Presentation is loading. Please wait.

Presentation is loading. Please wait.

Xavier Verhaeghe Vice President Oracle Security Solutions

Similar presentations

Presentation on theme: "Xavier Verhaeghe Vice President Oracle Security Solutions"— Presentation transcript:

1 Identity and Access Management in a highly secured Federated Environment
Xavier Verhaeghe Vice President Oracle Security Solutions Oracle West Europe


3 Identity Management Market Leader
“Oracle is currently the IdM vendor to beat” - Burton VantagePoint 2008: Identity and Privacy Trends “Oracle has established itself as Leader.” - The Forrester Wave: Identity And Access Management, Q1'08 User Provisioning, H2 2008 Web Access Management, H2 2008 Oracle has been ranked as a leader by every major analyst firm. Burton Group and Forrester have positioned Oracle as the vendor to beat. Gartner positions Oracle in the Leaders quadrant on both the User Provisioning and Web Access Management Magic Quadrants. “Oracle assumes the No. 1 position” - Earl Perkins, Perry Carpenter, Aug (Research G ) 3

4 Some Oracle Security Customers
ORACLE HAS A LOT OF CUSTOMERS, IN DIFFERENT SECTORS, INCLUDING IN MILITARY, DEFENSE, INTELLIGENCE UNITS, POLICE,... Financial Services Transportation & Services Manufacturing & Technology Telecommunication Public Sector Retail And it’s not just analysts. Customer in every industry rely on Oracle Security solutions to protect their business – or their country! Oracle Confidential 4


6 Completely unique, or not...
COMMON NEEDS Continuous threats Fragmented solution patchwork Manual tasks / orphaned accounts / compliance Pressure to reduce costs Not part of a full strategic information security platform External (trusted?) collaboration Changing needs/architecture User productivity Management capabilities SPECIFIC NEEDS Level of attacks Impact when information is compromised Segregation of duties/compliance Balance of internal security with alliance security Fraud prevention vs. Fraud detection 6

7 Common need for a step back
Open standards based Security as a service model Sustainable – management capabilities Scalability Need for a comprehensive strategic platform 7

8 Oracle Security Inside Out
4/11/2017 Databases Applications Content Infrastructure Information Oracle Security Inside Out Databases Applications Content Infrastructure Information Information Infrastructure Databases Applications Content Infrastructure Information Databases Applications Content Oracle Confidential 8 Oracle Confidential 8 8 8

9 Comprehensive Identity Services Platform
Identity Assurance Federated Authentication & User-Centric Identity that spans the enterprise environment and cloud environment Interfaces Identity Administration Strong User and Access Lifecycle Management (Provisioning/De-Provisioning Capabilities) Identity Authorization A Claims-Based Authorization model, coupled with strong XACML-based Entitlement Management Identity Hub Enterprise Identity Providers protected by IGF-style policy controls and Virtualization Identity Audit A standardized Audit Framework for creating, managing and analyzing audit trails across cloud services Identity Assurance Federated Authentication (including MFA) for high-assurance identity verification User-Centric Identity Schemes (like OpenID and OAuth) for consumer authentication and lightweight federation Fraud Prevention Identity Proofing Risk Forensics Identity Authorization Policy Definition and Management Standard-based Replication and Synchronization of policies Fine-Grained Policy Enforcement Support for Distributed, real-time, high performance Policy Enforcement Points Enforce Separation of Duties policies Support Claims-based model Identity Hub Identity Service that provides access to Identity Data Support for Virtualization over multiple authoritative sources Secure storage of Credentials Privacy Controls with Identity Governance Framework Declarative Governance Model for how identity data is provided and consumed Implements the Principle of Least Knowledge and Minimal Disclosure Support both definitive (date of birth) and derived (over 21) identity data Attribute declaration Usage Constraints DB SECURITY

10 Oracle Access Management
Comprehensive security for applications, data, documents and web services End-to-end authentication, single sign-on, and fine grained application protection Innovative anomaly detection, transaction security, and multi-factor authentication Extensive 3rd party integrations Complimentary functionalities must be harnessed to achieve true end to end enterprise class security. Oracle has the most complete access management offering in the industry because we are executing on a complete vision of security. End to end suite and complementary enterprise class functionality Application authorization and document authentication work side by side to secure completely 10 Copyright © 2009, Oracle. All rights reserved

11 Oracle Identity Federation 11g
Windows CardSpace WS-Fed SAML 1.x/2.0 Liberty ID-FF Applications Partners/Affiliates Identity Stores Policy Stores Main Point: OIF 11g 1. With 11g, Oracle is adding and extending standards-based support for several federation standards including SAML, Liberty Alliance Federation, WS-Fed and Windows CardSpace. With CardSpace, OIF will now be able to offer Information Cards support as a relying party. With standards based support, OIF accelerates the integration process between business domains resulting in better security, increased compliance, and lower costs 2. OIF 11g also features integration with Oracle Enterprise Manager for operational monitoring, reporting, and auditing. EM integration results in enterprise class management and better compliance. 3. Oracle Identity Federation 11g offers what is called a Universal Federation Framework that offers flexible integration capabilities and helps accelerate deployment in complex heterogeneous environments Seamless Single Sign-On Authn/SSO Certificate Stores Portals Enterprise-class Manageability IdM Infrastructures Universal Federation Framework

12 Hot-Pluggable & Open Standards
INNOVATION : CONTRIBUTION:IMPLEMENTATION BUT CUSTOMER DRIVEN Contribute and lead SSTC (SAML Working Group) - Co-Chair Liberty Alliance - President, Board Member WSS, WS-SX (Web Services Sec), Author SPML - Author XACML – Voting member Implement Accelerate product development Simplify product integration & minimize TCO Innovate Identity Governance Framework: CARML, AAPML Standards for end-to-end security


14 Fraud Prevention Fraud Prevention Strengthened authentication
Secure Login Model Risk Analysis and Forensics Detect Anomalies Evaluate transactions Challenge or Block Strengthened authentication Real-time anomaly detection Preventative actions Reporting and forensics 14 Copyright © 2009, Oracle. All rights reserved

15 Adaptive Risk Manager Key Capabilities
Real time monitoring of web traffic, builds profiles of normal transaction activity Evaluates activities and context information against rules engine Prompts for additional challenge questions or secondary authentication (OTP, etc.) Blocks access or notifies administrators of potential fraudulent activity Offline forensics analysis of audit data 11/04/ :50 15 15 15

16 Adaptive Strong Authenticator Key Capabilities
Mutual authentication via personalized images Virtual Authenticator devices protect passwords, PINs, and challenge questions against key loggers, man-in-the-middle attacks, OCR programs Control & randomize placement of authenticators in the browser 11/04/ :50 16 16 16

17 Virtual Authenticator Interfaces
Personalized Image Time Stamp Personalized Phrase 11/04/ :50 17 17


19 Oracle Identity Management Platform
Identity Administration Access Management Directory Services Identity Manager Role Manager Access Manager Adaptive Access Manager Enterprise Single Sign-On Identity Federation Entitlements Server Internet Directory Virtual Directory Audit & Compliance Manageability Identity Management Suite Enterprise Manager IdM Pack 19



Download ppt "Xavier Verhaeghe Vice President Oracle Security Solutions"

Similar presentations

Ads by Google