PHOTO - Vic Mankotia, VP, Security, Asia Pacific & Japan at CA Technologies speaking in Kuala Lumpur.
A shift in approach to security may also make it a business enabler as well as to help meet the problem of trust in a rapidly-changing business and social environment, according to independent software solutions provider CA Technologies.
Speaking on 13 August 2012, CA Technologies vice president, security, Asia Pacific & Japan Vic Mankotia said the company's approach to security was to help organisations to meet the challenges caused rapid changes in communication of 'one to many, and meny to many' as well as to use security to drive business.
"The change in communications has been fuelled by the shift to the cloud at work, followed by a consumerisation of devices," said Mankotia, during a later exchange. "Our Asia Pacific & Japan president, Lionel Lim, asked us to consider what happens when people have to give up the way they have been interacting with each other for thousands of years and switch over to a new way in the space of just one generation? Devices like super-phones, tablets and laptops are built with the single-minded goal of making it easier to get to know more people."
"But what about the quality of trust of those people that you now 'know' and are connected to? How can we scale our mechanism for earning and according trust with the same velocity as the mechanism for getting to know people?" he said, adding that insider threats as well as external attacks were on the increase. "Our president reminded us that we can't meet every person who sends us an e-mail or a text message before making a work or personal decision."
In his presentation, Mankotia said the older approach of building multiple layers to make security 'holes' smaller needed to be supplemented with the security of 'know'. "CA Technologies' security approach is essentially about your knowing what content is being shared by whom on what devices. In this cloud era, the trends of an increasingly comply data-centric world, with multiple cross vertical business collaborations, IT consumerisation, and the need to optimise online interactions means that an organisation's security perimeter - the outer wall - is disappearing. No organisation can clearly say where their network ends and where it merges into other networks."
"Identity intelligence reduces miscommunications so that the right people have the right access to the right information on the right devices," he said. "The solutions CA Technologies brings to enterprise in this new world is Identity Management that is 'content aware,' with advanced authentication that is on premise and in the cloud; this is a two factor authentication, with a single 'Sign On' that works in Federations and Access as well as Password Management: all driving towards trust, better interactions and in securing Data Loss Prevention (DLP) that's at work at the end point, at rest and also in motion."
Proactive approach to people, processes and technology
"Certain information is delivered through social networks; for instance many people may hear of an event via Twitter or Facebook and then turn to traditional media to verify facts," said Mankotia. "The multiple lines of communication also added to a rapid rethinking of security. The approach CA Technologies takes is about 'proacting' rather than just reacting to incidents. It is about taking a data approach: we focus on - 'Know identity, know risk, know content' or who, value, and what. Authentication and validation are the drivers behind our content-aware IAM solution."
"This mirrors the process of the proper boarding of a flight," he said. "From check-in, you go to the gate with three elements - you, your passport and the boarding pass, which has been recorded as a session. The X-ray machine at the final gate is another security measure (akin to DLP) and you board as a privileged user. Identity has become our new perimeter, and a proactive approach to optimising the roles of people, processes and technology."
Associating content and data policies with identities and roles, he said traditional IAM stops at the point of access. "CA Technologies Content-Aware IAM vision is a next-generation approach that takes IAM a step further to help control users, their access and how they handle information. This innovative approach helps organisations protect critical information from inappropriate use or disclosure. This helps us as we move rapidly into a future that is fast-moving with many uncertainties."
"The Malaysia-based companies that are using our identity management solutions lie mostly in telecoms and financial services followed by a rapid interest in healthcare, where many of the current generation of doctors have grown up in an Internet-connected world," said Mankotia.
Sign up for CIO Asia eNewsletters.