Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Next Level: Managed Security in the Cloud Gail Coury, Vice President-Risk Management Deepak Kallakuri, Senior Product Manager Oracle Managed Cloud.

Similar presentations


Presentation on theme: "The Next Level: Managed Security in the Cloud Gail Coury, Vice President-Risk Management Deepak Kallakuri, Senior Product Manager Oracle Managed Cloud."— Presentation transcript:

1

2 The Next Level: Managed Security in the Cloud Gail Coury, Vice President-Risk Management Deepak Kallakuri, Senior Product Manager Oracle Managed Cloud Services September 30, 2014 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

3 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3

4 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Agenda Oracle’s Cloud Solutions Strategy Oracle Managed Cloud Services Risk Management and Security Intermountain Healthcare Intuit 4

5 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Cloud Consume Oracle as subscription- based services 5 Private Cloud Build and manage your own cloud using Oracle cloud products Oracle Cloud Solutions OMCS is the on-ramp to Cloud for Oracle customers

6 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |6 Applications to Disk – Singular Focus on Oracle “Red” Stack Oracle Offers Unique Benefits to Customers Accelerated upgrades Certified configurations optimized across stack Predictive incident management Go-Live Center reduces post-go-live issues 54%

7 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |7 Hundreds of change projects executed successfully Up to 5.34 billion database transactions per hour 41+ petabytes of managed storage World’s largest Oracle VM and Linux grid Massive Scale

8 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Risk Management and Security Oracle’s Approach 8

9 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Security Strategy Legal and Security Architecture Reviews Security Technical Design Reviews Security Assessments and Certified Configurations Security Technologies Security Information Event Management (SIEM) Secure Web Gateways End Point Security (AV/HIDS/Disk Encryption) Intrusion Detection/Prevention Tape Backup Encryption Multi-Factor Authentication for Administrators Segregated Networks Power Broker for Privileged Management SSL Accelerators Security Services PCI DSS and HIPAA Security Services Enhanced Security Services Government Security Services 21 CFR Part 11 Validation Support Services Identity Management Services (SSO, Provisioning,…) Managed Security Service Packs Secure Banking Services Disaster Recovery Services Governance Objective 3 rd Party Opinion via Audits (ISAE 3402 / SSAE 16) ISO Certification / ISO Conformance Formal Risk Assessment Self Testing Security Training for Operations and Customer Delivery Customer Right to Audit Layered Defense in Depth Risk Management 9

10 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Managed Security Services 21 CFR Part 11 PCI Services Identity Services Government Services HIPAA ServicesEnhanced Security Services Designed to protect Customer’s electronic protected health information (ePHI) in environments managed by Oracle Assists the Customer to meet its legal obligations under the HIPAA as amended by the HITECH Act Oracle Cloud Services is a Level 1 Payment Card Industry (PCI) Compliant Service Provider since 2006 Oracle can reduce the time and cost associated with PCI compliance Supplements standard security services for “risk conservative” customers Facilitates customer’s compliance needs Advanced Services are “cafeteria style” Designed to enable our customers to be compliant with federal legislative and executive mandates / directives Helping government run business operations more effectively, and at lower costs Provides Customers with the consistent and secure way of managing identities and privileges for hosted services Enables Customers to leverage our expertise to deploy and manage one or more components of Oracle IdM suite Makes Cloud Services an attractive option for Pharma and Medical Device Manufacturers Supports the customer’s compliance validation requirements 10

11 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 136 Controls Tested Biannually for Commercial 96 Controls Tested Biannually for Federal ISO Certification 159 Controls Tested Annually ISO Certificate of Conformity 72 Controls Tested Annually Department of Defense (DoD) and Agencies Controls Tested Annually NIST High & DIACAP MAC Level I Sensitive FedRAMP JAB Provisional Authority to Operate (P-ATO) - Moderate ISO Certification HIPAA Compliance Compliant Level 1 Service Provider 217 Controls Tested Annually 64 Controls Tested Annually ISAE 3402 / SSAE 16 SOC1 Federal Certification & Accreditation (C&A) & FedRAMP Payment Card Industry (PCI) Custom System Validation Services 21 CFR Part 11 for Life Sciences 105 Controls Tested Annually SOC2 / SOC3 For Security & Availability Managed Cloud Services Compliance 11

12 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Value HIPAA Security Services Advanced Service Offerings For Health Information Designed to protect Customer’s electronic protected health information (ePHI) in environments managed by Oracle Assists the Customer to meet its legal obligations under the HIPAA 1 as amended by the HITECH 2 Act 1 Health Insurance Portability and Accountability Act of Health Information Technology for Economic and Clinical Health Act of

13 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Managed Identity Services Based on Oracle Identity Products 13

14 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Value Enhanced Security Services Ongoing Vulnerability and Risk Management Comprehensive services for ongoing vulnerability and risk management Base Services plus choice of options Oracle expertise in deploying Oracle security technologies 14

15 Intermountain Healthcare Joe Finlinson, IS Director - Business Applications 15

16 About Intermountain Healthcare Headquarters in Salt Lake City, Utah Largest employer in the state – 35,000 employees Created in 1975 as LDS Church “gifts” hospitals to the community Hospital network  24 Hospitals  2,500 + Licensed Beds Medical Group  1,000 Employed Physicians  130 Clinics SelectHealth – health plan  Direct Subscribers– 550,000 $3.6 billion in Net Patient Services Revenue $5.0 billion in Assets AA+ Standard & Poor’s Aa1 Moody’s Only System to receive highest ratings from both S&P and Moody’s 16

17 Our Aspirations Our Mission Excellence in the provision of healthcare services to communities in the Intermountian region. Our Values Mutual Respect, Accountability, Trust, Excellence Our vision Our vision is to be a model healthcare system by continually learning and providing extraordinary care in all of its dimensions

18 The Dimensions of Care

19 Cloud Deployment

20 What Keeps You Awake at Night?

21

22

23 How Does OMCS Protect Intermountain? HIPAA Security Services Annual Penetration Testing Quarterly Environment Scanning Database Audit Web Application Firewall Client Security Socket Layer (Mutually Authenticated SSL)

24 Benefits World Class security experts Well defined Policies and Procedures pre-built for compliance Systems built from the ground up with security and privacy in mind Peace of mind in a complex regulatory environment

25 Intuit Confidential and Proprietary Intuit’s simply secured journey Paul Van Amsterdam – VP of IT

26 Intuit Confidential and Proprietary26Intuit Confidential and Proprietary26 Intuit’s Mission To improve our customers’ financial lives so profoundly… they can’t imagine going back to the old way CONSUMERS SMALL BUSINESSES ACCOUNTING PROFESSIONALS

27 Intuit Confidential and Proprietary27Intuit Confidential and Proprietary27 Employees 8,000+ A Premiere Innovative Growth Company Customers 45M Global Offices US, UK, India, Canada, Australia, others Revenue 4.5B Founded 1983 Public 1993 INTU

28 Intuit Confidential and Proprietary28Intuit Confidential and Proprietary28 Driver for change Intuit needed to mature its enterprise access controls Board asked how we could accelerate the program

29 Intuit Confidential and Proprietary29Intuit Confidential and Proprietary29 Q1Q2Q3Q4Q1Q2Q3Q4Q1Q2Q3Q4 Enterprise roles User lifecycle management Access management and federation Auditing and reporting EIAM Program Approach Wave 0 Wave 2Wave 3Wave 4Wave 5Wave 1  Complete Pilot ER by 8/1  Defined ER for BUs in scope by 6/30 SSO enabled for target systems Centralized self service  Foundational reporting enabled User attestation Delegated attestation enabled OIM, OAM, OVD & OWSM eBiz, BRM, PIM, Siebel, OASIS, Orbit ABC, Great Plains, Mediation Server, Pivotal, Softrax Logtran, PSP, Cyclone, IOP OPS Secure Token, EFE AD (MNET), Admin Platform, CM Admin, Compass, Metavante, Skypass/ Skynet, Perforce  Automated provisioning for 6 target systems by 7/31  Automated access/revocation by 7/31 KPIs dashboards deployed Security event correlation enabled Delegated administration Expanded to additional BUs Expanded to additional targets systems & BUs Privileged account management FY 14 FY 15** FY 16 Expanded to additional targets OAM/OIM upgraded to 11g 5/24 ‘*’ – subject to prioritization and scoping considerations defined in this report ** Acc/SVN, B2B App, Barista, Gentran (GIS), ERS removed from Q1 FY’15 list due to IFS divestiture

30 Intuit Confidential and Proprietary30Intuit Confidential and Proprietary30 Keys to our success 1.Active engagement from Oracle Managed Cloud Services and Oracle development a.Leverage the expertise from Oracle across the board and leverage known base capabilities b.Results in lower risk to the overall program 2.We are learning together (active-active, multi data center HA) a.Be open to sharing issues and developing solutions together b.Additional product enhancements and share what works and opportunities 3.Ensure you focus on outcomes a.Alignment with the business on what we are solving for b.Focus on the future, by moving from compliance to risk based investments 4.Lower risk by leveraging Oracle in executing what they do best a.Transparent data encryption b.Audit Vault c.Database Vault d.File Integrity Monitoring

31 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |31 Managed Security Turn-key service offerings to manage Oracle database security product Database Encryption Service Data Masking Service DB Configuration Compliance Service Database Auditing Service Data Masking for Oracle Database Masking templates for EBSO Transparent Data Encryption EM Lifecycle Compliance Management File Integrity Monitoring Database Auditing Audit Vault Periodic activity reports Database Protection Service Oracle Database Vault Transparent Data Encryption Complete lifecycle management: Design, implement, manage, monitor and report Predictable cost, rapid deployment and reliable Close cooperation with product development for faster issue resolution

32 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Security Capabilities Summary 32

33 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Learn More: Sessions & Customer Success Panel Discussions DEMOgrounds – Moscone West, ERP Managed Cloud Lounge – Moscone West, Level 3 SessionTypeDay / TimeLocation Oracle Managed Cloud Services: Your On-Ramp to the Cloud Strategy Monday, SEP 29 10:15 AM – 11:00 AM Moscone South How the Cloud is Changing the CIO RolePanel Monday, SEP 29 1:30 PM – 2:15 PM Moscone South – 300 Innovation that Fuels the Cloud Managed Cloud Services Session Tuesday, SEP 30 10:45 AM – 11:30 AM Moscone South – 300 The Next Level: Managed Security in the Cloud Panel Tuesday, SEP 30 12:00 PM – 12:45 PM Intercontinental Grand Ballroom C The Power of Engineered Systems in the CloudPanel Wednesday, OCT 1 12:45 PM – 1:30 PM Moscone South Extend Your Cloud Oracle Functional Business Services Panel Wednesday, OCT 1 2:00 PM – 2:45 PM Moscone South Managed Cloud Database Service: Database Cloud Delivered On-Premise Session Wednesday, OCT 1 3:30 PM – 4:15 PM Moscone South Oracle Managed Cloud for IndustriesSession Thursday, OCT 2 9:30 AM – 10:15 AM Marriott Marquis Salon 10/11 33

34 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |34

35


Download ppt "The Next Level: Managed Security in the Cloud Gail Coury, Vice President-Risk Management Deepak Kallakuri, Senior Product Manager Oracle Managed Cloud."

Similar presentations


Ads by Google