Computer Associates has acquired an advanced mainframe identity and access management product that automatically tracks down and removes obsolete, unused and rogue user IDs and access rights.
CA bought the technology from information security specialist InfoSec for an undisclosed sum.
The solution, which CA has branded eTrust Cleanup, helps customers cope with the increased complexity of identity and access management, which is being fuelled by government regulations, consumer privacy requirements, and internet-based hacking and virus attacks.
eTrust Cleanup helps organisations comply with regulatory, statutory and audit requirements, including Sarbanes-Oxley and Basel II. CA is adding the solution to its eTrust Admin for distributed platforms line.
"When it comes to securing critical corporate information assets, deprovisioning of access rights is clearly as critical as provisioning," said Toby Weiss, CA senior vice-president of eTrust security management.
"With eTrust Cleanup, CA customers can automate their deprovisioning processes and thereby eliminate a significant source of potential exposure."
Meta Group analyst Earl Perkins said organisations typically assigned staff an average of 16 IDs to access critical applications during their employment, but that only 10 of those IDs were removed when they left the company.
Unused, obsolete and excessive user IDs and access rights can also accumulate as a result of changes in employee responsibilities, one-time access requests and the hiring of independent consultants and contractors.