Presentation is loading. Please wait.

Presentation is loading. Please wait.

Xavier Verhaeghe Vice President Oracle Security Solutions

Published byElise Lish Modified over 9 years ago

Similar presentations

Presentation on theme: "Xavier Verhaeghe Vice President Oracle Security Solutions"— Presentation transcript:

1 Identity and Access Management in a highly secured Federated Environment
Xavier Verhaeghe Vice President Oracle Security Solutions Oracle West Europe

2 ORACLE RELEVANT IN THIS SPACE...?

3 Identity Management Market Leader
“Oracle is currently the IdM vendor to beat” - Burton VantagePoint 2008: Identity and Privacy Trends “Oracle has established itself as Leader.” - The Forrester Wave: Identity And Access Management, Q1'08 User Provisioning, H2 2008 Web Access Management, H2 2008 Oracle has been ranked as a leader by every major analyst firm. Burton Group and Forrester have positioned Oracle as the vendor to beat. Gartner positions Oracle in the Leaders quadrant on both the User Provisioning and Web Access Management Magic Quadrants. “Oracle assumes the No. 1 position” - Earl Perkins, Perry Carpenter, Aug (Research G ) 3

4 Some Oracle Security Customers
ORACLE HAS A LOT OF CUSTOMERS, IN DIFFERENT SECTORS, INCLUDING IN MILITARY, DEFENSE, INTELLIGENCE UNITS, POLICE,... Financial Services Transportation & Services Manufacturing & Technology Telecommunication Public Sector Retail And it’s not just analysts. Customer in every industry rely on Oracle Security solutions to protect their business – or their country! Oracle Confidential 4

5 MILITARY REQUIREMENTS.
COMPLETELY UNIQUE ... OR NOT ...

6 Completely unique, or not...
COMMON NEEDS Continuous threats Fragmented solution patchwork Manual tasks / orphaned accounts / compliance Pressure to reduce costs Not part of a full strategic information security platform External (trusted?) collaboration Changing needs/architecture User productivity Management capabilities SPECIFIC NEEDS Level of attacks Impact when information is compromised Segregation of duties/compliance Balance of internal security with alliance security Fraud prevention vs. Fraud detection 6

7 Common need for a step back
Open standards based Security as a service model Sustainable – management capabilities Scalability Need for a comprehensive strategic platform 7

8 Oracle Security Inside Out
4/11/2017 Databases Applications Content Infrastructure Information Oracle Security Inside Out Databases Applications Content Infrastructure Information Information Infrastructure Databases Applications Content Infrastructure Information Databases Applications Content Oracle Confidential 8 Oracle Confidential 8 8 8

9 Comprehensive Identity Services Platform
Identity Assurance Federated Authentication & User-Centric Identity that spans the enterprise environment and cloud environment Interfaces Identity Administration Strong User and Access Lifecycle Management (Provisioning/De-Provisioning Capabilities) Identity Authorization A Claims-Based Authorization model, coupled with strong XACML-based Entitlement Management Identity Hub Enterprise Identity Providers protected by IGF-style policy controls and Virtualization Identity Audit A standardized Audit Framework for creating, managing and analyzing audit trails across cloud services Identity Assurance Federated Authentication (including MFA) for high-assurance identity verification User-Centric Identity Schemes (like OpenID and OAuth) for consumer authentication and lightweight federation Fraud Prevention Identity Proofing Risk Forensics Identity Authorization Policy Definition and Management Standard-based Replication and Synchronization of policies Fine-Grained Policy Enforcement Support for Distributed, real-time, high performance Policy Enforcement Points Enforce Separation of Duties policies Support Claims-based model Identity Hub Identity Service that provides access to Identity Data Support for Virtualization over multiple authoritative sources Secure storage of Credentials Privacy Controls with Identity Governance Framework Declarative Governance Model for how identity data is provided and consumed Implements the Principle of Least Knowledge and Minimal Disclosure Support both definitive (date of birth) and derived (over 21) identity data Attribute declaration Usage Constraints DB SECURITY

10 Oracle Access Management
Comprehensive security for applications, data, documents and web services End-to-end authentication, single sign-on, and fine grained application protection Innovative anomaly detection, transaction security, and multi-factor authentication Extensive 3rd party integrations Complimentary functionalities must be harnessed to achieve true end to end enterprise class security. Oracle has the most complete access management offering in the industry because we are executing on a complete vision of security. End to end suite and complementary enterprise class functionality Application authorization and document authentication work side by side to secure completely 10 Copyright © 2009, Oracle. All rights reserved

11 Oracle Identity Federation 11g
Windows CardSpace WS-Fed SAML 1.x/2.0 Liberty ID-FF Applications Partners/Affiliates Identity Stores Policy Stores Main Point: OIF 11g 1. With 11g, Oracle is adding and extending standards-based support for several federation standards including SAML, Liberty Alliance Federation, WS-Fed and Windows CardSpace. With CardSpace, OIF will now be able to offer Information Cards support as a relying party. With standards based support, OIF accelerates the integration process between business domains resulting in better security, increased compliance, and lower costs 2. OIF 11g also features integration with Oracle Enterprise Manager for operational monitoring, reporting, and auditing. EM integration results in enterprise class management and better compliance. 3. Oracle Identity Federation 11g offers what is called a Universal Federation Framework that offers flexible integration capabilities and helps accelerate deployment in complex heterogeneous environments Seamless Single Sign-On Authn/SSO Certificate Stores Portals Enterprise-class Manageability IdM Infrastructures Universal Federation Framework

12 Hot-Pluggable & Open Standards
INNOVATION : CONTRIBUTION:IMPLEMENTATION BUT CUSTOMER DRIVEN Contribute and lead SSTC (SAML Working Group) - Co-Chair Liberty Alliance - President, Board Member WSS, WS-SX (Web Services Sec), Author SPML - Author XACML – Voting member Implement Accelerate product development Simplify product integration & minimize TCO Innovate Identity Governance Framework: CARML, AAPML Standards for end-to-end security

13 FRAUD PREVENTION

14 Fraud Prevention Fraud Prevention Strengthened authentication
Secure Login Model Risk Analysis and Forensics Detect Anomalies Evaluate transactions Challenge or Block Strengthened authentication Real-time anomaly detection Preventative actions Reporting and forensics 14 Copyright © 2009, Oracle. All rights reserved

15 Adaptive Risk Manager Key Capabilities
Real time monitoring of web traffic, builds profiles of normal transaction activity Evaluates activities and context information against rules engine Prompts for additional challenge questions or secondary authentication (OTP, etc.) Blocks access or notifies administrators of potential fraudulent activity Offline forensics analysis of audit data 11/04/ :50 15 15 15

16 Adaptive Strong Authenticator Key Capabilities
Mutual authentication via personalized images Virtual Authenticator devices protect passwords, PINs, and challenge questions against key loggers, man-in-the-middle attacks, OCR programs Control & randomize placement of authenticators in the browser 11/04/ :50 16 16 16

17 Virtual Authenticator Interfaces
Personalized Image Time Stamp Personalized Phrase 11/04/ :50 17 17

18 COMPREHENSIVE SUSTAINABLE SOLUTION
SUMMARY COMPREHENSIVE SUSTAINABLE SOLUTION

19 Oracle Identity Management Platform
Identity Administration Access Management Directory Services Identity Manager Role Manager Access Manager Adaptive Access Manager Enterprise Single Sign-On Identity Federation Entitlements Server Internet Directory Virtual Directory Audit & Compliance Manageability Identity Management Suite Enterprise Manager IdM Pack 19

20 QUESTIONS

21

Download ppt "Xavier Verhaeghe Vice President Oracle Security Solutions"

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
Copyrights 2002 Introduction to SAP Enterprise Portals September 2002 1 SAP Enterprise Portal 101 Naeem Hashmi Chief Technology Officer Information Frameworks.

Copyrights 2002 Introduction to SAP Enterprise Portals September SAP Enterprise Portal 101 Naeem Hashmi Chief Technology Officer Information Frameworks.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.

Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Identity and Access Management Business Ready Security Solutions.

Identity and Access Management Business Ready Security Solutions.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Cloud Computing! Aber sicher ?!? Ralf Schnell Customer Solutions Architect Principal Cloud Strategist

Cloud Computing! Aber sicher ?!? Ralf Schnell Customer Solutions Architect Principal Cloud Strategist
© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.

© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.
APS (Keystone) Security “dial tone” Doron Grinstein Chief Architect October 2012 | Version 0.2 | Confidential.

APS (Keystone) Security “dial tone” Doron Grinstein Chief Architect October 2012 | Version 0.2 | Confidential.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Similar presentations

Ads by Google