WHITE PAPER | MARCH 2014

Improving Security for

Retail with Identity and
Access Management
Tsvi Korren
CA Security Management

2 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

Table of Contents

ca.com

Executive Summary

Section 1:
The Growing Diversity in Users, Applications and Access Channels

Section 2: Opportunity
Harness the Power of Identity-Centric Security

Section 3:
Technology

10

Section 4: Benefits
Support Key Business Goals

13

Section 5: Conclusion
Innovation and Leadership through Identity-Centric Security

15

Section 6:
About the Author

16

3 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

Executive Summary
Challenge
The retail industry is extremely competitive. Retailers today are focused on improving the traditional
shopping experience and stretching profit margins, while finding innovative ways to attract new
customers and grow revenue. The retail business itself is increasingly driven by technology: where
associates, customers and vendors are empowered to access information and make decisions on their
own. The transition from the physical store to the Web store is now overshadowed by the imperative
to offer services on mobile platforms, through social networks and in the cloud. The convenience,
quality and effectiveness of these new tools are becoming a competitive differentiator, making it
possible for retailers to have better, longer-lasting relationships with their customers. Large-scale
incidents of compromise or theft of customer personal or financial information make the headlines,
but even small-scale attacks can cause significant financial and organizational damage, erasing years
of work building customer trust. Identity-Centric Security is a pivotal part of the technology solutions
aimed at making retail more efficient, secure and competitive.

Opportunity
The challenges of 21st century retail are an opportunity for companies to adapt and embrace
technology platforms that create business value. Using practices that put user identities in the center
of the security model, we can confidently extend secure business services through new channels, to
the mobile consumer and over the internet. Doing so confidently, with safeguards that prevent
unauthorized access to customer information, strengthens the relationship and trust between store
and customer. The same model will also make a retailers internal IT environment more effective by
managing the dynamic access needs of associates.

Benefits
The benefits of Identity-Centric Security can be felt throughout the retail business, with IT helping to:
Quickly deploy new e-commerce services, and provide a compelling and secure experience, across
access models, that turn marketing demographics into customers.
Empower associates to access information and the tools to do their job, across on-premise and
cloud environments, from any authorized device or location.
Protect customer data from insider threat and external targeted attack.
Reduce the effort of security administration in an organization that has high turnover, distributed
management and a large number of remote locations.

4 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

Section 1:

The Growing Diversity in Users, Applications and

Access Channels
Like many organizations, retailers have traditionally focused on processes that support Identity and
Access Management (IAM) for corporate users and associates, on a set of internally-hosted platforms.
After the rise of open systems and Internet shopping, attention was diverted to customers and the
implementation of e commerce platforms. Recent trends in cloud and mobile adoption push the
business to provide associates, customers and external partners with access to an increasing number
of services. Allowing secure and appropriate access to diverse users across the various models (web,
mobile, on-premise, and cloud) is a major challenge for IT Security organizations.

Diversity in User Populations

The reality today is that almost anyone involved in commerce is a user of some IT services.
Businesses that recognize this fact are finding it possible to personalize customer interaction, record
vital metrics on the health of the business and improve associate productivity from the storefront, to
the sales floor, to customer service centers.
Information systems in a typical retailer serve several distinct user populations, each with its own
characteristics and needs:
Corporate users with distinct job functions, who access many applications from an assigned
personal computer. These users are similar to internal users in most organizations. They are
managed for full time, long-term employment.
Specialty users in stores, branches, warehouses and other remote locations. These users have
distinct job functions, access to some corporate-wide applications, as well as local systems. They
are managed for long-term employment.
Associates and personnel in remote locations, who often do not have access to corporate-wide
applications, and may have limited access to local POS or inventory systems. These users are often
part-time or temporary, and may change several job functions in the course of a day.
Users in business partners, suppliers and large customers, who are not employed by the retailer, but
may have access to a set of externally-facing applications.
Consumers and other transient users, who may engage in just a single transaction, or be loyal
customers with an account, a profile and a history of repeat business.
In many organizations, this growth was a haphazard reaction to market needs, with little regard to
integration or an overall user experience (in some cases without participation of Corporate IT). This
resulted in silos of access, managed by different parts of the organization, with different user
authentication standards, and varying degrees of security.

5 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

Customers who need access to transactions that include buying online, recording loyalty points,
tracking shipment and return at the physical store may need to traverse several websites, sometimes
with different authentication, and provide the same information several times. Associates who have
access to several applications may need to remember and input several forms of authentication.
As competition has grown, retailers recognized that user access and identity management are a
pivotal part of the customer experience. At the same time, software rationalization initiatives are
looking to find opportunities to consolidate and streamline common IT services. Corporate IT
departments, that used to provide identity and access management to hundreds of full-time
employees in a handful of locations, are now pressured to provide access to thousands of associates
and millions of customers in remote locations and from unknown networks and devices.
Figure 1:
Diversity in users,
services and access
channels

Consumer

Partner
User

Corporate
User

Store
Associate

Cloud
Platforms

E-Commerce
Platforms

Enterprise
Data

Store
Systems

Diversity in Applications and IT Services

The retail industry was an early adopter of automated platforms that manage inventory, point of
sale and accounting. Initially, these were monolithic mainframe or mid-range systems, running the
core of the business. Over time, the core of the business grew to include customer retention, online
transactions, shipping and marketing. Use of third party suppliers for indirect shipping, order
fulfillment or specialty services allows retailers to offer more services under the same brand, as
their platforms are added to the mix.
The single corporate computing platform has been replaced with an interconnected framework
of applications and services, running on a variety of IT resources, both inside and outside the
company network:

6 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

Point of sale is moving out of the register line and onto the sales floor, as associates use mobile
devices to interact and assist customers with their purchases.
Providers of branded services expose their applications in the cloud and make them available with
varying degrees of integration.
General corporate functions like human resources, benefits, education, travel, performance
management and facilities management run on multiple applications, some cloud-based.
Marketing and customer retention programs based on social networking and social media make use
of public services to analyze customer data.
Distributed computing places servers and applications onsite at the store or warehouse, where
software runs independently from central corporate IT.

Diversity in Access Models

The number of ways in which consumers interact with retail organizations continues to grow. Visiting
a physical store or using a website or mobile applications are among the channels of interaction that,
put together, form the totality of the customer experience. In order to capture and retain these
customers across channels, organizations need to provide a convenient, intuitive, and consistent
experience. Similarly, associates and partners need to interact with the same data over a variety of
devices: in the store, on the road or at a warehouse. Associates may also need to complete a
customer transaction that started online, or contend with comparison shopping over mobile devices.
Effective cross-channel security requires solutions that enable applications for one channel (Web) to
be easily modified for other channels (mobile) without re-architecting the underlying security
capabilities or requiring cumbersome registration, login, or other security processes.
Channels of access may include:
In store interaction with associates or automated kiosks
Full website for computers and tablets
Mobile website for phones and smaller devices
Mobile applications for a variety of tablets and phones platforms
Devices used by associates, from full terminals to handheld scanners

The Security Challenge

Connecting external users to internal data and providing cloud services to associates are disrupting the
traditional security models. This presents new challenges in restricting access to financial and competitive
information, and ensuring business continuity. The problem is compounded by the imperative to protect the
brand, safeguard customer data, and to comply with regulations from government and payment processors.
The amount of personal information that customers entrust with retailers is increasing. Credit and debit
card numbers, PINs, addresses and even shopping habits flow through a complex network of devices
and IT services, from storefront to back office and on to payment processors and business partners. This
wealth of information is attracting the attention of criminals who use sophisticated and diverse means
to get to it. Retailers have become targets of advanced persistent threats (APTs): a series of wellfinanced, large-scale operations aimed at stealing large amounts of personal and financial information.

7 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

The magnitude of these challenges is large, but the questions are familiar: Who is the user requesting
access? How to validate their identity? What is an appropriate level of access? When to assign and
revoke access rights? Where to store information about users? How to counter persistent threats?
And, possibly most importantly, Who has access to what?
The principles of Identity and Access Management apply to these expanding populations, but the
current processes and systems, built to serve only corporate users, are no longer adequate. A set of
new capabilities is required to successfully expand the number and the types of users, services and
access models that make use of modern retail information systems, while reducing the threat of
identity theft.

Section 2: Opportunity

Harness the Power of Identity-Centric Security

Embracing identity-Centric Security is an opportunity to provide better service to associates, partners
and customers, without major investments in IT personnel. These capabilities enable better user
profile management, self-service, delegated administration, assurance of a users identity, simplified
access between applications and consistent security controls across applications and access models.

Securing POS, store and corporate systems

Credit card payments, customer personal information, inventory, pricing and other sensitive data flow
through thousands of POS systems, servers, applications and networking components, in the stores
and corporate data centers. Retailers must protect this data against unauthorized access.
While the applications that process transactions may be secure, the servers where they are deployed
need to be periodically serviced. A technician dispatched to a store requires the login information to
the store systems, and often has access to accounts with elevated privileges. These administrators
might be contractors connecting remotely to store systems or traveling service providers. They often
work on their own, using shared or system accounts with elevated privileges. This introduces many
security and compliance risks, because administrative action within a shared account cannot be
traced to a single individual and may expose customer and payment information.
The number of servers and people involved make it difficult to safeguard and periodically change the
all these passwords. Passwords are either known to a large number of people or left unchanged for
long periods of time, or both, often in violation of regulations and corporate policies.
Privileged accounts are also a primary target for external attackers. Gaining access to a server with an
administrator account allows criminals to install unauthorized software, copy entire databases
(regardless of encryption) and covertly redirect data streams to be stolen later.
While password management can control access to privileged accounts, it does not address what
happens after an administrator logs in. Without further controls, all administrators have the same
privileges, from database administrator to web admin. This means that these administrators have
more access than they need. In many cases, people need privileged access to only a single
application or subset of system settings, but log in with system-wide administrative access.

8 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

What is needed are fine-grained controls over administrator actions, so that each admin can do no
more than their role requires, and only on the systems under their responsibility. These controls
would include restrictions on what data they can access, as well as what system services they can
control. This level of precise authorization can prevent installation of unauthorized programs, access
to data outside an approved process and external network accesseven by criminals who gained
administrative access.
Application Admin

Figure 2:

Database Admin

Operations Admin

Privileged accounts
can have access
that overrides
security controls

End User

Client or
Browser

Presentation
Service

Application
Processing

Server
O/S

Data
Layer

Virtualization Physical
Hypervisor
Storage

Store user management

Two trends drive inclusion of store associates in Identity-Centric Management. First is associates use
of corporate systems for HR, benefits, training and other management functions. Second is
governance over in store systems that require unique login and defined permissions. These trends
leave very few associates without some type of IT access.
In all but the smallest retail operations, management of associates access must be delegated
outside the corporate office. Store or regional managers should be empowered to make decisions that
impact new users, changes in user access and termination of access.
With the new capabilities in place, a store manager can hire a person, build an initial profile and
assign a job function. Automation will route the users data through an approval and validation
process that results in provisioning a set of access rights that correspond to the job function. If
implemented with the right level of delegation, an associate can be provisioned with access to do the
job with minimal involvement from Corporate IT, and without delay.
As associates authenticate against a corporate directory for internal access, their identity should be
securely and seamlessly transferred to cloud or third-party providers, as they access those resources.
When using mobile devices, contextual, multi-factor, risk-based authentication should be available for
high-value transactions or upon access to sensitive applications.

Partner access
Working with partner organizations, such as wholesale suppliers, vendors or institutional customers,
involves granting access to individuals who work for the partners. These users need to be managed as
individuals, but also tied to the relationships between the retailer and the partner. This requires active
administration in both organizations to enable new users, terminate access and help ensure that any
action taken by the individual user is sanctioned by the partner.

9 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

Capabilities in Identity Federation and Delegated Administration simplify the management effort on
both sides by making the partner responsible for the user accounts that can act on its behalf.
Delegated Administration segments the partners users from the rest of the population and provides
an interface to manage the reduced scope of users (with optional workflow and approval). Federation
allows partner users to authenticate locally with their organization, and gain trusted access to the
retailers systems. When the users access is terminated on the partner side, access is no longer
possible to the federated application, requiring no communication or action on the part of the retailer.

Assuring Customer Identity

Retailers face competitive pressure to offer more interactions with customers and increasingly obtain
more marketing information through customer loyalty programs and connections to social networks.
Customers, on the other hand, want to be certain that their personal information, email addresses
and passwords are secure. Capabilities in advanced authentication and risk analysis help ensure the
identity of customers connecting across types of devices and networks.
Todays customers have already amassed a multitude of usernames and passwords, so retailers
should only ask them to create new credentials for high-value transactions. Similarly, customer
transactions that span multiple applications or branded websites within the retailers lines of
business should be seamless. Customers should not be forced to create different user accounts or log
in again to move from one web property to another, as part of the same shopping experience.
In the course of the relationship with the retailer, customers go through several phases, with
increasing assurance of their identity:
Anonymous users can browse the publically available online catalog or corporate website. Anonymous
browsing does not establish any relationship with the retailer and provides no value to marketing.
Registering users is a way to start a relationship, but many users are annoyed by being required to fill
online forms and abandon transactions that require them to provide information, even when this
would lead to personalized content or special offers. Retailers can simplify the registration process by
taking advantage of profiles already created elsewhere. The user is prompted to log in with
credentials from their preferred social network, and shares information with the retailer. While this
information is valuable to marketing, it is often not reliable enough for financial transactions.
Validation of the users identity, shipping address and payment method is required before buying
products and services. Depending on the value of the transaction and the business tolerance for risk,
several degrees of identity assurance can be implemented, from using external payment processors
to hosting payment processing in-house with additional registration and validation.
When a validated customer is connecting to the retailers website for an online transaction, characteristics of
the users connection are measured and compared against rules that analyze the users location, device,
authentication method, past patterns of access, and other data points. Retailers can also increase their
confidence in the users identity through strong authentication, giving repeat customers the same level of
assurance that they get from financial institutions, by registering trusted devices with a one-time passwords.
The end result is a degree of assurance in the customers identity that can reduce the use of other,
more costly, fraud prevention techniques.

10 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

Figure 3:
Social customer
lifecycle
Anonymous user

Registered user

Validated user

Section 3:

Technology
Capabilities that make identities the center of security management rely on a set of technologies that
together form a comprehensive IAM solution for the Retail sector:

Privileged Identity Management

A large complex IT infrastructure often contains thousands of service and system accounts.
Management of these accounts includes periodically rotating passwords, providing a way to share
passwords and facilitate their useall while maintaining security and confidentiality of sensitive
information through fine-grained controls.
Processes that manage system or shared accounts must provide a simple Web interface where
authorized users, based on their role, can gain access to a pre-approved set of accounts, request access
to other accounts, or retrieve administrative passwords in an emergency. After the administrative
operation is done, the password can be changed again automatically, keeping the account inaccessible
until the next time it is needed. Users shared account sessions should also be recorded for later review.
Privileged accounts are often a prime target of external attacks. In addition to elimination of shared
passwords, combating this threat must include fine grained access controls that scope down admin
capabilities to the minimum required access (with more granularity than is available in the native
operating system). These controls can help protect against unauthorized access to servers, data
breaches and installation of malicious software.

Identity Management and Governance

All identities (associates, partners, customers) should be managed throughout their lifecycle, from initial
on-boarding to termination of access. Identity Management should support processes for initiating
changes from HR systems, managers, partner admins and other authorized sources. Any change goes
through automation to validate and approve the request. Fulfillment of Identity Management may
require assignment of access through automated provisioning or manual action. Finally, changes must
be audited and periodically reviewed to certify that users have been given the right access.
For consumers in online transactions, Identity Management supports the transition from an unknown
visitor to a trusted customer through self-registration, identity validation and profile maintenance.

11 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

Identity lifecycle management includes provisioning, delegated administration, role discovery and
management, user self-service, and user activity reporting. Support of provisioning connectors to a
wide range of enterprise applications is also essential. In addition, the entitlements of employees and
partners should be validated on a continuous basis to ensure that each user still has the appropriate
rights for their role.
Identity Governance includes processes and controls to facilitate this on an ongoing basis. For
example, automated entitlements certification enables users managers, role owners, or resource
custodians to periodically review and validate that current access is correct. Unnecessary access
identified through a certification process can be quickly removed to reduce the organizations security
risk. Since many retail organizations have large employee populations that are highly geographically
distributed, automating the process of access validation becomes especially important.

Identity Federation and Single Sign-On

Retail organizations often have complex partner and supply chain eco-systems, which require the
secure sharing of information and access across enterprise boundaries. Internally, a large number of
applications are used by associates to conduct business. Customers may also interact with more than
one system across different lines of business, brands or partner networks. Identity federation and
single sign-on enables secure and convenient access to information essential for the effective
operation of partner networks, internal applications and e commerce platforms.
While providing users with the convenience of single sign-on, Web application deployment and
administration is also made simple by connecting them to a platform that provides centralized
authentication and authorization services, with the ability to become a cloud-broker service that
federates across organizations.
Identity Federation should support widely-used protocols and standards for cross-domain authentication
(such as SAML, OAuth, and OpenID). It should handle both incoming and outgoing federation with an easy
way to manage partnerships between organizations and access to cloud applications.
Single Sign-on also includes common logging of authentication and secure connection of users to
business applications. Since many applications are already part of the environment, the technology
must provide a variety of integration methods into existing applications and a high-volume platform
for processing permission rules in real time.

Advanced Authentication
Retail organizations require a flexible but strong set of authentication capabilities to validate the identities
of all their users. These capabilities should be lightweight, hassle-free, and available on mobile devices.
Advanced Authentication technology enhances Federation and Single Sign-On with risk analysis and
device registration. When a user attempts to authenticate, a risk score is generated based on their
location, time, day of the week, role, and possibly even their previous activity. For example, an
authentication attempt originating from Eastern Europe for a user known to be based in Chicago
would generate a high risk score.

12 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

The risk score can then be compared against predefined thresholds. If the authentication is
determined to have higher risk, the user can be required to provide more information to prove their
identity. If the risk score is extreme (like multiple connections in succession from a hack-prone
location), the connection is dropped or redirected for investigation.

User Directory
The most basic function in Identity and Access Management is to hold and manage information
about people. For internal populations it might include a personal identifier, organizational attributes,
operational attributes and any other data that is used in the process of assigning access, or needs to
be replicated to a production system. For external populations, information might also include the
type of user, the security domain for authentication, and past patterns of access.
This foundational component is often missing in a retail environment, where records of different user
populations are spread across separate user stores, attached to legacy applications or otherwise
segmented. This prevents organizations from asserting the proper controls over identities,
understanding their access and demonstrating governance. A user directory for the purpose of IAM
can also provide a place to store operational data and hold the information required by internal and
external services to determine appropriate access.
The user directory must be flexible enough to support the attributes for diverse user populations. It
must also be scalable to millions of records, reliable with high-availability and fast enough to execute
a high volume of transactions. In addition, it should be capable of guaranteeing local storage of
sensitive data (to accommodate regulations that require user data to be stored within prescribed
geographic boundaries), while presenting a unified view into the entire structure.

API Management and Security

In order to deploy cross-channel access models, and to facilitate new business services, organizations
need to provide access to data, through APIs to internal and external developers. Doing so securely
will accelerate the creation of applications for devices and will allow development, along with
business partners, of complementary services that create a more complete experience for customers.
To manage and control access to these APIs, an API security solution is essential. It secures access to
specific APIs, and enables their use to be controlled based on security policies. A Developer Portal,
with a catalog of available interfaces and methods, enables developers to obtain and share
information on APIs, to test out their use, and to port applications across platforms.

13 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

Figure 4:

ca.com

API Management

Technology
capabilities in
context

Advanced
Authentication

Single
Sign-On

Used Store

Identity Management
and Governance

Privileged Identity
Management

Section 4: Benefits

Support Key Business Goals

The competitive nature of the retail industry pushes everyone in the organization to do better: to innovate,
to reach new markets and new customers, and to cut costs. The reliance on technology to conduct
business is the reality. IT organizations need the benefits provided by Identity-Centric Security in order to
support the goals of the business, increase customer loyalty, react quickly to new initiatives and help
ensure that key information assets comply with regulations, and are secured to industry standards.

Grow the Business: Deliver New Business Services

Marketing and business development are tasked with bringing more customers and opening new
markets. New initiatives often include a new application, new ways to communicate with target
demographics and obtaining more data on customers and their buying habits. Application
deployment is always urgent and security considerations, especially the need to validate and
authorize users, are seen as slowing down the business.
Retail IT can get ahead of fast moving requirements by adopting a platform for Identity-Centric
Security that provides flexibility in authentication methods, centralized authorization, shared account
management, identity federation, and access governance as core capabilities, along with broad
platform support including mobile. In addition, a broad range of IAM capabilities in on-premise,
cloud, or hybrid environments helps provide the business agility that retail organizations require.
These capabilities help enable new initiatives, can quickly plug new services into the platform and
instantly connect users with existing services across access channels.

14 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

ca.com

Increase Efficiency: Secure the Mobile, Cloud-Connected Enterprise

Managing access in a retail environment is especially complex. Internally, the organization is often
geographically dispersed; the work force is dynamic with high turnover, and associates move between
several functions in the course of a day. Systems and applications are often misaligned with the
business, presenting multiple points of account administration for a single job function. These factors
can cause delays and complexity in access assignments, and can negatively impact store operations,
affecting the level of customer service.
When deployed in a retail environment, Identity-Centric Security becomes a platform for delegating
the management of users and their access: user onboarding is quicker and off-boarding can be
immediate. Managers can respond to changing demands in the assignment of functions in the store.
Associates can access multiple applications without repeatedly authenticating. The organization can
confidently adopt the use of cloud platforms to conduct business. The result is increased efficiency
and productivity, as well as increased ability to react quickly to changing market conditions.

Protect the Business

As an industry based on financial transactions, and increasingly involved in the collection of
customers personal information, retail is trusted to maintain the highest standards of security. In
this competitive industry, the integrity of the brand is of immense importance, and the regulation of
privacy and payment processing are prescriptive. From Point-of-Sale to back office operations and
from corporate to externally-facing applications, governance of access to the IT infrastructure forms
the foundation of proper security controls.
Identity-Centric Security helps protect the business by helping ensure accountability, with reliable
identification of the person responsible for a transaction. Whether identifying a loyal customer or an
administrator that requires access to sensitive data, asserting user identity is the first step in security.
When the identity is known, its easier to follow other security practices: least privilege, reporting and
auditing, authorization, timely removal of access and addressing persistent threats.

15 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

Figure 5:
Business benefits

Deliver Secure New

Business Services

ca.com

Secure The Mobile,

Cloud-Connected
Enterprise

Protect Against
Insider Threats
and Internal Attacks

Section 5: Conclusion

Innovation and Leadership through IdentityCentric Security

For retailers, Identity and Access Management adds real business value, beyond the obvious benefits
of security and compliance. As more services are deployed online, on mobile and in the cloud,
Identity and Access Management is a central element in customer satisfaction and the ease of
doing business.
IT organizations in the retail industry should support, innovate and lead the charge through adoption
of a complete set of technologies that improve the quality of service for associates, partners and
customers, reduce the risk to the organization and enable business to run better.

16 | WHITE PAPER: IMPROVING SECURITY FOR RETAIL WITH IDENTITY AND ACCESS MANAGEMENT

Section 6:

About the Author

Tsvi Korren, CISSP, has been an enterprise IT professional for 20 years with background in
business process consulting in large organizations. He is currently a Sr. Principal Consultant with
CA Technologies, working with retail customers to align IT with business goals through adoption
of Identity and Access Management practices.

Connect with CA Technologies at ca.com

Agility Made Possible: The CA Technologies Advantage

CA Technologies (NASDAQ: CA) provides IT management solutions that help customers
manage and secure complex IT environments to support agile business services. Organizations
leverage CA Technologies software and SaaS solutions to accelerate innovation, transform
infrastructure and secure data and identities, from the data center to the cloud. CA Technologies
is committed to ensuring our customers achieve their desired outcomes and expected business
value through the use of our technology. To learn more about our customer success programs,
visit ca.com/customer-success. For more information about CA Technologies go to ca.com.

Copyright 2014 CA. All rights reserved. Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. All
trademarks, trade names, service marks and logos referenced herein belong to their respective companies.
This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by
applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a
particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without
limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages.
CS200-61604_0314