Documente Academic
Documente Profesional
Documente Cultură
SOLUTION BRIEF
DRAFT
ca.com
Executive Summary
Challenge
Customers are embracing new technologies and their expectations are changing rapidly in todays
connected world. They want to interact through a variety of applications, at any time and from any device.
Banks, retailers and many other consumer facing organizations are racing to enable new interaction
channels to innovate, grow their business and improve customer loyalty. As they expand online services
and add mobile and social media interactions there is an increasing need to both secure and coordinate
these activities. The key challenge is to deliver innovative new applications and services quickly and to
provide an excellent customer experience across multiple channels.
Opportunity
CA Security solutions provide an integrated approach to enabling and securing multiple channels of
customer interaction. This suite of solutions includes identity management, access management,
advanced authentication, federation and API management in a centralized and scalable format that
improves engagement throughout the customer lifecycle. One security policy can easily be applied to
multiple channels to provide consistent protection and a predictable user experience. This coordinated
approach to identity and access security both speeds time-to-market and reduces ongoing support costs.
Benefits
A centralized approach to identity, authentication and access management across both traditional and
new channels of customer interaction helps provide a consistent and positive user experience. Having a
flexible and scalable IAM solution in place can also accelerate time-to-market with innovative new
services. The combination of being quick to market with new services and having a great user experience
is a good recipe for increased adoption and customer loyalty.
ca.com
Section 1: Challenge
54%
Figure A.
Motivators for
opening networks
to external users
42%
37%
36%
33%
40%
34%
31%
33%
27%
35%
33%
34%
23%
21%
34%
20%
Major motivator
40%
60%
80%
100%
Secondary benefit
At the same time, prospects and customers are a fickle, non-captive audience that is very sensitive to
cumbersome registration or security processes. They reward organizations that simplify interactions, provide
new services quickly and reach them where and when its appropriate. This highlights three key initiatives
for organizations trying to succeed in delivering secure, new business services in a multi-channel
environment: improve customer engagement, accelerate service delivery and externalize the core business.
ca.com
ca.com
Section 2: Solution
Key Requirements
From a business perspective a multi-channel IAM solution should:
Enable simple and user friendly interactions and transactions across multiple applications and devices
Provide the flexibility to quickly adjust to new marketplace trends or consumer habits
Enforce the necessary security with the least impact possible to the user experience
Be easy to manage and offer centralized controls across channels
Provide high scalability and availability for critical customer-facing business services
ca.com
Engagement
Consumer-focused IAM can improve customer engagement throughout the customer lifecycle, starting
with the initial interaction and registration. Identity federation can be leveraged to accept social identities
and risk evaluations can detect suspicious interactions, create device IDs and track initial behavior
patterns. During the online relationship it is important to provide single sign-on to both enterprise and
cloud-based applications as well as federated SSO to partner site and services for good customer
engagement. More sensitive content and transactions require consistent yet flexible authentication across
applications and devices, and should leverage transparent risk-based evaluations to reduce the
opportunity for inappropriate access and fraud without disrupting the user experience.
Acceleration
One way that organizations can accelerate application or services delivery is to leverage a centralized,
customerfocused IAM solution to extract a broad set of security processes from the development process
of each application or service. Simplifying identity and access tasks across application/service types
(mobile, web, cloud) and user groups provides more consistent security, a better customer experience and
reduced administration costs.
Externalization
Integrated web services security and API management can help an organization expose valuable data and
interactions that are currently stuck in internal legacy applications. Packaging functionality in an easily
integrated format can enable customer engagement at new places, open up new channels and extend
brand awareness.
ca.com
Solution Components
CA Identity Suite provides a modular solution for multichannel business enablement and security that
includes the following key components:
Identity Management It is important to have a centralized and highly scalable system to store and
manage the high volume of consumer digital identities, their attributes and the services they are authorized
to access. This solution includes self-service functionality including the ability for users to change their own
password and update profile information. Automated functionality like this can improve the end-user
experience, and reduce the operational costs by providing the consumer with more control over their identity.
In a complex environment, where several brands or business units operate under the same organization,
there are benefits to centrally managing all digital consumer identities: clearly a centrally deployed
solution is more cost effective, but it will also enable consumer identity correlation. This can simplify
consumer behavior analysis across the entities for both security and marketing purposes. Business insights,
analysis and commercial planning are easier at multiple levels when all identities are centrally managed.
Advanced Authentication Traditional userID and password authentication may be okay for baseline
access but flexible, strong authentication methods should be applied as appropriate to provide
additional security for higher risk applications or transactions.
Advanced Authentication and Single Sign-On solutions from CA Technologies are consumer friendly and
software-based. It can easily scale to millions of users and it doesnt require the logistics or distribution
costs required by hardware-based solutions. It can be deployed quickly, is easy for customers to use, and
provides cost effective maintenance and replacement methods. Patented key technology provides unique
protection from dictionary or brute force attacks. Authentication credentials can be utilized for web
applications as well as mobile browser access and can be embedded in native mobile applications.
Out-of-band authentication methods including SMS, email and voice can be easily deployed for
registration/enrollment as well as step-up authentications when necessary.
Risk-based evaluations check a wide range of contextual factors to detect suspicious behavior in realtime
without interfering with the user experience. When higher risk situations occur a variety of stronger
authentication can be enforced to further prove the users identity or verify transactions to reduce fraud.
Device identification provides additional identity assurance and can be utilized to enforce rules for specific
device types. Risk evaluation rules can be set-up once, managed from a common console, and applied to
multiple channels to provide a consistent level of security and a predictable experience for customers. This
coordinated approach is also easier for an organization to manage and support.
Access Management/Single Sign-on Centralized access management that enables basic user
authentication and single sign-on, policy-based authorization and auditing is critical to providing a
good customer experience across applications and channels. In a complex multi-channel landscape,
web single sign-on enables consumers to move from one web site or transaction to another, smoothly
interacting with other applications or external sites along the way. Deploying a central access
management solution in a multi-channel landscape eliminates the need to develop an access
management layer for each of the channels and systems involved. Therefore it can accelerate the
deployment time of new consumer services and reduce the total cost of ownership. Being able to access
multiple directories for identity information and having centralized session logs for users across many
channels improves security and can provide valuable business and marketing intelligence.
ca.com
Federation Many times a good overall customer experience may include the need for customers to
access sites, services and transactions across domains within the organization or with business partners.
Federation enables the quick establishment of online trust relationships. Seamless navigation across a
variety of domains can help provide a more complete user experience which can increase revenue for
both the host organization and partners. Federation solves one of the challenges in monetizing social
mediahow to bring consumers from a social media page to your business and commerce environments
where transactions can be processed. Long processes, waiting times, or required forms to move from one
environment to the other will lead to much higher abandonment rates and thus a lower volume of
qualified prospects and customers. The user experience should be quick, simple and almost seamless,
which is one of the key benefits provided by identity federation. For SaaS providers, federation is critical
to effectively scale and support many tenants without having to house and manage all the tenants
users and identity attributes.
API Management and Security APIs are a key element to enable todays cloud, mobile and complex
composite applications. As the number of business services with APIs expands rapidly it is important to
have an efficient way to open APIs to partners, developers, mobile apps and cloud services in a secure
and scalable way. The gateways for API, mobile, SOA and cloud, combined with supporting software like
the OAuth Toolkit, enable organizations to securely and easily open up applications. The API Portal helps
build a developer community by providing functionality for onboarding, engaging, educating, managing
and even monetizing developers. This coordinated set of capabilities makes it easier to extend your
online and mobile footprint and leverage new routes to market.
Figure B.
CA Technologies
offers a robust set
of identity and
access management
capabilities to
better engage
customers, enable
innovation and
reduce support
costs.
Mobile Browser
Social Media
Mobile Applications
Identity and
Authentication
Across Channels
Better Customer Experience
Quick Time-to-Value
Accelerate Loyalty
Programs Initiatives
Accelerate Big Data
Initiatives
ca.com
Together these capabilities can help support and secure customer activity through a variety of channels
while improving the customer experience and lowering the overall cost of security and support. (Figure B)
A common use case related to federated identities in a multi-channel environment is social sign-on with
step-up authentication required when necessary. An e-commerce site may trust social identities to provide
easy and smooth access to the offers of the day page on the site. For this type of activity with low
associated risk, a federated identity from a third-party trusted source is good enough. But, when a more
risky transaction is about to be executed, such as redeeming loyalty program points, you may want to
escalate the security controls and step up the authentication to a higher trust model leveraging flexible
advanced authentication features.
This scenario (Figure C) is made possible by combining several capabilities mentioned above: federation
capabilities enabled a trust model with social media, advanced authentication methods were used when a higher
level of trust was required, and the access management layer was the one orchestrating it all, with a policy-based
engine capable of deciding when to use each kind of authentication and what level of access was appropriate.
Figure C.
Leverage social
identities to
improve the
customer
experience, increase
registrations and
facilitate low-risk
activities.
Use Consumer Identity for initial customer acquisition and low risk transactions
Simple new user registration
increases sign up rate
Collecting identity attributes
allows for immediate
personalized marketing
No sign-in for loyalty balance
viewing and other simple
transactions increases visits
Sign in with stronger credentials when needed for high value transactions
ca.com
Section 3: Benefits
ca.com
Section 4:
Conclusions
CA Security solutions help organizations grow their customer base and increase revenue by enabling them
to get new online applications and services to market quickly, securely and in a user convenient manner.
Our customer-focused identity and access management solutions can help you leverage the growing
opportunities in cloud, mobile and social media. You can improve time-to- value by centralizing identity
and access security across all areas (web, mobile and cloud). Our solutions help you improve customer
engagement by providing a convenient and simple experience via transparent strong authentication,
single sign-on, and by better leveraging APIs and existing social identitiesresulting in new revenue
opportunities and improved customer loyalty.
More than 2,000 organizations worldwide trust CA Technologies to help them with identity and
access management security, including 12 of the top 15 commercial banks (based on Fortune magazine
2014 listings).
CA Technologies understands your business challenges and your need to quickly go to market with new,
innovative and yet secure consumer-facing services across channels. Our security solutions can help
enable business and extend reach, while reducing the overall risk of deploying and operating a
multichannel business.
CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables
them to seize the opportunities of the application economy. Software is at the heart of every business,
in every industry. From planning to development to management and security, CA is working with
companies worldwide to change the way we live, transact and communicate across mobile, private
and public cloud, distributed and mainframe environments. Learn more at ca.com.
1 Quocirca: Digital Identities and the Open Business, Feb 2013
Copyright 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your
informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is
without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for
any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in
advance of the possibility of such damages. CA does not provide legal advice. Neither this document nor any software product referenced herein serves as a substitute for your compliance
with any laws (including but not limited to any act, statute, regulation, rule, directive, standard, policy, administrative order, executive order, and so on (collectively, Laws)) referenced
herein or any contract obligations with any third parties. You should consult with competent legal counsel regarding any such Laws or contract obligations.
CS200-87139_1214