At CA Technologies, mobile security is not just a solution for customers; it's a practice that IT security leaders have embraced internally. CA's Robert Primm discusses how to secure a borderless workplace.
"The impact of mobility on the enterprise in recent years has really transformed how we look at mobility," says Primm, who is Director of IT Security at CA Technologies.
Part of this new outlook is ensuring that employees have easy, remote access to the critical information they need, wherever and whenever they need it. And the rest is about ensuring the necessary security and ease-of-use measures to help prevent a devastating breach.
"We've actually developed policies, procedures and a wide variety of technology to enforce security and its importance," Primm says. "But also mobility and the user experience have really challenged how we traditionally look at IT security."
In an interview about CA's unique approach, Primm discusses:
- Mobile adoption at CA;
- How he addressed mobile security challenges internally;
- Business benefits derived from CA's OneAccess mobile app.
Primm is a senior IT Security professional with over 10 years' experience in IT auditing and compliance, SAP security and management of identity and access management solutions. He has led a number of projects related to both CA GovernanceMinder, CA SiteMinder and CA IdentityMinder. He currently leads the Identity and Access Management team at CA. He is ITIL certified and maintains a CISA.
Mobile Usage at CA
TOM FIELD: Rob, to start with, why don't you tell us just a bit about yourself and your specific role with CA?
ROBERT PRIMM: I'm the Director if Identity and Access Management and SAP Security for CA. My team manages a variety of security products to secure our company. The solutions include Identity Manager, Identity Governance, CA SSO and all solutions that are meant to secure the company. And lucky enough I work for CA that we implement those same products and use them to secure our company.
My previous experience is around time at Deloitte as an auditor and then also working with NCA in the IT Compliance Team.
FIELD: You spoke about using the technologies to secure CA, and that's what excites me is we have the opportunity to talk about what you're doing internally with CA. So with that sort of as our backdrop, how do you view mobile adoption in employee usage at CA today?
PRIMM: I'd say that mobile adoption at CA is definitely something that is a hot topic. The impact of mobility in the enterprise over the recent years has really transformed how we look at mobility, and our employees are constantly looking for new ways to enjoy the benefit of mobility. GIS has had to adjust to respond to the employee demands that we have - GIS has the internal function that provides the IT resources for CA. Mobility has really provided a good opportunity for us to improve productivity, but also employee satisfaction.
The Security Challenges
FIELD: And of course with that comes challenges for security. So what do you find to have been the biggest employee mobility challenges that you've had to deal with in your role?
PRIMM: There are two challenges, and one of them has kind of multiple components, in my eyes anyway. The first challenge is really around making sure that the applications are mobile-ready. And what does that mean? Those two components are ensuring that the application is secured, because now you're letting somebody take an application that you know they're accessing from anywhere in the world, and we need to not just secure a data center somewhere; we need to make sure that their device is secured and the application. And then second is user experience because you know if it's not easy to use, people just aren't going to use it. So you can secure it all you want, but if it's not easy to use and the user experience isn't there, then nobody is going to wind up logging onto that application or utilizing the functionality that you think you've given them.
The second thing really is in line with the first item that I mentioned, which is really just user adoption - a huge challenge for us. As an internal component, GIS actually had to launch a marketing campaign to share what we had available. Just sending out emails never works anymore, as you know. And so we had to think of new creative ways to really market to our internal customer, which is the business in our case.
Potential Breach Impact
FIELD: If you take a step back and take a look at mobility security, what do you see as the implications of a breach for any organization, but particularly for your own?
PRIMM: Really, the implications of a mobile security breach are going to be very similar to the implications of a normal breach today of somebody's internal network. So once you have that breach, there's lost trust from customers, so there's also loss of confidence from a financial perspective when we look at the Wall Street banks, right? So at CA we've actually developed security policies, procedures in a wide variety of technology to enforce security and its importance. But also, mobility and user experience have really challenged the way we traditionally look at IT security. We now have to worry about not just securing a data center in our main office; we have to worry about securing devices anywhere anytime, and that's been a real challenge. And solutions need to be both secure, but also not prevent the business from getting their work done. And that's what led GIS to develop an app that uses CA solutions to further secure that mobile experience. We had to make sure that that it was secure, but also that it let our business do what they needed to in a way that was user friendly and didn't prohibit what they need to accomplish on a daily basis.
Enter: OneAccess
FIELD: You're talking about the OneAccess mobile app. What can you tell us about the OneAccess solution and the technologies that you've deployed to support it?
PRIMM: With the adoption of OneAccess, we have seen a large increase in the number of mobile users. OneAccess allows our employees to log in to applications that they normally wouldn't have access to from anywhere from a mobile device, whether they are on vacation, whether they are in the office and maybe just not at their desk, and they want to be able to approve something or execute a transaction. And what this actually does is it allows them to access multiple applications without entering a password constantly. And with the advent of mobile technology, as people started using their mobile devices for more, what they encountered was that every time they went to an application they would wind up having to enter their user name and password each time. What OneAccess does is it allows you log in once, and then you don't have to log in again. So if you're going to any of the applications that are within OneAccess, you can actually log in and then you just click on these tiles and it gets you to whatever application you need to without having to enter in your credentials every single time.
OneAccess was internally developed, and the solution was created using CA API management, CA SSO, and CA Identity Manager.
CA API management allowed us the ability to expose certain APIs and utilize the functionality of CA SSO and CA Identity Manager.
For CA Identity Manager, we were able to expose components that are normally internal to our network, and we didn't have to expose the entire application. We were able to just expose little components such as 'forgot my password,' such as 'reset my password' or 'unlock my account.'
CA SSO was able to use that API management, and now when you need to log into OneAccess you click on a tile and the background is communicating with CA SSO to authenticate you and then forward you on to the application once you've authenticated.
OneAccess started off as an application where it was really more about just making sure that nobody had to enter a password anymore. So every time you launch a mobile device, we wanted to make it so that you didn't have to enter a password. However, we've started further enhance OneAccess to allow for personalization. So now somebody logging in can actually see what they want, how they want it. If you have access to say 20 applications, you may only want to see five of them, or if you want them categorized in a certain way, it is set up that way so that every time you log in no matter what the device, you'll see the same prioritization and personalization and you'll have the same experience.
Improved User Experience
FIELD: Rob, how would you say this has improved the mobile experience for your employees?
PRIMM: The user experience has greatly improved, which is what we were going for. The demand for the application definitely sky-rocketed, and like I said: When we first rolled it out, it was very slow moving. But once we got that marketing campaign underway. it was a huge demand for the application, but additionally for adding new applications to OneAccess. So as new applications are rolled out, the application teams are constantly reaching out to my team to integrate their application so that they can also point to OneAccess and let people know that they are also able to go to OneAccess to access the application.
The other thing I'd say is that OneAccess has really allowed us to start - and it is a slow start of course - closing the flood gates on today's digital distractions. I mean, if I know I can go to one place and access what I need, I won't log on to the internet, for example and wind up getting lost in going through whatever application Even on the intranet that we have, it's easy to get lost because there is so much available to our employees today. Having one place to go where they know they can get everything they need done, it provides a huge benefit.
The other thing I'd say is that we started off with just a couple of applications, and we're into over 10 applications now that are within OneAccess, and we're going at it on a daily basis where new applications come out, and the application teams are coming to us and we're adding them. So we're looking to grow that number exponentially over the next year.
Business Benefits
FIELD: What would you say are the key benefits that CA has recognized since the solution was deployed?
PRIMM: I'd say there are a couple. There is adoption = user engagement from their mobile devices has grown significantly. It's no longer have the pain of logging on multiple times to multiple applications.
And then there is also experience. Employees are able to enjoy their day to day activities much more. They don't have to VPN in any more. They can just go on to their mobile device and just use the app from their phone and complete the task that they want to complete. At the end of the day, they are much more productive.
The last point is security and we did all this without sacrificing security.
Lessons for External Organizations
FIELD: Last question for you Rob. If you had to boil it down, where can external organizations learn more about this CA solution?
PRIMM: So there are definitely a few different ways. You can always connect with your CA account executive, but if you'd like to do some research on your own you can go to our website, which is www.CA.com. There you can either go to the CA SSO or CA API management product page, or you can go to the community's page. The security community site has a recording of our CIO, Paul Pronsati, giving a presentation on how we deployed this solution.