CA continues to flesh out its identity and access management product stack and has bolstered its data loss and prevention offer with the acquisition of New York-based Orchestria.
In November CA bought Eurekify for its role, compliance and policy management solutions, and the month before that acquired IDFocus and the identity management technology known as ACE.
Orchestria is a niche player in the data loss prevention market, a segment Gartner believes is currently worth around $200 to $250 million and one viewed as becoming increasingly important to large enterprises as they enhance their information security and privacy controls.
Whereas access control systems are very able when it comes to restricting access to sensitive business information and corporate databases, data loss and prevention tools can actually stop or limit the use of information once access has been granted.
CA said that deployment of Orchestria’s DLP technology alongside CA’s existing identity and access management solutions would allow organisations to consolidate and strengthen their security postures by including information-centric policies in the process of centrally managing users and roles, and their access throughout the enterprise.
Orchestria has been developing its active policy management approach since 2005, as a means of detecting policy violations in email and web messaging before any communication is sent. It claims to have had 250 customers for its Orchestria suite.
Its systems are designed to safeguard against the misuse of data on the network, at an endpoint, while it is held on a message server, or stored offline as data at rest. It uses pre-set policies and smart tagging to map and detect improper behaviour.
Terms of the deal were not disclosed, but CA did confirm that it fully expects to retain nearly all of Orchestria’s employees.
CBR Opinion
The data loss market is crowded with niche specialists as well as larger concerns such as McAfee and Trend Micro, and CA is positioned to leverage the rising interest in compliance and governance-led data loss prevention initiatives with a broad line in identity management.
