CA Southern Africa updates security token exchange

CA Southern Africa has introduced an update to its previously launched token replacement program

CA Southern Africa has introduced an update to its previously launched token replacement program that offers customers using any security hardware token the opportunity to trade their tokens for CA ArcotID secure software credentials in a one-for-one swap.

For each hardware token, CA Technologies will provide a three-year enterprise licence for the CA ArcotID software credential, including the CA Arcot  WebFort authentication server. The only cost to the customer making the switch is maintenance. This offer is in effect until 30 September 2011.

“Hardware tokens are a security mechanism whose time has expired,” says Ugan Naidoo, CA Southern Africa head of security.

“Carrying an additional key fob or device for today’s increasingly mobile workforce is inconvenient and impractical and the difficulty of remediation in case of a hardware token breach is overwhelming, says Naidoo.

“The risk of hardware token problems was highlighted recently when RSA, a leading, international authentication product vendor, suffered a major breach related to their SecurID authentication products. Recently, several major companies including Lockheed and L3 have suffered attacks as a result. About 30 000 banks, corporations and government agencies worldwide currently use the SecurID system (over 40 million tokens) to protect critical applications and data.”

CA ArcotID product already has over 30 million users and offers increased flexibility and simplicity of deployment, while providing unsurpassed security.

“We have seen increased interest in the CA ArcotID secure software credential,” says Naidoo.

“Companies are re-evaluating their reliance on hardware tokens for authentication and consider software credentials as a superior alternative.

“There are significant advantages to using the CA ArcotID secure software credential versus standalone hardware tokens for advanced authentication.

“These include simple deployment and management, flexibility and uncompromised security.”

The CA ArcotID software credential can be easily and securely downloaded and deployed using patented cryptographic camouflage technology. This is more efficient than hardware token which must be manufactured, physically distributed to the customer site and then delivered to the end-user.

In addition, in the event of a security breach, a software-based authentication approach provides a speed advantage by allowing organisations to immediately reset the credential.

Users would then self-provision a new private key the next time they log in. If a hardware token is compromised, the situation requires deploying a new token, which requires the vendor’s assistance and could be a costly, time-consuming and inefficient process.

“The CA ArcotID software credential works across multiple applications and environments and it scales to support millions of users,” says Naidoo.

“Organisations also have the flexibility to store the CA ArcotID software credential on any supported client device, such as a PC, notebook, tablet device or smartphone.

“The software credential combines a standard digital certificate with patented cryptographic camouflage private key concealment technology to allow users to authenticate securely. In addition, each organisation creates, manages and stores its own private keys for all its CA ArcotID users. CA Technologies holds no information about any individual software credentials, thereby reducing the risk of compromising customer data.”

Staff Writer