Download - How CA Technologies Enables Its Own Employees and Secures Access to Applications with OneAccess
1 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
How CA Technologies Enables Its Own Employees and Secures Access to Applications with OneAccess
Michael Mendelsohn
Security
CA Technologies
Advisor, Cyber Security
SCT23T
@microbmen
#CAWorld
2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.
The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form any type of
warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.
For Informational Purposes Only
Terms of this Presentation
3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Abstract
OneAccess is CA Technologies’ IT integration of several different products, namely CA Single Sign-On and CA API Gateway, to provide a single mobile-based single sign-on to apps (internal and third party) that are not native to the mobile world. Users have an innovative and secure way to access a range of apps on their mobile devices, regardless of their location.
Michael Mendelsohn
CA Technologies
Advisor, Cyber Security
4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Agenda
BUSINESS CHALLENGE
ANY DEVICE / DESKTOP / MOBILE / WEB / NATIVE
ONEACCESS MODULES
ARCHITECTURE
ANALYTICS
1
2
3
4
5
5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
The Application Economy is driving the rapid adoption of mobile applications
“By 2020, more than 63% of enterprises expect their desktops to be replaced by mobile devices connected to the network via office wireless LAN”
Gartner - “Mobile Device Proliferation Is Forcing Network Leaders to Redesign Enterprise LANs”, Bjarne Munch, Christian Canales, 14 May 2014
6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
The Business Challenge
SECURITY SPEED
USER EXPERIENCE
7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
OneAccess addresses this challenge
Easy access to all Applications
Unified Single Sign-On
Native, Web App, Hybrid
User Entitlements
Info Widgets
Rich Analytics
8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Custom User Workspace
CA Mobile App Analytics
CA Single Sign-On CA Mobile API Gateway
Personalization Identity APIApp
A solution implemented as an integrated offering of SaaS and IaaS
OneAccess 2.0
9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Access to all your Enterprise Applications at your Fingertips
USE ENTERPRISE
APPS
10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
OneAccess Browser Plug-in
11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Next Generation
IDentity Workspace
Single Sign OnMobile & Desktop
Personalization / User
Entitlements
Seamless VPN (Defined by Software) Self-Service ID
Management(eZpassword)
One Time Password
(OTP)
Analytics
Biometrics
Risk Based Authentication
Modular Architecture
12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
SSO to Web and Native AppsUSE
ENTERPRISE APPS
13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Self-Service ID Management - eZpassword
• On the OneAccess mobile app, prior to log on you will see 3 functions.• Unlock Account• Forgot Password• Reset Password
14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Future State: We will have Photo ID for all UX. This will mitigate insider threats.
Experience – At the Office
Logs into Laptop
Clicks OneAccess
CA Single Sign-On
Protected
15 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Username & OTP
Risk Authentication
Profile
(fingerprint)
Pick Photo ID
Use Photo ID
1st
Time
Nth Time
Experience – At Home (Registered Trusted Network)
IPClient
ID
Logs into Laptop
Clicks OneAccess
CA Advanced
Authentication
CA Risk Authentica
tion
16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Experience – Everywhere Else…
Logs into Laptop
Clicks OneAccess
User will have the option to replace their trusted network.
CA Advanced
Authentication
17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
The Mobile API Gateway enables fast, secure mobile delivery of enterprise applications
Benefits
• A common standard across platforms and applications
• Improves developer velocity and time to value
• App, User and Device level security
Identity Manager
Cloud Apps
On-Premises Enterprise Apps
CA SSO ( SiteMinder ) / LDAP / IdP
CA Mobile API Gateway
SECURING THE API
CA Identity Manager
CA Advanced
Authenticaiton
CA API Gateway
CA Single Sign-On
CA Single Sign-On / LDAP / IdP
SalesforceSuccessfactors
Azure
Amazon
18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Application/
Service Pool
OneAccess Application Architecture
CA Single Sign-On
CA Mobile API Gateway
Personalization
Service
(Tomcat)
AD
Oneaccess.ca.comApp 1
App 2
App 3
App N
User Profile and Personalization Data
Tile Access Policy
Service
CADirectory
Active Directory
SQL Database
Web Server
Web Services
SSG/MAG Database
Browser Based Access
OneAccess App Based Access
CA SPS
(Secure Proxy Server)
Ap
ache
MAA Server (SaaS)
CA Mobile OTP
CA Risk Authentication
(For Browser Access)
19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
OneAccess Analytics
What apps do my users have access to?
Who is using what apps? When? Where?
What is user experience like?
SummaryHow far reaching are my applications?
Can I Help users get more value?
Today we do not know who is using the application on a daily basis…
20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Usage
How much is OneAccess being used?
•From a device type (Windows, Mac, IOS, Android)?
•Within a date range?
•By a specified user?
How many times has each Application been clicked by users?
•From desktop?
•From mobile?
•Within a date range?
•By a specified user?
AnalyticsNative OneAccess Data Points
Entitlements
How many users are entitled to use a
specific app?
Is a user entitled to use a specific application?
How many users are currently provisioned
for OneAccess?
Application
What is the total number of apps
defined for desktop ?
What is the total number of apps
defined for mobile ?
What is the total number of widgets
defined?
21 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Where does OneAccess Analytics Come From?Consolidate into a Database and expose on OneAccess Admin Console
Analytics DB
OneAccess Personalization
Browser Mobile App
API Gateway
API Call to Pull Analytics from
MAA
OneAccessAdmin Console
Analytics Dashboard
API Call to Log Analytics
CA APM
MAAAdmin Console
Analytics Dashboard
MAA
API Call to Log Analytics
Secure Proxy Service
22 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
The OneAccess Experience
ENROLL THE
DEVICE
MANAGE THE USER
EXPERIENCE
USE APPLICATIONS
23 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Recommended Sessions
SESSION # TITLE DATE/TIME
SCT19TDefend Against Data Breaches With CA Privileged Access
ManagementWed. Nov 18 at 2:00 pm
SCT31T Knock, Knock – the IoT wants to come in? Wed. Nov 18 at 3:45 pm
SCT21T Enable Omnichannel with Security and API Management Thurs. Nov 19 at 2:00 pm
24 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Must See Demos
Protect Against Fraud & Breaches
CA Advanced Auth
Security Theater
Engage Customers
CA SSO
Security Theater
Innovation – IoTSlot Car
CA AA, APIM
Security Theater
Secure Omni-Channel Access
CA AA, APIM, SSO
Security Theater
25 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Q & A
26 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
For More Information
To learn more, please visit:
http://cainc.to/Nv2VOe
CA World ’15