News Feed Item

CA Technologies Announces New Security Solutions to Protect APIs, Mobile Apps and Cloud Services from Development to Runtime

CA Technologies (NASDAQ:CA) today announced new and updated identity-based solutions to help secure the increasing number of cloud, web and mobile applications operating in today’s open enterprise.

The new mobility and API solutions announced today accelerate mobile app development, improve application performance and deliver security and user convenience from the client to the backend.

“The expansion of mobile and cloud use and the growth in API adoption has opened the enterprise and further complicated the security challenge of balancing business enablement with business protection,” said Mike Denning, senior vice president and general manager, Security business, CA Technologies. “CA is the only company that can protect data and applications operating in today’s open enterprise from development through runtime and from device to data center.”

According to a recent report, “Forrester predicts that in 2014, mobile and cloud adoption will continue to drive identity and access management (IAM) toward application programming interface (API) management.”*

CA’s identity and access management (IAM) solutions help ensure the right users and devices have the right access to the right data—whether the user is a developer building the latest cloud mashup or mobile app, a customer accessing his or her mobile banking application or an employee accessing a corporate cloud service.

“At Orlando Utilities Commission (OUC), we are putting our data to work for us in the form of APIs to better serve our customers,” said George Delacova, Solution Architect, for OUC—The Reliable One, the second largest municipal utility in Florida. “By securely opening our data as APIs to trusted payment partners, our customer portal and our interactive telephone system, we now have applications that can receive a customer payment and get a customer’s power up and running within minutes. Working with CA Technologies to manage and secure those APIs is critical to our ability to put the customer first and deliver the best experience.”

Securing the Mobile Enterprise with Unmatched User Convenience

To help organizations meet the security needs for a broad range of mobile apps—whether custom-built, vendor-provided or accessed via a Web browser—CA Technologies offers a unified Web and API security and management solution. This helps speed the development process for software engineers and optimize app performance during peak loads. Additional new application security and advanced authentication solutions help secure the app once deployed.

According to Forrester Research, Inc., “Development shops are just starting to grapple with the biggest change to system architecture since the rise of client/server in the early 1990s: omnichannel clients deployed on smartphones, tablets, and other connected devices. The mobile-first focus these organizations adopt forces application architects to think differently about the APIs clients use to access data and functionality.”**

The CA Layer 7 API Portal makes it simple to create a branded online interface for developers so they can access all the design time resources needed to quickly discover and understand an API, and then create an application and track its usage. Designed to support partner, third-party and internal developers across multiple groups simultaneously, this solution grants each unit its own set of access and API publishing privileges — all from a single portal. The newest release of the API portal provides important features to speed application development with the security expected by the business and customers, including:

  • API discovery, interactive documentation and exploration.
  • Improved and simplified API grouping and advanced packaging that allows developers to add functionality to an application with one click.
  • Integration with the CA Layer 7 Mobile Access GatewayTM to easily add security to an application.

The CA Layer 7 Mobile Access Gateway simplifies the process of adapting internal data, applications and security infrastructure for mobile use. It provides a centralized way to maintain and control security and management policies for information assets exposed via APIs while delivering a consistent level of performance for the app end user. It was the first API Gateway to provide an out-of-the box security software development kit (SDK) to speed incorporating token handling and single sign-on in mobile apps for secure authorization of users, apps and devices. New functionality for the Mobile Access Gateway includes:

  • Integration of CA SiteMinder® session cookies and the Mobile SDK to extend the SiteMinder SSO credentials with native mobile apps.
  • Social login to enterprise mobile apps, providing convenience for the user while maintaining security and governance.
  • Support for the Adobe PhoneGap cross-platform mobile development framework.

Once a mobile app is deployed and running, another level of security is required to help ensure the right user—employing the right device at the right time from the right location—has access to approved applications.

CA Mobile Application Management (CA MAM) is a new, organically developed solution for the BYOD enterprise. CA MAM leverages CA’s innovative Smart Containerization™ technology to dynamically control mobile application access policies at a granular level while retaining the native app experience specific to the device or platform. Features such as geo-fencing, time-fencing, network-fencing and enhanced authentication define and enforce detailed access policies related to geographies, time of day and networks, further improving security of enterprise mobile apps.

The current release of CA Advanced Authentication complements the solutions announced today by providing a variety of strong authentication credentials and risk-based evaluation tools for mobile environments. Features in CA Advanced Authentication that make security convenient and seamless to the user include:

  • An SDK that embeds strong authentication into a mobile app. With the option of leveraging a PKI or one time password (OTP) software credential, security and user convenience is greatly streamlined and improved.
  • A PKI credential to provide a seamless user experience. The user simply logs in with their usual password and behind the scenes the strong authentication is taking place.
  • An OTP that can be generated by CA Technologies free mobile app, or it can be delivered in the form of text message, voice message or email.

“Customer convenience has become a key business advantage. The easier a transaction is, the happier the customer,” said Vincenzo Pompa, CEO of PosteCom, the IT and eBusiness innovation company of Poste Italiane. “For convenience sake, it’s important for Poste Italiane to offer mobile options to our customers for a variety of services, but we need to do it securely. Our collaboration with CA Technologies to engage our customers on their mobile devices and protect online transactions is important for innovating and growing our business.”

In addition to the Identity and Access Management solutions announced today, CA Technologies also announced its CA Management Cloud for Mobility. Several of the IAM solutions announced today are included in that offering, enabling end-to-end mobile security and management from development through runtime and from the device to the data center.

CA Technologies is demonstrating its IAM portfolio at RSA Conference USA 2014 in booth 2709. In addition, representatives are speaking at the CSA Summit, and the company is hosting an API workshop.

Supporting Facts, Stats on the Open Enterprise

  • The issue of mobile app creation and security is at the top of senior IT leaders’ agendas. In a recent global study, more than one third of respondents acknowledged that security and privacy concerns around mobility are their number one challenges. At the same time, the study showed that 63 percent of respondents view mobile apps for customers or employees as their number one priority.***
  • 451 Research “believes that a conservative estimate of the revenue generated by cloud vendors in 2012 was $5.7 billion, and the market will grow at a CAGR of 36 percent to reach $19.5 billion in 2016.”****
  • The number of APIs has grown to over 11,000, up from 9,000 as reported on April 30, 2013.
  • Overall app use in 2013 posted 115 percent year-over-year growth (Flurry Analytics).

*Predictions 2014: Identity And Access Management, Forrester Research, Inc., January 7, 2014

**The Forrester Wave™: API Management Platforms, Q1 2013, Forrester Research, Inc., February 5, 2013

***Enterprise Mobility–It’s All About the Apps, TechInsights, November 2013

****Cloud Computing Overview Report 2013, 451 Research, Yulitza Peraza and Greg Zwakman, August 2013

About CA Technologies

CA Technologies (NASDAQ: CA) provides IT management solutions that help customers manage and secure complex IT environments to support agile business services. Organizations leverage CA Technologies software and SaaS solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to the cloud. Learn more about CA Technologies at www.ca.com.

Follow CA Technologies

Social Media Page
Press Releases

Legal Notices

Copyright © 2014 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
SYS-CON Events announced today that StarNet Communications will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. StarNet Communications’ FastX is the industry first cloud-based remote X Windows emulator. Using standard Web browsers (FireFox, Chrome, Safari, etc.) users from around the world gain highly secure access to applications and data hosted on Linux-based servers in a central data center. ...
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys). The Virgil Keys Service consists of a public key service and a private key escrow service. 

SYS-CON Events announced today that eCube Systems, the leading provider of modern development tools and best practices for Continuous Integration on OpenVMS, will exhibit at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. eCube Systems offers a family of middleware products and development tools that maximize return on technology investment by leveraging existing technical equity to meet evolving business needs. ...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, will discuss how customers are able to achieve a level of transparency that e...
Amazon has gradually rolled out parts of its IoT offerings, but these are just the tip of the iceberg. In addition to optimizing their backend AWS offerings, Amazon is laying the ground work to be a major force in IoT - especially in the connected home and office. In his session at @ThingsExpo, Chris Kocher, founder and managing director of Grey Heron, explained how Amazon is extending its reach to become a major force in IoT by building on its dominant cloud IoT platform, its Dash Button strat...
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessi...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
DevOps is speeding towards the IT world like a freight train and the hype around it is deafening. There is no reason to be afraid of this change as it is the natural reaction to the agile movement that revolutionized development just a few years ago. By definition, DevOps is the natural alignment of IT performance to business profitability. The relevance of this has yet to be quantified but it has been suggested that the route to the CEO’s chair will come from the IT leaders that successfully ma...
Fifty billion connected devices and still no winning protocols standards. HTTP, WebSockets, MQTT, and CoAP seem to be leading in the IoT protocol race at the moment but many more protocols are getting introduced on a regular basis. Each protocol has its pros and cons depending on the nature of the communications. Does there really need to be only one protocol to rule them all? Of course not. In his session at @ThingsExpo, Chris Matthieu, co-founder and CTO of Octoblu, walk you through how Oct...
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
@DevOpsSummit has been named the ‘Top DevOps Influencer' by iTrend. iTrend processes millions of conversations, tweets, interactions, news articles, press releases, blog posts - and extract meaning form them and analyzes mobile and desktop software platforms used to communicate, various metadata (such as geo location), and automation tools. In overall placement, @DevOpsSummit ranked as the number one ‘DevOps Influencer' followed by @CloudExpo at third, and @MicroservicesE at 24th.
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.