CA Technologies: Securing the Expanded Attack Surface of Digital Businesses
Mordecai Rosen, GM - Security Business
Digital transformation is disrupting traditional IT security in ways companies never imagined. As enterprises become more connected and highly reliant on mobile, cloud, and the Internet of Things, they are increasingly vulnerable to systemic cyber attacks that endanger business and the economy.
“Traditional security approaches are no longer effective. The walls have been eroded and the attack surface has expanded,” says Mordecai Rosen, General Manager of CA Technologies Security business. “A defense in depth approach is more important than ever, and CA Technologies is the leader in helping organizations defend against two of the most commonly exploited attack vectors: compromised identity and access credentials, and application vulnerabilities,” he adds.
Security cannot be an afterthought
“CA has always said that security can’t be something you bolt on at the time of deployment,” Rosen explains. “It needs to be built into the process and baked into every aspect of application architecture, design, development, and deployment.”
With 90 percent of security incidents resulting from exploits against defects in software, addressing this issue could have a significant impact on data breach statistics. CA has jumped into the application security market with its recent acquisition of Veracode, a leader in securing the world’s software.
“We know the only way to minimize attacks on application vulnerabilities is to fully integrate application security into the software development lifecycle,” Rosen says. He further adds, “Modern paradigms like DevSecOps bring security into the development process sooner and allow organizations to respond to threats and market shifts quickly with security at the heart of their software innovations.”
Identity-centric Security for Digital Business Success
Last year’s Verizon Data Breach Report showed that 63 percent of all confirmed data breaches use lost, stolen or weak credentials, such as user names and passwords.
This is the area where CA Technologies has deep roots and expertise. The company supports its customers with a broadest portfolio of identity and access management (IAM), payment security, and data classification solutions to protect businesses while delivering a great experience for their customers.
CA has a long history in behavior analytics, having incorporated it into its enterprise Advanced Authentication and Payment Security SaaS solutions
“In the application economy–where a customer can be lost in six seconds or less–every business must have a customer-first attitude and for security that translates to identity,” says Rosen. “In the digital world, how seamlessly an organization manages its customer, partner, employee, and even IoT identities and their access will determine business success or failure.”
Identity-centric security for digital businesses operating hybrid IT environments brings its own set of challenges. The need to provide secure access to applications in the cloud and on premises while keeping operations simple is no simple task. Multiple systems is not the best option, and to address that issue, CA Technologies introduced CA Identity Service to enable secure and rapid cloud adoption with provisioning, single sign-on, and identity life cycle management.
By ensuring secure, frictionless access for administrators, developers, contractors, and employees, CA has created an engaging, yet secure, user experience that can accelerate the roll out and adoption of new cloud applications–an important capability for any business in a digital transformation.
“CA Identity Service delivers an easy-to-use security solution that encourages organizational adoption– even for the shadow applications that are adopted by the business users which IT needs to secure after-the-fact,” Rosen says. CA Privileged Access Manager supports hybrid IT environments managing access for privileged users across cloud and virtualized services, such as Amazon Web Services and VMWare NSX, distributed systems, and mainframe environments.
“Analysts estimate 80 percent of security breaches involve privileged credentials,” Rosen says. “Once privileged access is compromised, an organization’s most sensitive data is at risk.”
“We’ve seen the damage this kind of infiltration can do in the OPM, Sony, and Target breaches–when outsiders appear as insiders because of compromised credentials. We need to make security smarter to combat this challenge, and that is what CA is committed to,” Rosen adds.
Smarter Security for the Digital Era
CA has a long history in behavior analytics, having incorporated it into its enterprise Advanced Authentication and Payment Security SaaS solutions.
In the payment world, behavioral analytics and machine learning help card issuers distinguish between legitimate and fraudulent activity during card-not-present (online) transactions. Today CA payment security supports 13,000 card portfolios and 200 million cards worldwide.
“Identity is no longer who you are, it’s also what you do,” Rosen says. He adds, “Behavioral analytics, machine learning, and automation make security smarter. That is why we have released CA Threat Analytics to bring behavior to our CA Privileged Access Manager customers.”
“We need smarter tools to help keep pace with bad actors and mitigate risk. CA is committed to incorporating analytics across our portfolio for smarter solutions to combat the threat and streamline security for an excellent user experience,” Rosen adds.