Mann is focusing on two priorities.
The first is to simplify management reporting so potential security breaches can be pinpointed more readily. It would apply some of the analytic and reporting techniques from the business intelligence world to deduce patterns that could be used to spot incursions, or more importantly to CA’s customers, producing compliance reports.
For instance, if a middle manager in a financial institution has access to transaction details or customer account or identity information across mortgage, loan, credit card, and trading systems, it should be relatively straightforward to kick out a report for security managers to determine if the employee should have access to all those systems, and reports for auditors showing that only the right personnel have access to those systems.
Given that federated ID remains a work in progress among most organizations, and among IT management vendors like CA, getting those reports is often easier said than done.
Mann said that his second main focus is to expose security management functions or processes as services. Probably the most likely area demanding such an approach is the provisioning of new users or de-provisioning of former users.
Mann provided the example of a retailer that rates their competitiveness on their ability to build a store, stock it with merchandise, and recruit employees faster than the competition.
That in essence is the goal of provisioning end user access on IT systems. And exposing it as an orchestrated service that might be triggered by an action in the HR system would be a logical strategy.
That’s because the process would require the orchestration of multiple steps, from registering a new employee onto all the appropriate salary and benefits systems, then choreographing a series of steps that checks the employee’s role, group identity, and correlates with internal policy to determine access privileges.
In this case, CA would work to expose the IT access-related services, but would rely on third party products such as BPEL orchestrators or enterprise service busses to choreograph the rest.
Mann joined CA four years ago. After having helped steer the 2004 acquisition of identity access management provider Netegrity, Mann served as senior vice president of product development for that unit and related units.
His background includes directing business development for Novell’s Net Content business unit, heading an early application service provider venture, and directing product management and consulting for several security-related software and services firms.
