Press Release Summary:
Addressing security/compliance concerns, CA Access Control for Virtual Environments provides visibility and control over virtual environments with features such as activity logging and user password vaulting; automation of security operations to pre-set policies; and creation of secure, multi-tenant environment. Solution also helps control privileged user access by extending identity and access management security.
Original Press Release:
CA Technologies Improves Virtualization Security with CA Access Control for Virtual Environments
New Security Solution Enforces End-to-End Privileged User Management Support for VMware vSphere Environments
ISLANDIA, N.Y. -- CA Technologies (NASDAQ: CA) today announced CA Access Control for Virtual Environments, a new solution that extends its identity and access management (IAM) security expertise, and complements and protects VMware® virtual environments. CA Access Control for Virtual Environments helps customers confidently virtualize critical applications by addressing security and compliance concerns, and helping control privileged user access to the virtual environment.
Virtualization management tools provide IT administrators with tremendous flexibility and power to make significant, rapid changes to their virtual environments. This authority increases the insider threat and raises the need to protect virtual environments from user mistakes, misuse or blatant, malicious actions by those users with the most privilege.
The need for virtualization security was reinforced by recent reports of significant operational disruption and financial impact at a Japanese pharmaceutical company. A former employee reportedly used his credentials to remotely access and delete multiple virtual systems that were running critical applications, such as email and others that supported financial functions.
"The security and control of virtual machines that can be rapidly produced is a contributing factor to the concept of 'virtual stall.' Security is commonly cited as a reason why virtualization is not used more pervasively in a production environment for critical applications," said Mike Denning, general manager, CA Technologies Security business. "Now, with CA Access Control for Virtual Environments in our IAM security portfolio, we can deliver the technology needed to automate end-to-end security of the data center--from the mainframe and physical servers to virtual environments."
CA Access Control for Virtual Environments helps customers:
-- Achieve compliance for their virtual data center through privileged user management for the hypervisor and guest virtual machines;
-- Gain visibility and control over virtual environments with activity logging and privileged user password vaulting;
-- Automate security operations and reduce security costs by applying security controls according to pre-set policies;
-- Expedite adoption of virtualization technology for critical applications by improving security controls; and
-- Create a secure, multi-tenant environment by isolating virtual machines through network zoning.
"We see CA Access Control for Virtual Environments as a key solution that will meet our needs in virtualization security and help us to comply with PCI-DSS requirements," said Arieh Berger, manager, Operating Systems and Information Security, EL AL Airlines. "By complementing and extending the security that comes with VMware, CA Access Control for Virtual Environments will allow us to enact segregation of duties and control privileged user access - all automatically."
CA Technologies, HyTrust Alliance Expands in Scope
CA Access Control for Virtual Environments includes technology from HyTrust, Inc. as part of a collaborative alliance between the companies. By combining CA Technologies proven privileged user access controls for virtual machines with the hypervisor security controls from HyTrust, customers can add increased security to the virtual environment, and protect against unauthorized access and actions by privileged IT administrators. This added level of security is often required on virtual systems in order to comply with industry regulations and to confidently increase the use of virtualization for streamlined operations and reduced cost.
"As adoption of virtualized hardware advances in maturity, enterprises are increasingly compelled to find ways of automating the management and security of the virtualization layer," said Steve Coplan, senior analyst, The 451 Group. "Securing access to the hypervisor and implementing centrally-defined controls on administrative activity are crucial components of any strategy to inject greater oversight and visibility into the virtualized layer. The partnership between CA Technologies and HyTrust brings together expertise and integration at the hypervisor tier with the ability to manage virtualization administrative accounts as part of a broader privileged identity management initiative. The outcome is greater visibility into activity by administrators, and the ability to better define global policies on privilege containment."
CA Access Control for Virtual Environments is available direct from CA Technologies or through a growing global partner channel. As partners offer solutions incorporating VMware solutions or the HyTrust Appliance, CA Access Control for Virtual Environments is a logical enhancement that provides the virtual machine security layer and audit capabilities needed for PCI compliance and various regulatory mandates.
"It is exciting to see the CA Access Control for Virtual Environments solution come to market given it complements and extends VMware environments and helps solution providers meet the security needs of their customers," said Mike Nowlan, vice president of the North American security, virtualization and networking practices for Arrow Enterprise Computing Solutions, a leading provider of enterprise and midrange computing solutions including security, virtualization and networking technologies. Arrow ECS is a value-added distributor for CA Technologies. "Arrow ECS looks forward to connecting solution providers to CA Access Control for Virtual Environments."
CA Technologies IAM Security at VMWorld Europe
CA Technologies will demonstrate CA Access Control for Virtualized Environments at VMWorld Europe (Oct. 18-20) in Bella Center, Copenhagen, Denmark. In addition to showcasing its solution for virtualization security, Nimrod Vax, senior director, product management, CA Technologies; Eric Chiu, president, HyTrust; and Robert Randell, principal security and compliance specialist, VMware, will participate in a panel discussion titled, "Payment Card Industry (PCI) Compliance with CA Technologies, HyTrust and VMware vShield" on Tuesday, October 18 at 9:00 a.m. CET. These security, compliance and virtualization professionals will provide their insight on emerging strategies and solutions for virtualization and PCI compliance.
About CA Technologies
CA Technologies (NASDAQ: CA) is an IT management software and solutions company with expertise across all IT environments - from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 relies on CA Technologies to manage evolving IT ecosystems. For additional information, visit CA Technologies at www.ca.com.
Copyright © 2011 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. VMworld is a registered trademark of VMware, Inc. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.