Computer Associates International (CA) has purchased technology for finding and purging unused user IDs on mainframe computers, the company announced Tuesday.
CA disclosed that it bought software from InfoSec Inc. in early March that automatically finds and removes obsolete IDs and user access rights. Terms of the agreement were not disclosed, but CA has been reselling the technology as "eTrust Cleanup" for the past two years, the company said.
InfoSec is privately held and based in North Barrington, Illinois. Mainframe systems run the company's software, which can check information such as the "last used" date for the login, or correlate the user ID with other sources of user information to determine whether it is obsolete, according to Ron Moritz, CA's chief security strategist.
The eTrust Cleanup product currently works alongside CA user provisioning and management tools like CA-ACF2 and Top Secret. CA bought the technology to gain more control over it and more flexibility integrating it with other CA products, Moritz said.
Proliferating user IDs are a huge security problem for companies and increase the risk of hacking and virus attacks. However, finding and removing unused IDs or access privileges after an employee leaves a company or changes roles is difficult and time consuming. The forgotten IDs are frequently flagged in security audits of a company's mainframe systems, Moritz said.
CA plans to integrate eTrust Cleanup more tightly into its suite of identity and access management products to help companies comply with new data privacy and integrity regulations such as the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act, CA said.
Identity and access management has been a top CA priority in recent months. In October, the company announced that it was buying Netegrity, an identity management software company based in Waltham, Massachusetts, for US$430 million in cash.
Earlier this month, CA announced plans for a series of software releases to help customers manage diverse user identity and authorization schemes in heterogenous corporate computing environments. CA said it wants to offer technology products that allow users to simplify authorization and auditing as users move from Web portals to back-end resources like mainframe computers and database applications.
"(InfoSec's technology) is very complimentary to everything else we're doing. There are strong touch points with access management in distributed environments and with Web services access management with (eTrust) SiteMinder," Moritz said.