Enabling business is what strategic security is all about.

Right now, 46 per cent of CSOs spend up to a third of their day just analyzing security event reports. That's not the way to maximize value to the organization -- and it needs to change.

A comprehensive, modular, integrated and scalable Identity and Access Management (IAM) solution will free up time and resources for strategic initiatives.

Let me talk for a few minutes on how we see IAM at CA.

The IAM solution must offer broad coverage across applications and platforms, including legacy, distributed and Web environments.

To be more strategic there are a whole host of security processes and functions that must be automated. You must find technology solutions to resolve every one of these issues, because the alternative is unacceptable. A CSO cannot afford to become bogged down in managing passwords. That's not an effective use of time and resources.

Instead, the CSO should be deeply engaged in understanding the lines of business and devising ways to use security to increase efficiency and drive profitable growth.

That's what strategic security is all about.

At the same time, an IAM solution that offers automation, controls and proof of controls enables continuous and sustainable regulatory compliance.

Automation and the centralization of identity management drives down costs and improves efficiency.

Finally, business performance improves because you can be more responsive to competition and the experience of your customers and partners is vastly strengthened.

As companies migrate to software-as-a-service, the demands on the CSO will continue to evolve. Greater agility in responding to customer needs will be essential and an ever deeper interaction with the business will be the norm.

Let me show you how this can work in a real world situation...

Customer case history

We all know MasterCard. Some of us couldn't get through the day without it. MasterCard Worldwide is a CA client.

With over US$3 billion in revenue, MasterCard relies on a complex IT environment to enable its financial services business, running mainframes, large Unix server farms, HP NonStop servers, Microsoft Windows servers and a wide variety of Web servers.

Tom Compas, MasterCard's senior security professional, notes that the company faced a huge security challenge: its 5,000-person staff equated to about 200,000 discreet identities across the organization in different systems. There was no single, automated process for managing them. The company was using everything from homegrown workflow systems to specialized access databases.

"The population of our internal IDs was growing by approximately 30 per cent a year," Compas said. "We had to simplify and automate to keep pace with business dynamics."

That's where CA came in. By using CA Identity Manager, the company went to a role-based access control model, which reduced complexity.

But that's not where the benefits ended. Even more important, according to Compas, was increased responsiveness. Whereas it used to take about 10 days to provision a new employee with full access privileges, automation closed that timeframe down to about a day. Just as critical, when an employee leaves the company an automatic feed to Human Resources, enables access to be removed immediately -- eliminating a potentially serious security risk.