SOLUTION BRIEF

CA IDENTITY, ACCESS AND API MANAGEMENT

Deliver Secure, New Business

Services in a Multi-Channel
Customer Environment

SOLUTION BRIEF

CA DATABASE MANAGEMENT FOR DB2 FOR z/OS

CA Identity Suite provides centralized approach to

secure customer facing multi-channel business.
Consistent identity management, authentication,
authorization and federation capabilities can be
leveraged across web applications, services, and native
mobile applications to enable business in a manner
that helps secure both the organizations and
customers data.
Healthcare
Security Solutions:
Protecting Your Organization,
Patients, And Information

DRAFT

3 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

ca.com

Executive Summary
Challenge
Customers are embracing new technologies and their expectations are changing rapidly in todays
connected world. They want to interact through a variety of applications, at any time and from any device.
Banks, retailers and many other consumer facing organizations are racing to enable new interaction
channels to innovate, grow their business and improve customer loyalty. As they expand online services
and add mobile and social media interactions there is an increasing need to both secure and coordinate
these activities. The key challenge is to deliver innovative new applications and services quickly and to
provide an excellent customer experience across multiple channels.

Opportunity
CA Security solutions provide an integrated approach to enabling and securing multiple channels of
customer interaction. This suite of solutions includes identity management, access management,
advanced authentication, federation and API management in a centralized and scalable format that
improves engagement throughout the customer lifecycle. One security policy can easily be applied to
multiple channels to provide consistent protection and a predictable user experience. This coordinated
approach to identity and access security both speeds time-to-market and reduces ongoing support costs.

Benefits
A centralized approach to identity, authentication and access management across both traditional and
new channels of customer interaction helps provide a consistent and positive user experience. Having a
flexible and scalable IAM solution in place can also accelerate time-to-market with innovative new
services. The combination of being quick to market with new services and having a great user experience
is a good recipe for increased adoption and customer loyalty.

4 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

ca.com

Section 1: Challenge

Provide Multiple Channels of Customer Interaction

Securely
Consumers are quickly being won over by the timeliness and convenience of online and mobile
interactions. The proliferation of laptops, tablets and smart phones and the wireless access that enables
them, has opened up many new avenues of customer engagement. For the sake of this discussion we are
going to refer to different interaction methods such as web and mobile as channels. Customer facing
organizations are racing to deliver a variety of online services and applications to increase revenue, better
engage their customers and differentiate their offerings. In a survey, Quocirca asked 337 organizations
about the leading motivators for extending network access to external users. Figure A shows that the
common themes are customer enablement and increased revenue as depicted by the top two items: to
transact directly with customers (87%) and improve customer experience (75%).1

To transact directly with customers

54%

Improved customer experience

Figure A.
Motivators for
opening networks
to external users

42%

More integrated supply chains

37%

Increase business with existing customers

36%

Attract new customers

Improved partner loyalty

33%
40%
34%

31%

To engage with customers via mobile apps

Improved services to partner organizations

33%

27%

35%
33%
34%

23%
21%

34%
20%

Major motivator

40%

60%

80%

100%

Secondary benefit

At the same time, prospects and customers are a fickle, non-captive audience that is very sensitive to
cumbersome registration or security processes. They reward organizations that simplify interactions, provide
new services quickly and reach them where and when its appropriate. This highlights three key initiatives
for organizations trying to succeed in delivering secure, new business services in a multi-channel
environment: improve customer engagement, accelerate service delivery and externalize the core business.

5 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

ca.com

Improve Customer Engagement

The overall customer experience is a major driver of customer acquisition and retention in the online
space, so its important for organizations to simplify prospect/customer onboarding through lightweight
or social identity enabled registration. Once registered, the customer needs to access a variety of
applications and services with the least amount of friction possible while maintaining the risk appropriate
level of security.
Business and marketing groups require a better understanding of user behavior across channels and
would like to enable self-service processes to both empower end-users and reduce support costs.

Accelerate Service Delivery

Time-to-market can be a powerful advantage in highly competitive consumer markets and innovation
helps build a brand while strengthening customer loyalty. Identity assurance and access security are
critical requirements for online services that contain sensitive customer and organization data and are
being accessed by remote users. Building these security elements into each new application or service
slows the development and quality assurance processes and thus slows time-to-market. Extracting
security related development tasks and implementing consistent yet flexible security policies benefits
both time-to-value and provides a better user experience.

Externalize the Core Business

The digital world is a connected space where people want to consume information and transact in a variety
of ways. Many organizations are struggling to expose valuable data, tools, processes and transactions in all
of the right places and formats. They need to expand their online presence from just web apps to services,
content and data that can be accessed and monetized everywhere: cloud, mobile and the internet of
things. They want to easily expose and manage APIs for this growing number of services to capitalize on
new business models, distribution channels, developer communities and supply chains.
Most consumer facing companies already have a set of online services including web and mobile
applications, but because of acquisitions or the fact that different departments drove the projects,
they find themselves with a variety of identity and access security methods. As the marketplace and
competitive pressures drive the addition of even more online services, a continuation of a fragmented
approach will further erode the customer experience, inflate maintenance and support costs and make
it impossible for the organization to have a cohesive view of customer activity.
More sensitive information and transactions are being made available via online channels and thus,
digital identity and security become more important considerations for both the organization and their
customers. While the potential is great to solidify and grow the customer base by utilizing these new
interaction methods, there are additional risks as well. The news is full of stories about data breaches,
stolen passwords and identity theft, all of which can diminish consumer trust and have a serious impact
on the companys brand.
The ultimate challenge is to provide a great user experience across channels, deliver innovative new services
quickly for competitive advantage and extend services to reach prospects and customers in new places.

6 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

ca.com

Section 2: Solution

Customer-focused Identity and Access Management:

Enabling New Interaction Methods Securely
Modern consumer channels like online, mobile and social are widely used for consumer interaction and
transactions in many sectors, such as banking, retail and insurance. A multi-channel approach enables
maximum exposure to consumers in different demographics and also a cheaper way of doing business,
compared to traditional means of interaction such as in-store shopping or branch banking. With the
majority of new customer interactions being remote, identity and access management becomes the
cornerstone to security, privacy and the correlation of activities into business and marketing intelligence.
Security is a key element in a multi-channel business, and it plays a dual role. It is required for improved
compliance and risk management, but it also can serve as a powerful business enabler. Strong security, as
well as the reputational benefits it can provide, can create consumer trust and brand credibility that will
encourage your customers to leverage additional, more cost effective channels.
Consumer-focused IAM can play an important role across the entire customer lifecycle and across
multiple channels. Starting at the beginning of the customer journey when potential prospects like your
brand or products on social sites, there is an opportunity to convert these friends into identifiable
prospects and customers. The emergence of social media has provided an excellent way for many
organizations to identify legitimate prospects, but they cant effectively market to them unless they
register or share some personal information. The traditional online registration forms result in a high
abandonment rate and many missed opportunities, so organizations are looking to enable prospects to
register easily using their existing social identities. Its simple for the user and provides the basic
information necessary for the organization to create a new identity and begin targeted marketing to the
prospect or customer. This process can be enabled by identity federation capabilities that are part of a
multi-channel IAM solution. Once the user is logged in there are many ways that a centralized IAM
solution can improve the customer experience through single sign-on (SSO) across enterprise and cloudbased applications and federated SSO to partner sites when necessary. As the relationship strengthens
and the user needs to access more sensitive information or conduct transactions, it is important to be
able to do risk-based evaluations and to provide consumer friendly forms of strong authentication.

Key Requirements
From a business perspective a multi-channel IAM solution should:
Enable simple and user friendly interactions and transactions across multiple applications and devices
Provide the flexibility to quickly adjust to new marketplace trends or consumer habits
Enforce the necessary security with the least impact possible to the user experience
Be easy to manage and offer centralized controls across channels
Provide high scalability and availability for critical customer-facing business services

7 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

ca.com

From an IT or security perspective a multi-channel IAM solution should:

Provide a single source of identity management
Manage sessions from multiple channels in one system
Deliver common security policies across multiple channels
Utilize common authentication methods across channels to simplify the experience and provide
consistent security
Enable single sign-on to on-premises and cloud-based applications
Provide seamless federation to cross domain or partner applications and services
Include a user directory that can efficiently scale to tens of millions of users
Enable automated provisioning and access requests to applications and services

Engagement
Consumer-focused IAM can improve customer engagement throughout the customer lifecycle, starting
with the initial interaction and registration. Identity federation can be leveraged to accept social identities
and risk evaluations can detect suspicious interactions, create device IDs and track initial behavior
patterns. During the online relationship it is important to provide single sign-on to both enterprise and
cloud-based applications as well as federated SSO to partner site and services for good customer
engagement. More sensitive content and transactions require consistent yet flexible authentication across
applications and devices, and should leverage transparent risk-based evaluations to reduce the
opportunity for inappropriate access and fraud without disrupting the user experience.

Acceleration
One way that organizations can accelerate application or services delivery is to leverage a centralized,
customerfocused IAM solution to extract a broad set of security processes from the development process
of each application or service. Simplifying identity and access tasks across application/service types
(mobile, web, cloud) and user groups provides more consistent security, a better customer experience and
reduced administration costs.

Externalization
Integrated web services security and API management can help an organization expose valuable data and
interactions that are currently stuck in internal legacy applications. Packaging functionality in an easily
integrated format can enable customer engagement at new places, open up new channels and extend
brand awareness.

8 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

ca.com

Solution Components
CA Identity Suite provides a modular solution for multichannel business enablement and security that
includes the following key components:
Identity Management It is important to have a centralized and highly scalable system to store and
manage the high volume of consumer digital identities, their attributes and the services they are authorized
to access. This solution includes self-service functionality including the ability for users to change their own
password and update profile information. Automated functionality like this can improve the end-user
experience, and reduce the operational costs by providing the consumer with more control over their identity.
In a complex environment, where several brands or business units operate under the same organization,
there are benefits to centrally managing all digital consumer identities: clearly a centrally deployed
solution is more cost effective, but it will also enable consumer identity correlation. This can simplify
consumer behavior analysis across the entities for both security and marketing purposes. Business insights,
analysis and commercial planning are easier at multiple levels when all identities are centrally managed.
Advanced Authentication Traditional userID and password authentication may be okay for baseline
access but flexible, strong authentication methods should be applied as appropriate to provide
additional security for higher risk applications or transactions.
Advanced Authentication and Single Sign-On solutions from CA Technologies are consumer friendly and
software-based. It can easily scale to millions of users and it doesnt require the logistics or distribution
costs required by hardware-based solutions. It can be deployed quickly, is easy for customers to use, and
provides cost effective maintenance and replacement methods. Patented key technology provides unique
protection from dictionary or brute force attacks. Authentication credentials can be utilized for web
applications as well as mobile browser access and can be embedded in native mobile applications.
Out-of-band authentication methods including SMS, email and voice can be easily deployed for
registration/enrollment as well as step-up authentications when necessary.
Risk-based evaluations check a wide range of contextual factors to detect suspicious behavior in realtime
without interfering with the user experience. When higher risk situations occur a variety of stronger
authentication can be enforced to further prove the users identity or verify transactions to reduce fraud.
Device identification provides additional identity assurance and can be utilized to enforce rules for specific
device types. Risk evaluation rules can be set-up once, managed from a common console, and applied to
multiple channels to provide a consistent level of security and a predictable experience for customers. This
coordinated approach is also easier for an organization to manage and support.
Access Management/Single Sign-on Centralized access management that enables basic user
authentication and single sign-on, policy-based authorization and auditing is critical to providing a
good customer experience across applications and channels. In a complex multi-channel landscape,
web single sign-on enables consumers to move from one web site or transaction to another, smoothly
interacting with other applications or external sites along the way. Deploying a central access
management solution in a multi-channel landscape eliminates the need to develop an access
management layer for each of the channels and systems involved. Therefore it can accelerate the
deployment time of new consumer services and reduce the total cost of ownership. Being able to access
multiple directories for identity information and having centralized session logs for users across many
channels improves security and can provide valuable business and marketing intelligence.

9 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

ca.com

Federation Many times a good overall customer experience may include the need for customers to
access sites, services and transactions across domains within the organization or with business partners.
Federation enables the quick establishment of online trust relationships. Seamless navigation across a
variety of domains can help provide a more complete user experience which can increase revenue for
both the host organization and partners. Federation solves one of the challenges in monetizing social
mediahow to bring consumers from a social media page to your business and commerce environments
where transactions can be processed. Long processes, waiting times, or required forms to move from one
environment to the other will lead to much higher abandonment rates and thus a lower volume of
qualified prospects and customers. The user experience should be quick, simple and almost seamless,
which is one of the key benefits provided by identity federation. For SaaS providers, federation is critical
to effectively scale and support many tenants without having to house and manage all the tenants
users and identity attributes.
API Management and Security APIs are a key element to enable todays cloud, mobile and complex
composite applications. As the number of business services with APIs expands rapidly it is important to
have an efficient way to open APIs to partners, developers, mobile apps and cloud services in a secure
and scalable way. The gateways for API, mobile, SOA and cloud, combined with supporting software like
the OAuth Toolkit, enable organizations to securely and easily open up applications. The API Portal helps
build a developer community by providing functionality for onboarding, engaging, educating, managing
and even monetizing developers. This coordinated set of capabilities makes it easier to extend your
online and mobile footprint and leverage new routes to market.

Figure B.
CA Technologies
offers a robust set
of identity and
access management
capabilities to
better engage
customers, enable
innovation and
reduce support
costs.

Online, Web Access

Mobile Browser

Social Media

Mobile Applications

Identity and
Authentication
Across Channels
Better Customer Experience

Lower Cost of Ownership

Social Media Integration

Lower Consumer Helpdesk

Cost

Cross Channel Activity

Learning
Transparent / Step-up
Authentication

Support Business Innovation

Single Security Policy

Quick Time-to-Value

Cloud Deployment Model

Accelerate Loyalty
Programs Initiatives
Accelerate Big Data
Initiatives

10 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

ca.com

Together these capabilities can help support and secure customer activity through a variety of channels
while improving the customer experience and lowering the overall cost of security and support. (Figure B)
A common use case related to federated identities in a multi-channel environment is social sign-on with
step-up authentication required when necessary. An e-commerce site may trust social identities to provide
easy and smooth access to the offers of the day page on the site. For this type of activity with low
associated risk, a federated identity from a third-party trusted source is good enough. But, when a more
risky transaction is about to be executed, such as redeeming loyalty program points, you may want to
escalate the security controls and step up the authentication to a higher trust model leveraging flexible
advanced authentication features.
This scenario (Figure C) is made possible by combining several capabilities mentioned above: federation
capabilities enabled a trust model with social media, advanced authentication methods were used when a higher
level of trust was required, and the access management layer was the one orchestrating it all, with a policy-based
engine capable of deciding when to use each kind of authentication and what level of access was appropriate.
Figure C.
Leverage social
identities to
improve the
customer
experience, increase
registrations and
facilitate low-risk
activities.

Use Consumer Identity for initial customer acquisition and low risk transactions
Simple new user registration
increases sign up rate
Collecting identity attributes
allows for immediate
personalized marketing
No sign-in for loyalty balance
viewing and other simple
transactions increases visits

Sign in with stronger credentials when needed for high value transactions

Cloud Delivery Mode

CA Technologies also provides identity and access management capabilities as a hosted cloud service.
This allows you to quickly obtain security capabilities without having to deploy or manage a large IT
infrastructure typically associated with on-premises implementations.
Services for advanced authentication, single sign-on/federation and identity management allow
your organization to reduce security risk while providing a positive user experience. These services are
hosted and supported 24x7x365 by CA Technologies. High levels of assurance are provided because
services are set up and maintained by fully trained product experts. These cloud-based services can be
adopted independently, integrated with one another or deployed in a hybrid model with a variety of
on-premises security solutions from CA Technologies. And as a cloud service, you pay for only what you
need while maintaining your ability to grow your services as your business requires.

11 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

ca.com

The availability of IAMaaS has brought access to

enterprise IAM capabilities within reach of smaller
organisations and, for larger organisations with legacy
IAM and directory systems, IAMaaS can provide them
with the agility to embrace all these opportunities
through integrating them into a hybrid system. This has
led to a rapid growth in the use of IAMaaS either as the
sole way a business deploys IAM or as part of an onpremise/on-demand hybrid deployment.
Quocirca: Digital Identities and the Open Business, Feb 2013

Section 3: Benefits

Identifying Key Benefits

Providing a high quality customer experience across multiple channels is a difficult challenge but when its
done in a coordinated and secure fashion, it can be a strong differentiator. Aggregating a users multiple
identities in a single account and creating a consolidated view into the accounts activities provides better
business insight and enables targeted marketing. A higher initial adoption rate and increased loyalty are the
benefits from engaging customers in a consistent, intuitive and secure manner. In this dynamic space it is
critical to have a flexible infrastructure that can help get new innovative services to market quickly for
competitive advantage. Delivering services to new places and facilitating the use of your services by partners
and developers can open new routes to market and expand your brand awareness.
CA Technologies offers an IAM solution that can support business innovation across channels and allow
organizations to:
Accelerate the time-to-value for new customer-facing applications and services
Deploy a centralized security solution that covers a broad range of identity and access management
challenges and can reduce the total cost of ownership and administration overhead
Address different types of consumers and provide them the appropriate security measures and a
consistent experience across channels
Establish collaboration and federation with other businesses, including the social web
Select the right delivery mode whether its on-premises, hybrid or from the cloud

12 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

ca.com

Having an IAM system in place is now seen by many

businesses as essential to achieving a wide range of
IT and business goals. Primary amongst these are the
opening up of more and more applications to external
users, the growing use of cloud-based services and the
rise of social media. The ultimate aim is to nurture new
business processes, thereby finding and exploiting new
opportunities. The number of businesses that have
deployed IAM has increased dramatically over the last
four years.
Quocirca: Digital Identities and the Open Business, Feb 2013

Section 4:

Conclusions
CA Security solutions help organizations grow their customer base and increase revenue by enabling them
to get new online applications and services to market quickly, securely and in a user convenient manner.
Our customer-focused identity and access management solutions can help you leverage the growing
opportunities in cloud, mobile and social media. You can improve time-to- value by centralizing identity
and access security across all areas (web, mobile and cloud). Our solutions help you improve customer
engagement by providing a convenient and simple experience via transparent strong authentication,
single sign-on, and by better leveraging APIs and existing social identitiesresulting in new revenue
opportunities and improved customer loyalty.
More than 2,000 organizations worldwide trust CA Technologies to help them with identity and
access management security, including 12 of the top 15 commercial banks (based on Fortune magazine
2014 listings).

13 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT

Those organizations that lack effective IAM are likely

to lag behind their competitors in many areas as
more and more business-to-business (B2B) and
business-to-consumer (B2C) transactions move online,
cloud services become the mainstream source of IT
applications and services for many businesses and
social media takes center stage as a source of identity.
IAM has moved from a security tool to become a
business enabler
Quocirca: Digital Identities and the Open Business, Feb 2013

CA Technologies understands your business challenges and your need to quickly go to market with new,
innovative and yet secure consumer-facing services across channels. Our security solutions can help
enable business and extend reach, while reducing the overall risk of deploying and operating a
multichannel business.

Connect with CA Technologies at ca.com

CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables
them to seize the opportunities of the application economy. Software is at the heart of every business,
in every industry. From planning to development to management and security, CA is working with
companies worldwide to change the way we live, transact and communicate across mobile, private
and public cloud, distributed and mainframe environments. Learn more at ca.com.
1 Quocirca: Digital Identities and the Open Business, Feb 2013
Copyright 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your
informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is
without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for
any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in
advance of the possibility of such damages. CA does not provide legal advice. Neither this document nor any software product referenced herein serves as a substitute for your compliance
with any laws (including but not limited to any act, statute, regulation, rule, directive, standard, policy, administrative order, executive order, and so on (collectively, Laws)) referenced
herein or any contract obligations with any third parties. You should consult with competent legal counsel regarding any such Laws or contract obligations.
CS200-87139_1214