News

CA expert says security model is changing

• By Rich Seeley
• June 18, 2003

With this week's unveiling of its eTrust Secure Content Management product, Computer Associates (CA) International Inc. is advancing a holistic approach to security as a content management strategy rather than as a content-blocking tactic.

The new CA offering can transform computer security from the old model of keeping people out of databases to the new model of ensuring that customers have secure access to data, said Ron Moritz, senior VP and chief security strategist at Computer Associates.

Asked to elaborate, he told e-ADT: "The classic containment model [is] where you don't share information; where, in fact, it becomes very difficult to extract information from your partners, your suppliers, your vendors or anybody you may be working with."

That model is breaking down with the spread of Web services and the Web browser applications they support.

"Today, much of what we are doing inside the corporation is about virtualization," Moritz said. "It's about extending the corporate boundaries well beyond the walls or gates of the organization, which means that what we're doing is releasing more information than we've ever released to consumers of information that may exist anywhere. They may exist in far-reaching corners of our own corporation, they may be suppliers, contractors or consultants. And, more often than not, they're customers. They are consumers. They are the people who pay our bills, in effect. So the way you can acquire new customers, and the way that you retain customers -- customer acquisition and retention being a primary goal for almost any CEO -- is to make sure that they can have access to their information."

Moritz maintains that almost every organization is looking at ways to extend boundaries so more information can be pushed out.

"Here at CA we do that by giving customers access to information that previously only a sales rep or an executive would have about the purchasing behavior of a customer -- the history, the support," he explained.

But this model requires a security system that doesn't focus mostly on keeping information from users. Rather, the focus is on helping users to access the information they need, and in making sure the information is protected and viewed only by the people authorized to access it.

"A lot of the state and federal regulation around privacy is related to that concept," Moritz said. "What they are saying is that inasmuch as the information about you is stored at a hospital where you've had a procedure is your information, the hospital is simply a caretaker of that [information]. That's what federal legislation [means when it] talks about the protection of personal health information, recognizing that that information is yours as the patient."

CA's eTrust Secure Content Management is designed to provide enterprise-wide management of the security policies and practices that enable users to access their information while protecting it from unauthorized or illegal uses, said Moritz.

For more information, please go to www.ca.com