Tsvi KorrenCA Security Management

Improving Security for Retail with Identity and Access Management

WHITE PAPER | MARCH 2014

2 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

Table of Contents

ca.com

Executive Summary 3

Section 1: 4The Growing Diversity in Users, Applications and Access Channels

Section 2: Opportunity 7Harness the Power of Identity-Centric Security

Section 3: 10Technology

Section 4: Benefits 13Support Key Business Goals

Section 5: Conclusion 15Innovation and Leadership through Identity-Centric Security

Section 6: 16About the Author

Executive Summary

3 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

ChallengeThe retail industry is extremely competitive. Retailers today are focused on improving the traditional shopping experience and stretching profit margins, while finding innovative ways to attract new customers and grow revenue. The retail business itself is increasingly driven by technology: where associates, customers and vendors are empowered to access information and make decisions on their own. The transition from the physical store to the Web store is now overshadowed by the imperative to offer services on mobile platforms, through social networks and in the cloud. The convenience, quality and effectiveness of these new tools are becoming a competitive differentiator, making it possible for retailers to have better, longer-lasting relationships with their customers. Large-scale incidents of compromise or theft of customer personal or financial information make the headlines, but even small-scale attacks can cause significant financial and organizational damage, erasing years of work building customer trust. Identity-Centric Security is a pivotal part of the technology solutions aimed at making retail more efficient, secure and competitive.

OpportunityThe challenges of 21st century retail are an opportunity for companies to adapt and embrace technology platforms that create business value. Using practices that put user identities in the center of the security model, we can confidently extend secure business services through new channels, to the mobile consumer and over the internet. Doing so confidently, with safeguards that prevent unauthorized access to customer information, strengthens the relationship and trust between store and customer. The same model will also make a retailer’s internal IT environment more effective by managing the dynamic access needs of associates.

BenefitsThe benefits of Identity-Centric Security can be felt throughout the retail business, with IT helping to:

• Quickly deploy new e-commerce services, and provide a compelling and secure experience, across access models, that turn marketing demographics into customers.

• Empower associates to access information and the tools to do their job, across on-premise and cloud environments, from any authorized device or location.

• Protect customer data from insider threat and external targeted attack.

• Reduce the effort of security administration in an organization that has high turnover, distributed management and a large number of remote locations.

4 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

Section 1:

The Growing Diversity in Users, Applications and Access ChannelsLike many organizations, retailers have traditionally focused on processes that support Identity and Access Management (IAM) for corporate users and associates, on a set of internally-hosted platforms. After the rise of open systems and Internet shopping, attention was diverted to customers and the implementation of e commerce platforms. Recent trends in cloud and mobile adoption push the business to provide associates, customers and external partners with access to an increasing number of services. Allowing secure and appropriate access to diverse users across the various models (web, mobile, on-premise, and cloud) is a major challenge for IT Security organizations.

Diversity in User PopulationsThe reality today is that almost anyone involved in commerce is a user of some IT services. Businesses that recognize this fact are finding it possible to personalize customer interaction, record vital metrics on the health of the business and improve associate productivity from the storefront, to the sales floor, to customer service centers.

Information systems in a typical retailer serve several distinct user populations, each with its own characteristics and needs:

• Corporate users with distinct job functions, who access many applications from an assigned personal computer. These users are similar to internal users in most organizations. They are managed for full time, long-term employment.

• Specialty users in stores, branches, warehouses and other remote locations. These users have distinct job functions, access to some corporate-wide applications, as well as local systems. They are managed for long-term employment.

• Associates and personnel in remote locations, who often do not have access to corporate-wide applications, and may have limited access to local POS or inventory systems. These users are often part-time or temporary, and may change several job functions in the course of a day.

• Users in business partners, suppliers and large customers, who are not employed by the retailer, but may have access to a set of externally-facing applications.

• Consumers and other transient users, who may engage in just a single transaction, or be loyal customers with an account, a profile and a history of repeat business.

In many organizations, this growth was a haphazard reaction to market needs, with little regard to integration or an overall user experience (in some cases without participation of Corporate IT). This resulted in silos of access, managed by different parts of the organization, with different user authentication standards, and varying degrees of security.

5 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

Customers who need access to transactions that include buying online, recording loyalty points, tracking shipment and return at the physical store may need to traverse several websites, sometimes with different authentication, and provide the same information several times. Associates who have access to several applications may need to remember and input several forms of authentication.

As competition has grown, retailers recognized that user access and identity management are a pivotal part of the customer experience. At the same time, software rationalization initiatives are looking to find opportunities to consolidate and streamline common IT services. Corporate IT departments, that used to provide identity and access management to hundreds of full-time employees in a handful of locations, are now pressured to provide access to thousands of associates and millions of customers in remote locations and from unknown networks and devices.

Diversity in Applications and IT ServicesThe retail industry was an early adopter of automated platforms that manage inventory, point of sale and accounting. Initially, these were monolithic mainframe or mid-range systems, running the core of the business. Over time, the core of the business grew to include customer retention, online transactions, shipping and marketing. Use of third party suppliers for indirect shipping, order fulfillment or specialty services allows retailers to offer more services under the same brand, as their platforms are added to the mix.

The single corporate computing platform has been replaced with an interconnected framework of applications and services, running on a variety of IT resources, both inside and outside the company network:

Figure 1:

Diversity in users, services and access channels Consumer

Cloud Platforms

E-Commerce Platforms

Enterprise Data

Store Systems

Partner User

Corporate User

Store Associate

6 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

• Point of sale is moving out of the register line and onto the sales floor, as associates use mobile devices to interact and assist customers with their purchases.

• Providers of branded services expose their applications in the cloud and make them available with varying degrees of integration.

• General corporate functions like human resources, benefits, education, travel, performance management and facilities management run on multiple applications, some cloud-based.

• Marketing and customer retention programs based on social networking and social media make use of public services to analyze customer data.

• Distributed computing places servers and applications onsite at the store or warehouse, where software runs independently from central corporate IT.

Diversity in Access ModelsThe number of ways in which consumers interact with retail organizations continues to grow. Visiting a physical store or using a website or mobile applications are among the channels of interaction that, put together, form the totality of the customer experience. In order to capture and retain these customers across channels, organizations need to provide a convenient, intuitive, and consistent experience. Similarly, associates and partners need to interact with the same data over a variety of devices: in the store, on the road or at a warehouse. Associates may also need to complete a customer transaction that started online, or contend with comparison shopping over mobile devices.

Effective cross-channel security requires solutions that enable applications for one channel (Web) to be easily modified for other channels (mobile) without re-architecting the underlying security capabilities or requiring cumbersome registration, login, or other security processes.

Channels of access may include:

• In store interaction with associates or automated kiosks

• Full website for computers and tablets

• Mobile website for phones and smaller devices

• Mobile applications for a variety of tablets and phones platforms

• Devices used by associates, from full terminals to handheld scanners

The Security ChallengeConnecting external users to internal data and providing cloud services to associates are disrupting the traditional security models. This presents new challenges in restricting access to financial and competitive information, and ensuring business continuity. The problem is compounded by the imperative to protect the brand, safeguard customer data, and to comply with regulations from government and payment processors.

The amount of personal information that customers entrust with retailers is increasing. Credit and debit card numbers, PINs, addresses and even shopping habits flow through a complex network of devices and IT services, from storefront to back office and on to payment processors and business partners. This wealth of information is attracting the attention of criminals who use sophisticated and diverse means to get to it. Retailers have become targets of advanced persistent threats (APTs): a series of well-financed, large-scale operations aimed at stealing large amounts of personal and financial information.

7 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

The magnitude of these challenges is large, but the questions are familiar: Who is the user requesting access? How to validate their identity? What is an appropriate level of access? When to assign and revoke access rights? Where to store information about users? How to counter persistent threats? And, possibly most importantly, “Who has access to what?”

The principles of Identity and Access Management apply to these expanding populations, but the current processes and systems, built to serve only corporate users, are no longer adequate. A set of new capabilities is required to successfully expand the number and the types of users, services and access models that make use of modern retail information systems, while reducing the threat of identity theft.

Section 2: Opportunity

Harness the Power of Identity-Centric Security Embracing identity-Centric Security is an opportunity to provide better service to associates, partners and customers, without major investments in IT personnel. These capabilities enable better user profile management, self-service, delegated administration, assurance of a user’s identity, simplified access between applications and consistent security controls across applications and access models.

Securing POS, store and corporate systemsCredit card payments, customer personal information, inventory, pricing and other sensitive data flow through thousands of POS systems, servers, applications and networking components, in the stores and corporate data centers. Retailers must protect this data against unauthorized access.

While the applications that process transactions may be secure, the servers where they are deployed need to be periodically serviced. A technician dispatched to a store requires the login information to the store systems, and often has access to accounts with elevated privileges. These administrators might be contractors connecting remotely to store systems or traveling service providers. They often work on their own, using shared or system accounts with elevated privileges. This introduces many security and compliance risks, because administrative action within a shared account cannot be traced to a single individual and may expose customer and payment information.

The number of servers and people involved make it difficult to safeguard and periodically change the all these passwords. Passwords are either known to a large number of people or left unchanged for long periods of time, or both, often in violation of regulations and corporate policies.

Privileged accounts are also a primary target for external attackers. Gaining access to a server with an administrator account allows criminals to install unauthorized software, copy entire databases (regardless of encryption) and covertly redirect data streams to be stolen later.

While password management can control access to privileged accounts, it does not address what happens after an administrator logs in. Without further controls, all administrators have the same privileges, from database administrator to web admin. This means that these administrators have more access than they need. In many cases, people need privileged access to only a single application or subset of system settings, but log in with system-wide administrative access.

8 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

What is needed are fine-grained controls over administrator actions, so that each admin can do no more than their role requires, and only on the systems under their responsibility. These controls would include restrictions on what data they can access, as well as what system services they can control. This level of precise authorization can prevent installation of unauthorized programs, access to data outside an approved process and external network access—even by criminals who gained administrative access.

Store user managementTwo trends drive inclusion of store associates in Identity-Centric Management. First is associates’ use of corporate systems for HR, benefits, training and other management functions. Second is governance over in store systems that require unique login and defined permissions. These trends leave very few associates without some type of IT access.

In all but the smallest retail operations, management of associates’ access must be delegated outside the corporate office. Store or regional managers should be empowered to make decisions that impact new users, changes in user access and termination of access.

With the new capabilities in place, a store manager can hire a person, build an initial profile and assign a job function. Automation will route the user’s data through an approval and validation process that results in provisioning a set of access rights that correspond to the job function. If implemented with the right level of delegation, an associate can be provisioned with access to do the job with minimal involvement from Corporate IT, and without delay.

As associates authenticate against a corporate directory for internal access, their identity should be securely and seamlessly transferred to cloud or third-party providers, as they access those resources. When using mobile devices, contextual, multi-factor, risk-based authentication should be available for high-value transactions or upon access to sensitive applications.

Partner accessWorking with partner organizations, such as wholesale suppliers, vendors or institutional customers, involves granting access to individuals who work for the partners. These users need to be managed as individuals, but also tied to the relationships between the retailer and the partner. This requires active administration in both organizations to enable new users, terminate access and help ensure that any action taken by the individual user is sanctioned by the partner.

Figure 2:

Privileged accounts can have access that overrides security controls

Application Admin

End User Client or Browser

Presentation Service

Application Processing

Server O/S

Data Layer

Physical Storage

Virtualization Hypervisor

Database Admin Operations Admin

9 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

Capabilities in Identity Federation and Delegated Administration simplify the management effort on both sides by making the partner responsible for the user accounts that can act on its behalf. Delegated Administration segments the partner’s users from the rest of the population and provides an interface to manage the reduced scope of users (with optional workflow and approval). Federation allows partner users to authenticate locally with their organization, and gain trusted access to the retailer’s systems. When the user’s access is terminated on the partner side, access is no longer possible to the federated application, requiring no communication or action on the part of the retailer.

Assuring Customer IdentityRetailers face competitive pressure to offer more interactions with customers and increasingly obtain more marketing information through customer loyalty programs and connections to social networks. Customers, on the other hand, want to be certain that their personal information, email addresses and passwords are secure. Capabilities in advanced authentication and risk analysis help ensure the identity of customers connecting across types of devices and networks.

Today’s customers have already amassed a multitude of usernames and passwords, so retailers should only ask them to create new credentials for high-value transactions. Similarly, customer transactions that span multiple applications or branded websites within the retailer’s lines of business should be seamless. Customers should not be forced to create different user accounts or log in again to move from one web property to another, as part of the same shopping experience.

In the course of the relationship with the retailer, customers go through several phases, with increasing assurance of their identity:

Anonymous users can browse the publically available online catalog or corporate website. Anonymous browsing does not establish any relationship with the retailer and provides no value to marketing.

Registering users is a way to start a relationship, but many users are annoyed by being required to fill online forms and abandon transactions that require them to provide information, even when this would lead to personalized content or special offers. Retailers can simplify the registration process by taking advantage of profiles already created elsewhere. The user is prompted to log in with credentials from their preferred social network, and shares information with the retailer. While this information is valuable to marketing, it is often not reliable enough for financial transactions.

Validation of the user’s identity, shipping address and payment method is required before buying products and services. Depending on the value of the transaction and the business’ tolerance for risk, several degrees of identity assurance can be implemented, from using external payment processors to hosting payment processing in-house with additional registration and validation.

When a validated customer is connecting to the retailer’s website for an online transaction, characteristics of the user’s connection are measured and compared against rules that analyze the user’s location, device, authentication method, past patterns of access, and other data points. Retailers can also increase their confidence in the user’s identity through strong authentication, giving repeat customers the same level of assurance that they get from financial institutions, by registering trusted devices with a one-time passwords.

The end result is a degree of assurance in the customer’s identity that can reduce the use of other, more costly, fraud prevention techniques.

10 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

Section 3:

TechnologyCapabilities that make identities the center of security management rely on a set of technologies that together form a comprehensive IAM solution for the Retail sector:

Privileged Identity ManagementA large complex IT infrastructure often contains thousands of service and system accounts. Management of these accounts includes periodically rotating passwords, providing a way to share passwords and facilitate their use—all while maintaining security and confidentiality of sensitive information through fine-grained controls.

Processes that manage system or shared accounts must provide a simple Web interface where authorized users, based on their role, can gain access to a pre-approved set of accounts, request access to other accounts, or retrieve administrative passwords in an emergency. After the administrative operation is done, the password can be changed again automatically, keeping the account inaccessible until the next time it is needed. Users’ shared account sessions should also be recorded for later review.

Privileged accounts are often a prime target of external attacks. In addition to elimination of shared passwords, combating this threat must include fine grained access controls that scope down admin capabilities to the minimum required access (with more granularity than is available in the native operating system). These controls can help protect against unauthorized access to servers, data breaches and installation of malicious software.

Identity Management and GovernanceAll identities (associates, partners, customers) should be managed throughout their lifecycle, from initial on-boarding to termination of access. Identity Management should support processes for initiating changes from HR systems, managers, partner admins and other authorized sources. Any change goes through automation to validate and approve the request. Fulfillment of Identity Management may require assignment of access through automated provisioning or manual action. Finally, changes must be audited and periodically reviewed to certify that users have been given the right access.

For consumers in online transactions, Identity Management supports the transition from an unknown visitor to a trusted customer through self-registration, identity validation and profile maintenance.

Figure 3:

Social customer lifecycle

Anonymous user Registered user Validated user

11 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

Identity lifecycle management includes provisioning, delegated administration, role discovery and management, user self-service, and user activity reporting. Support of provisioning connectors to a wide range of enterprise applications is also essential. In addition, the entitlements of employees and partners should be validated on a continuous basis to ensure that each user still has the appropriate rights for their role.

Identity Governance includes processes and controls to facilitate this on an ongoing basis. For example, automated entitlements certification enables users’ managers, role owners, or resource custodians to periodically review and validate that current access is correct. Unnecessary access identified through a certification process can be quickly removed to reduce the organization’s security risk. Since many retail organizations have large employee populations that are highly geographically distributed, automating the process of access validation becomes especially important.

Identity Federation and Single Sign-OnRetail organizations often have complex partner and supply chain eco-systems, which require the secure sharing of information and access across enterprise boundaries. Internally, a large number of applications are used by associates to conduct business. Customers may also interact with more than one system across different lines of business, brands or partner networks. Identity federation and single sign-on enables secure and convenient access to information essential for the effective operation of partner networks, internal applications and e commerce platforms.

While providing users with the convenience of single sign-on, Web application deployment and administration is also made simple by connecting them to a platform that provides centralized authentication and authorization services, with the ability to become a cloud-broker service that federates across organizations.

Identity Federation should support widely-used protocols and standards for cross-domain authentication (such as SAML, OAuth, and OpenID). It should handle both incoming and outgoing federation with an easy way to manage partnerships between organizations and access to cloud applications.

Single Sign-on also includes common logging of authentication and secure connection of users to business applications. Since many applications are already part of the environment, the technology must provide a variety of integration methods into existing applications and a high-volume platform for processing permission rules in real time.

Advanced AuthenticationRetail organizations require a flexible but strong set of authentication capabilities to validate the identities of all their users. These capabilities should be lightweight, hassle-free, and available on mobile devices.

Advanced Authentication technology enhances Federation and Single Sign-On with risk analysis and device registration. When a user attempts to authenticate, a risk score is generated based on their location, time, day of the week, role, and possibly even their previous activity. For example, an authentication attempt originating from Eastern Europe for a user known to be based in Chicago would generate a high risk score.

12 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

The risk score can then be compared against predefined thresholds. If the authentication is determined to have higher risk, the user can be required to provide more information to prove their identity. If the risk score is extreme (like multiple connections in succession from a hack-prone location), the connection is dropped or redirected for investigation.

User DirectoryThe most basic function in Identity and Access Management is to hold and manage information about people. For internal populations it might include a personal identifier, organizational attributes, operational attributes and any other data that is used in the process of assigning access, or needs to be replicated to a production system. For external populations, information might also include the type of user, the security domain for authentication, and past patterns of access.

This foundational component is often missing in a retail environment, where records of different user populations are spread across separate user stores, attached to legacy applications or otherwise segmented. This prevents organizations from asserting the proper controls over identities, understanding their access and demonstrating governance. A user directory for the purpose of IAM can also provide a place to store operational data and hold the information required by internal and external services to determine appropriate access.

The user directory must be flexible enough to support the attributes for diverse user populations. It must also be scalable to millions of records, reliable with high-availability and fast enough to execute a high volume of transactions. In addition, it should be capable of guaranteeing local storage of sensitive data (to accommodate regulations that require user data to be stored within prescribed geographic boundaries), while presenting a unified view into the entire structure.

API Management and SecurityIn order to deploy cross-channel access models, and to facilitate new business services, organizations need to provide access to data, through APIs to internal and external developers. Doing so securely will accelerate the creation of applications for devices and will allow development, along with business partners, of complementary services that create a more complete experience for customers.

To manage and control access to these APIs, an API security solution is essential. It secures access to specific APIs, and enables their use to be controlled based on security policies. A Developer Portal, with a catalog of available interfaces and methods, enables developers to obtain and share information on APIs, to test out their use, and to port applications across platforms.

13 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

Section 4: Benefits

Support Key Business GoalsThe competitive nature of the retail industry pushes everyone in the organization to do better: to innovate, to reach new markets and new customers, and to cut costs. The reliance on technology to conduct business is the reality. IT organizations need the benefits provided by Identity-Centric Security in order to support the goals of the business, increase customer loyalty, react quickly to new initiatives and help ensure that key information assets comply with regulations, and are secured to industry standards.

Grow the Business: Deliver New Business ServicesMarketing and business development are tasked with bringing more customers and opening new markets. New initiatives often include a new application, new ways to communicate with target demographics and obtaining more data on customers and their buying habits. Application deployment is always urgent and security considerations, especially the need to validate and authorize users, are seen as slowing down the business.

Retail IT can get ahead of fast moving requirements by adopting a platform for Identity-Centric Security that provides flexibility in authentication methods, centralized authorization, shared account management, identity federation, and access governance as core capabilities, along with broad platform support including mobile. In addition, a broad range of IAM capabilities in on-premise, cloud, or hybrid environments helps provide the business agility that retail organizations require. These capabilities help enable new initiatives, can quickly plug new services into the platform and instantly connect users with existing services across access channels.

Figure 4:

Technology capabilities in context

API Management

Advanced Authentication

Used Store

Identity Management and Governance

Privileged Identity Management

Single Sign-On

14 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

Increase Efficiency: Secure the Mobile, Cloud-Connected EnterpriseManaging access in a retail environment is especially complex. Internally, the organization is often geographically dispersed; the work force is dynamic with high turnover, and associates move between several functions in the course of a day. Systems and applications are often misaligned with the business, presenting multiple points of account administration for a single job function. These factors can cause delays and complexity in access assignments, and can negatively impact store operations, affecting the level of customer service.

When deployed in a retail environment, Identity-Centric Security becomes a platform for delegating the management of users and their access: user onboarding is quicker and off-boarding can be immediate. Managers can respond to changing demands in the assignment of functions in the store. Associates can access multiple applications without repeatedly authenticating. The organization can confidently adopt the use of cloud platforms to conduct business. The result is increased efficiency and productivity, as well as increased ability to react quickly to changing market conditions.

Protect the BusinessAs an industry based on financial transactions, and increasingly involved in the collection of customers’ personal information, retail is trusted to maintain the highest standards of security. In this competitive industry, the integrity of the brand is of immense importance, and the regulation of privacy and payment processing are prescriptive. From Point-of-Sale to back office operations and from corporate to externally-facing applications, governance of access to the IT infrastructure forms the foundation of proper security controls.

Identity-Centric Security helps protect the business by helping ensure accountability, with reliable identification of the person responsible for a transaction. Whether identifying a loyal customer or an administrator that requires access to sensitive data, asserting user identity is the first step in security. When the identity is known, it’s easier to follow other security practices: least privilege, reporting and auditing, authorization, timely removal of access and addressing persistent threats.

15 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT ca.com

Section 5: Conclusion

Innovation and Leadership through Identity-Centric SecurityFor retailers, Identity and Access Management adds real business value, beyond the obvious benefits of security and compliance. As more services are deployed online, on mobile and in the cloud, Identity and Access Management is a central element in customer satisfaction and the ease of doing business.

IT organizations in the retail industry should support, innovate and lead the charge through adoption of a complete set of technologies that improve the quality of service for associates, partners and customers, reduce the risk to the organization and enable business to run better.

Figure 5:

Business benefits Deliver Secure New Business Services

Secure The Mobile, Cloud-Connected Enterprise

Protect Against Insider Threats and Internal Attacks

16 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

Connect with CA Technologies at ca.com

Agility Made Possible: The CA Technologies AdvantageCA Technologies (NASDAQ: CA) provides IT management solutions that help customers manage and secure complex IT environments to support agile business services. Organizations leverage CA Technologies software and SaaS solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to the cloud. CA Technologies is committed to ensuring our customers achieve their desired outcomes and expected business value through the use of our technology. To learn more about our customer success programs, visit ca.com/customer-success. For more information about CA Technologies go to ca.com.

Section 6:

About the AuthorTsvi Korren, CISSP, has been an enterprise IT professional for 20 years with background in business process consulting in large organizations. He is currently a Sr. Principal Consultant with CA Technologies, working with retail customers to align IT with business goals through adoption of Identity and Access Management practices.

Copyright ©2014 CA. All rights reserved. Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document “as is” without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. CS200-61604_0314