1 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

How CA Technologies Enables Its Own Employees and Secures Access to Applications with OneAccess

Michael Mendelsohn

Security

CA Technologies

Advisor, Cyber Security

SCT23T

@microbmen

#CAWorld

2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.

The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form any type of

warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.

For Informational Purposes Only

Terms of this Presentation

3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Abstract

OneAccess is CA Technologies’ IT integration of several different products, namely CA Single Sign-On and CA API Gateway, to provide a single mobile-based single sign-on to apps (internal and third party) that are not native to the mobile world. Users have an innovative and secure way to access a range of apps on their mobile devices, regardless of their location.

Michael Mendelsohn

CA Technologies

Advisor, Cyber Security

4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Agenda

BUSINESS CHALLENGE

ANY DEVICE / DESKTOP / MOBILE / WEB / NATIVE

ONEACCESS MODULES

ARCHITECTURE

ANALYTICS

1

2

3

4

5

5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

The Application Economy is driving the rapid adoption of mobile applications

“By 2020, more than 63% of enterprises expect their desktops to be replaced by mobile devices connected to the network via office wireless LAN”

Gartner - “Mobile Device Proliferation Is Forcing Network Leaders to Redesign Enterprise LANs”, Bjarne Munch, Christian Canales, 14 May 2014

6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

The Business Challenge

SECURITY SPEED

USER EXPERIENCE

7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

OneAccess addresses this challenge

Easy access to all Applications

Unified Single Sign-On

Native, Web App, Hybrid

User Entitlements

Info Widgets

Rich Analytics

8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Custom User Workspace

CA Mobile App Analytics

CA Single Sign-On CA Mobile API Gateway

Personalization Identity APIApp

A solution implemented as an integrated offering of SaaS and IaaS

OneAccess 2.0

9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Access to all your Enterprise Applications at your Fingertips

USE ENTERPRISE

APPS

10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

OneAccess Browser Plug-in

11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Next Generation

IDentity Workspace

Single Sign OnMobile & Desktop

Personalization / User

Entitlements

Seamless VPN (Defined by Software) Self-Service ID

Management(eZpassword)

One Time Password

(OTP)

Analytics

Biometrics

Risk Based Authentication

Modular Architecture

12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

SSO to Web and Native AppsUSE

ENTERPRISE APPS

13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Self-Service ID Management - eZpassword

• On the OneAccess mobile app, prior to log on you will see 3 functions.• Unlock Account• Forgot Password• Reset Password

14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Future State: We will have Photo ID for all UX. This will mitigate insider threats.

Experience – At the Office

Logs into Laptop

Clicks OneAccess

CA Single Sign-On

Protected

15 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Username & OTP

Risk Authentication

Profile

(fingerprint)

Pick Photo ID

Use Photo ID

1st

Time

Nth Time

Experience – At Home (Registered Trusted Network)

IPClient

ID

Logs into Laptop

Clicks OneAccess

CA Advanced

Authentication

CA Risk Authentica

tion

16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Experience – Everywhere Else…

Logs into Laptop

Clicks OneAccess

User will have the option to replace their trusted network.

CA Advanced

Authentication

17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

The Mobile API Gateway enables fast, secure mobile delivery of enterprise applications

Benefits

• A common standard across platforms and applications

• Improves developer velocity and time to value

• App, User and Device level security

Identity Manager

Cloud Apps

On-Premises Enterprise Apps

CA SSO ( SiteMinder ) / LDAP / IdP

CA Mobile API Gateway

SECURING THE API

CA Identity Manager

CA Advanced

Authenticaiton

CA API Gateway

CA Single Sign-On

CA Single Sign-On / LDAP / IdP

SalesforceSuccessfactors

Azure

Amazon

18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Application/

Service Pool

OneAccess Application Architecture

CA Single Sign-On

CA Mobile API Gateway

Personalization

Service

(Tomcat)

AD

Oneaccess.ca.comApp 1

App 2

App 3

App N

User Profile and Personalization Data

Tile Access Policy

Service

CADirectory

Active Directory

SQL Database

Web Server

Web Services

SSG/MAG Database

Browser Based Access

OneAccess App Based Access

CA SPS

(Secure Proxy Server)

Ap

ache

MAA Server (SaaS)

CA Mobile OTP

CA Risk Authentication

(For Browser Access)

19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

OneAccess Analytics

What apps do my users have access to?

Who is using what apps? When? Where?

What is user experience like?

SummaryHow far reaching are my applications?

Can I Help users get more value?

Today we do not know who is using the application on a daily basis…

20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Usage

How much is OneAccess being used?

•From a device type (Windows, Mac, IOS, Android)?

•Within a date range?

•By a specified user?

How many times has each Application been clicked by users?

•From desktop?

•From mobile?

•Within a date range?

•By a specified user?

AnalyticsNative OneAccess Data Points

Entitlements

How many users are entitled to use a

specific app?

Is a user entitled to use a specific application?

How many users are currently provisioned

for OneAccess?

Application

What is the total number of apps

defined for desktop ?

What is the total number of apps

defined for mobile ?

What is the total number of widgets

defined?

21 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Where does OneAccess Analytics Come From?Consolidate into a Database and expose on OneAccess Admin Console

Analytics DB

OneAccess Personalization

Browser Mobile App

API Gateway

API Call to Pull Analytics from

MAA

OneAccessAdmin Console

Analytics Dashboard

API Call to Log Analytics

CA APM

MAAAdmin Console

Analytics Dashboard

MAA

API Call to Log Analytics

Secure Proxy Service

22 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

The OneAccess Experience

ENROLL THE

DEVICE

MANAGE THE USER

EXPERIENCE

USE APPLICATIONS

23 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Recommended Sessions

SESSION # TITLE DATE/TIME

SCT19TDefend Against Data Breaches With CA Privileged Access

ManagementWed. Nov 18 at 2:00 pm

SCT31T Knock, Knock – the IoT wants to come in? Wed. Nov 18 at 3:45 pm

SCT21T Enable Omnichannel with Security and API Management Thurs. Nov 19 at 2:00 pm

24 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Must See Demos

Protect Against Fraud & Breaches

CA Advanced Auth

Security Theater

Engage Customers

CA SSO

Security Theater

Innovation – IoTSlot Car

CA AA, APIM

Security Theater

Secure Omni-Channel Access

CA AA, APIM, SSO

Security Theater

25 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Q & A

26 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

For More Information

To learn more, please visit:

http://cainc.to/Nv2VOe

CA World ’15