SOUTHFIELD ? Computer Associates has acquired an advanced mainframe and access management security software package from InfoSec. The application automatically identifies and removes obsolete, unused and rogue user IDs and access rights. Terms of the agreement were not disclosed.
The solution, eTrust Cleanup, helps customers cope with the increased complexity of identity and access management, which is being fueled by government regulations, consumer privacy requirements, Internet-based hacking, virus attacks and other factors. eTrust Cleanup is now part of CA?s eTrust Admin product line for distributed platforms.
Provisioning is the assignment and management of user access rights to applications and resources; deprovisioning is the removal of those rights as required by termination of employment, changes in job function, physical relocation, and other factors. Failure to deprovision users can result in serious security breaches.
eTrust Cleanup uses a role-based security structure to help organizations comply with regulatory, statutory and audit requirements, including the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, Basel II and the Health Insurance Portability and Accountability Act, which require control of material IT systems and processes, and appropriate management of private consumer data. It also responds to the U.S. Department of Homeland Security advisories about current cyber-terrorism threats to mainframe systems, which urges protection against the exposures that can result from weak access management processes.
According to Earl Perkins, vice president of security and risk strategies at META Group, workers are typically assigned an average of 16 IDs to access critical applications during their employment, but only 10 of those IDs will be removed when they leave the company. Unused, obsolete and excessive users IDs and access rights can also accumulate as a result of changes in employee responsibilities, one-time access requests, and the hiring of independent consultants and contractors.
eTrust Cleanup automatically identifies and removes non-essential user IDs and access rights on the mainframe. It also eradicates pre-assigned process IDs used for batch jobs, CICS, terminal, FTP and other processes. These IDs often pose a high security risk because they often carry a high level of authorization and can therefore bypass many levels of security control.
eTrust Cleanup supports z/OS and z/OS.e systems, and requires eTrust CA-ACF2 Security r6.4 for z/OS or higher or eTrust CA-Top Secret Security r5.2 for z/OS or higher. It is available immediately.
