CA steers DLP towards access, identity management

By Neil Roiter, Senior Technology Editor, Information Security magazine 06 Jan 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

CA's entry into the rapidly consolidating data leak prevention (DLP) market takes a somewhat different tack from security companies -- particularly endpoint security vendors, such as Symantec Corp., McAfee Inc. and Trend Micro Inc.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

While CA Inc. is obviously a player in that market, it approaches the acquisition of DLP vendor Orchestria Corp., which was announced yesterday, primarily from anidentity and access management perspective.

"Or competitors tend to be more IBM and Oracle, from an identity and access management point of view, and today they don't have these technologies," said Dave Hansen, senior vice president and general manager of CA's Security Management business unit. "Being a leader in the stand-alone DLP space, but then also in the integrated identity and access management with DLP space is going to be our niche in the market."

CA has potential to make all this work for it; whether they can work it out is simply a question of integration. Nick Selby research director of enterprise security, 451 Group

Both IBM and Oracle Corp. are Orchestria partners. Hansen said CA will be reviewing Orchestria's partnerships "very judiciously" in the coming weeks. Hansen also said CA will review channel opportunities with Orchestria.

"Focus on enterprise strategic accounts, making this available through our channels is something we're sitting down with Orchestria about, and determining their routes to market," he said. "They had a lot of direct as well. We'll be reviewing that and publishing our strategy over the next few weeks.

CA has focused on extending its IAM capabilities through acquisitions in recent months, snapping up identity and role management company Eurekify Ltd. in November and IDFocus, which brings strong separation of duty capabilities, in October.

DLP market: Code Green enters consolidated DLP Market: Code Green Networks Inc., one of a fistful of remaining independent DLP vendors, hopes to capitalize on enterprises that are ready to deploy in this maturing space. Microsoft to embed data classification, strengthen ties with DLP: Microsoft will embed data classification technology into its platform under a deal that ties Active Directory Rights Management Services with RSA's data loss prevention suite.

Hansen said CA's goal is to integrate Orchestria in time for the RSA Conference in April, leveraging the already integrated Eurekify technology to provision users by role into CA Identity Manager and to use Orchestria's capabilities to "provision confidential data by role."

The latest acquisition is sound strategy, according to Nick Selby, research director of enterprise security at the 451 Group; a logical step in entitlement and identity and access management. Orchestria has solid technology -- strong data classification capabilities combined with data loss prevention "plays very much into entitlement management and identity and access management in 2009."

The key, however, is integration, which Selby said has not been CA's strong suit.

"Because it's strategic, there's a chance CA will actually do something with it," he said. "It makes a great deal of sense for this to land there -- from an identity standpoint, from an endpoint real estate standpoint, as well as from a data classification and agent standpoint. CA has potential to make all this work for it; whether they can work it out is simply a question of integration."

SearchSecurity radio:

Selby said Orchestria has been actively looking for a buyer for some time, and although the purchase price has not been announced, it probably will be cheaper than some of the remaining pure-play DLP vendors, such as Fidelis Security Systems Inc. and Code Green Networks Inc. (Other independents include Vericept Corp., Verdasys Inc., GTB Technologies Inc. and Workshare Inc.).

The deal is the latest in a flurry of DLP acquisitions, including Symantec Corp. (Vontu), EMC Corp. (Tablus), McAfee Inc. (Onigma and Reconnex), Raytheon Co. (Oakley), Websense Inc. (Port Authority) and Trend Micro Inc. (Provilla).

Tags: Two-Factor and Multifactor Authentication Strategies,  Client security,  Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Two-Factor and Multifactor Authentication Strategies PCI compliance requirement 7: Restrict access PCI compliance requirement 9: Physical access Best practices: How to implement and maintain enterprise user roles Changing times for identity management RSA researcher Ari Juels: RFID tags may be easily hacked Apple iPhone app could boost two-factor PKI and digital certificates: Security, authentication and implementation Security token and smart card authentication Enterprise single sign-on: Easing the authentication process Exploring authentication methods: How to develop secure systems Client security Sophos integrates encryption into endpoint security Quiz: Endpoint security on a budget How to find sensitive information on the endpoint Trend Micro gets more competitive with BigFix deal CA to acquire Orchestria for DLP Microsoft to embed data classification, strengthen ties with DLP Diverse mobile devices changing security paradigm Antimalware effectiveness put to the test Network access control poised for a comeback by aiming small McAfee adds NAC module, appliance for unified policy enforcement Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions Sophos CEO on Symantec, McAfee after Utimaco acquisition EMC adds configuration management with Configuresoft acquisition Know when you need IDS, IPS or both Symantec acquires Mi5 Networks, bolsters Web security RSA Conference 2009 shines spotlight on security vendor innovation Oracle to buy Sun Microsystems for $7.4 billion Entrust to be acquired by investment firm Enrique Salem takes charge at Symantec Countdown: Top 5 most important questions to ask endpoint security vendors Flaw disclosure debate polarizes SOURCE Boston panel

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AAA server  (SearchSecurity.com) authentication  (SearchSecurity.com) authentication, authorization, and accounting  (SearchSecurity.com) federated identity management  (SearchSecurity.com) Kerberos  (SearchSecurity.com) password hardening  (SearchSecurity.com) typeprint analysis  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary