA TopSecret r15 and CA ACF/2 r15 - Supports Content-Aware IAM in the mainframe environment with new data classification capabilities that help satisfy regulatory needs to control data use.  The new releases of CA ACF2 and CA Top Secret for z/OS can be used to help classify data and ownership according to legal and government regulations. This allows the assignment of specific data classifications to critical resources for purposes of access policy refinement and reporting. Other security and administrative enhancements in these mainframe products include: reporting, certificate management, role-based security, operating system support, and protection of assets.

More Here