Skip navigation
All Places > CA Security > Blog > Authors kumni04

CA Security

3 Posts authored by: kumni04 Employee

Goal #3: Developing Standardized, Reusable Components


In our journey so far, we’ve discussed how to achieve our first two goals in building an IAM operations software factory, simplifying application onboarding and creating an enterprise IAM framework. In this blog, I will cover goal #3—developing standardized reusable components.


Having standardized reusable components makes your IAM factory agile and efficient. However, since they are more complex than cookie-cutter components, standard reusable components require proper planning, strategy and investment in resources and funds. Surprisingly enough, many IAM stakeholders fail to leverage this goal—some are too busy meeting tactical objectives while others put it in a backlog that may or may not ever be acted on.


One thing is for certain: In a medium to large IAM operations environment, not using standardized, reusable components becomes very expensive in the long term.


So why not nip that expense in the bud? The sooner you get started, the more you’ll save. I highly recommend developing these artifacts and components in a reusable and extensible manner:

  • Design documents
  • Operations manuals
  • Integration modules
  • Data definitions
  • User interfaces
  • Business logic
  • Workflow
  • APIs


Once you take the plunge in developing reusable components, it’s important to adhere to relevant industry practices so that you meet corporate compliance needs across all facets of your organization. This leads us to create standards that all parties must follow to ensure optimal development and faster value realization for everyone involved.


Why are these standards so important? Simply put, reusable components without standardization lead to chaos when trying to achieve the desired outcomes: efficiencies, synergies and cost savings. And when you develop standards for reusable components, you’ll soon realize that your organization is growing in operational maturity.


Here are some examples of standardized reusable components. One is a generic five-step workflow with escalations and exceptions that can be used for all business processes, from the most simple to the most complex. Another is a standardized set of data and web services definitions that can be used to integrate business applications such as ERP systems and mainframe with your HR systems and CA Identity Suite. This can be done either directly or by using policies developed for CA API Gateway, thus giving you low-code reusable options for business process integration.


As I mentioned in my first post in this series, developing standardized reusable components is a tremendously useful capability to achieve and sustain. Think of it as creating a portal and enchanting your inventory items in Minecraft to defeat ender dragon. And once you’ve achieved goal #3, it will be so much easier to accomplish our last two goals: agile devOps and automation. Stay tuned!

Goal #2: Create an Enterprise IAM Framework


Hello IMAG Jedis, and to all my French IMAG Jedis, congratulations on winning the 2018 FIFA World Cup!


In this leg of our journey to build an IAM operations software factory, we’ll tackle Goal #2, creating the heart, soul and brain of your factory—the enterprise IAM framework. For those who missed it, Goal #1 can be found here.


An enterprise IAM framework is an organized and governed set of solutions, tools, integrations and processes that comply with one or more defined regulatory standards to support:

  • Identity life cycle management
  • User information repositories
  • Authentication
  • Authorization


So how do you build an IAM framework? There’s no secret here: Either you get a top security architect locked in a room with a bunch of awesome developers or you adopt an industry-leading security solutions portfolio of products such as CA Identity Suite, CA SSO, CA Advanced Authentication, CA Directory and CA API Gateway.


It’s essential to know that user data protection is of utmost importance, since it covers a broad spectrum of data from personally identifiable information to information about assets such as financial instruments. This brings us to two other important aspects of the IAM framework: identity life cycle management (ILCM) and user information repositories (UIRs). These are closely tied to each other, since UIRs are enablers of all existing ILCM solutions. Your IAM framework must support applicable regulatory needs (PII, PCI, SOX, GDPR, etc.) while managing the identity life cycle across all UIRs. The IAM framework must also maintain a fully secured audit trail of all its transactions (yeah, it can be done the legacy, blockchain or hashgraph way). Note that it is not just creation and maintenance of identities that are important—a compliant purge of identity and related information is a must, too.


Next up are authentication and authorization. Your IAM framework must have capabilities to support multi-factor authentication (MFA) and single sign-on (SSO). Modern enterprises rely heavily on both MFA and SSO to provide the much-needed optimal customer experience (CX) and trustable security. That requires the IAM framework to manage different forms of credentials in its own repository and in other commercial off-the-shelf (COTS) products. Provisioning and management of entitlements across business applications using an access request capability powered by a workflow enabler is essential to an IAM framework’s ability to meet authorization needs.


IAM frameworks have evolved and will continue to evolve. For instance, with widespread adoption of the Internet of Things (IoT), I see IAM frameworks evolving to support the IoT as well. Enabled by secure APIs (SAPI), enterprise IAM frameworks may very well evolve to comprise:

  • Endpoint-anchored, multi-property-based identity authentication
  • Workflow-enabled seamless authorization for applications
  • Token management for delegated and federated user information


More on the future of IAM frameworks in an upcoming post. Before I go there, let me repeat what I said in my first post about the IAM operations software factory: Simplified application onboarding and an enterprise IAM framework can’t by themselves provide the efficiency we seek. We also need standardized, reusable components—a tremendously useful capability, akin to creating a portal and enchanting your inventory items in Minecraft to defeat ender dragon. Stay tuned for my next post on that very topic.


Until then, I look forward to your hearing from you all.

Identity and access management (IAM) operations are typically complex and challenging. IAM operations, from security to governance, require careful consideration, planning and execution to orchestrate them in unison with business objectives.


Challenging they may be, but also worthwhile. When done right, IAM operations can significantly enhance your customer experience (CX) in support of overall business processes. That said, in the real world—your world—you have your own version of IAM operations, which you’ve gone to significant extremes to keep running like a Tesla in ludicrous mode. Kudos!!!


So now the question is, how can we improve your IAM ops? If you have a roadmap for success, how about taking it to next level by setting up a software factory—introducing agility and setting the stage for automation? Yes, the death of Moore’s Law is already proving beneficial. In this series of blogs, I will discuss setting up a software factory for your world—IAM operations.


At the core of IAM ops is an IMAG solution such as CA Identity Suite that’s integrated with your applications, directories and databases (known as endpoints in CA Identity Suite lingo). Endpoint integration is called application onboarding, a process that involves understanding use cases and integration aspects and then integrating the application into your IAM framework. Doing this at an enterprise scale gets complicated when working with applications that can be managed by an IMAG solution’s OOTB connectors and legacy applications that don’t provide integration interfaces. Managing identities, accounts and access for these applications and having proper governance creates silos in operations that lead to non-compliance to regulations and indirect operations costs. This leads us to our first goal when establishing a software factory for your world: Simplify application onboarding.


Next up is the challenge of creating an enterprise IAM framework that supports security and compliance needs without having to deal with performance issues that impact your CX. This framework should be simple and extensible, and it should support all types of users and their business needs as well as business operations. So the second goal of our software factory is to create an enterprise IAM framework.


But simplified application onboarding and an enterprise IAM framework can’t by themselves provide the efficiency we seek. What’s missing? If we look carefully, we soon realize that we need standardized, reusable components—a tremendously useful capability to achieve and sustain, akin to creating a portal and enchanting your inventory items in Minecraft to defeat ender dragon. So our third goal is standardized, reusable components.


Taking inspiration from Elton John’s “This Train Don’t Stop There Anymore,” I suggest that we need an agile train—a train that keeps chugging, helping us to expand the footprint of your world to as many applications, directories and databases as possible and that copes with operational overheads like version control, upgrades, break fixes, enhancements and releases. May the fourth (goal) be with you: agile devOps.


The last (but not least important) aspect of the software factory is automation that permits collaboration of software in support of business processes. While not everything can be automated right now, we must explore and implement (where possible) automation in your world’s software factory—monitoring, notifications, simple deployments and simple defect resolutions. Our fifth goal: automation.


In upcoming blogs, I will discuss each goal in more detail. Until then, feel free to let me know if you have identified other goals for the software factory in your IAM operations world. 


Related information: CA Services Security Catalog