They can work on its ability to work in a distributed environment. It's a mainframe product. As many companies move to the cloud, depending on what cloud models they choose, such as a public, hybrid, or private cloud, it should be deployable. I am not sure if it can be deployed on those platforms. 

It has been there since the '50s or '60s, and it's still scalable. It has survived all these years, and it's scalable to many platforms, but I don't know about the cloud.

LIDs based on names are rapidly becoming useable. A primary key based on SSO IDs is preferred for LIDs in the UID string. This will also serve as a primary (and secure) key to owners of personal accounts. Functional and service accounts should follow a more strict naming convention.

Any solution that would eliminate manual intervention further is a great improvement. A solution that requires less in the form of manual processing saves more time and effort.

The user access review could also be improved. It produces a lot of false positives. Improvement that will minimize false positives and enhance the reliability of the results would be a welcome change.

There is always room for improvement in this product.

If possible, I would recommend to have an Eclipse interface which can provide simplicity in programmable access. This will help in putting together more flexible solutions that interact with the mainframe.

I am deeply impressed with the quality and depth and breadth of security and functionality in CA’s ACF2 and Top Secret products, but being as I was at CA World and answering a survey, I tried to think of a creative way for these products to be even better, and what came to mind is that more and more application-relevant mainframe solutions are getting Eclipse interfaces.

While CA’s DSI (Distributed Security Integrator) certainly provides a depth and breadth of functionality for distributed applications talking to mainframe security, I think there’s an opportunity to approach it from the other side of this coin as well, giving distributed applications developers greater ease of including security integration in their mainframe-resident applications from a development-environment perspective. Having an environment that is automatically “aware” of the security calls, resources, fields, arguments, etc., in mainframe security can encourage developers to think of security earlier on in the process and more comprehensively and validly when they’re dealing with these features in their mainframe applications.

It needs longer rules. The max rule is 32K. It would be nice if the rules could be moved above the bar, which would allow for longer rules.

I would like to see browser support whereby we can work from our desktops instead of using the mainframe tool called 3270. I would like my team and me to be able to use simple browsers, like Chrome, to be able to access mainframe data and provision users using the browser.