I must confess, to my shame, that some 20 odd years ago during a presentation, I made a joke about a company called Computer Associates in the certain knowledge that the audience would all appreciate it and join in the fun. And they did. Afterwards, a sales rep from the company explained, in no uncertain terms, why he felt upset at my comments. And after our conversation concluded, two or three members of the audience came up to me and said how they were absolutely sure my comments were completely fair, and he must have had a sense-of-humour bypass.
But that all seems like a different age. I certainly wouldn’t make jokes about CA now, and if I did, I certainly wouldn’t have any confidence that the audience would laugh along with me. Why? Because CA is now one of the most exciting and innovative companies in the mainframe arena. It may still be hard to e-mail any of their staff because of the settings on their spam filters, but they are definitely moving the mainframe forward.
Their latest announcement is called CA Compliance Manager for z/OS, which it claims is the first platform-resident solution to provide real-time automated policy management of security and compliance events across the IBM z/OS environment and mainframe security subsystems – including CA ACF2, CA Top Secret, and IBM RACF.
In their press release, they rightly say that until now, IT organizations have primarily verified compliance with operational policies by manually checking historical data against their current security implementation – a time-consuming and costly approach that exposes IT organizations to increasing risk as regulatory pressures continue to escalate.
They go on to say that CA Compliance Manager for z/OS addresses this problem through automated monitoring, real-time alerting, and historical reporting. Its automated intelligence is especially important as mainframe environments are made increasingly complex by growing workloads – and as mainframe management tasks are passed on to a new generation of IT professionals with less experience on the z/OS platform.
Getting down to the details, they tell us that CA Compliance Manager detects and records changes that impact security policy – including modifications to CA ACF2, CA Top Secret, and IBM RACF configurations, operating system security configurations, and selected PDS/PDSE datasets. These changes are automatically validated against customer-defined security policies, so that IT organizations can readily discover and act on even the most subtle policy violations.
In addition, the entire audit trail generated by CA Compliance Manager for z/OS is retained on the mainframe, enabling mainframe staff to retain control of compliance data and to enhance the scalability of their compliance database.
At the same time, CA announced new versions of CA ACF2 and CA Top Secret, which work with CA Compliance Manager to provide a single view of compliance for the mainframe. Enhancements in r14 of both products include exploitation of z/OS 1.10 features, role-based administrative grouping, data classification, resource ownership, and enhanced digital certificate management services using the Distributed Security Integration (DSI) Server.
CA ACF2 and CA Top Secret also are designed to enable organizations to run compliance reporting without impacting the performance of their security environments by transferring security file contents to a mainframe relational database, which can then run both out-of-the-box and ad hoc compliance reports.
It just seems that CA are moving mainframe software forward at the moment rather than simply enhancing existing programs. I look forward to seeing what they do next – and no more jokes.