Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection, Identity/Access Management and Governance, Risk and Compliance Enabling Effective Security in an Insecure World:

Similar presentations


Presentation on theme: "Data Protection, Identity/Access Management and Governance, Risk and Compliance Enabling Effective Security in an Insecure World:"— Presentation transcript:

1 Data Protection, Identity/Access Management and Governance, Risk and Compliance Enabling Effective Security in an Insecure World:

2 Agenda  Business Drivers and Pain Points  Oracle Solution Oracle Advanced Security Oracle Label Security Oracle Audit Vault Oracle Data Vault Oracle Identity Management Oracle Identity Federation Oracle Internet Directory Oracle Virtual Directory Oracle Access Manager Oracle Enterprise Single Sign-On  Summary/Contact Info

3 Breaches Common Front Page News

4 Publicly Available = Public Exposure

5 5 Regulatory Compliance Challenges Costly and Complex  More global data privacy regulations 90% companies fail compliance  Costly breach disclosure laws $239/record Up to $35M/breach  Complex IT requirements Separation of duties Proof of compliance Constant self assessment On-the-spot audit reporting SOX K-SOX GLBA PCI HIPAA EU Directives Basel II PIPEDA J-SOX SAS70 21 CFR Part 11

6 6 Complying with Governance and Regulatory Mandates “How can we stay on top of increasing regulatory and reporting demands without adding cost?” Organizations spend an average of 34 percent of their IT resources on activities devoted to satisfying compliance for multiple regulations. - Security and Compliance Council, September 2005 Preventing Failures with Better Risk Management “How can we better manage risk to prevent business and compliance failures?” 74% of senior risk managers believe that “adopting best practices whether required by current regulations or not” is very effective in managing regulatory risk. - Economist Intelligence Unit, June 2005 Improving Business Agility and Automation “How can we automate processes that improve employee productivity and also protect the organization?” - Healthcare Informatics, August 2007 Revolving door of Identities - With an increasingly mobile workforce, healthcare providers are looking for clear, flexible and well-defined best practices by Deborah Pappas What Security Means to The Customer

7 Enterprise Security Strategy Goals Mitigate Risk and Cost  Provisioning: Streamline Onboarding & Offboarding Automate user account Add/Mod/Deletion to the Content Server  Simplify & secure access to all content SSO & unified Web access control & Web Services security  Secure stored data Securely store data in motion, data at rest and data in hibernation  Role Management Holistic view of business users, job functions and entitlements  Information Rights Management (IRM) Protect sensitive/confidential information, audit usage, control actions Ensure destruction of obsolete/remote content based on business rules

8 IT Landscape Employees Customers Partners Directories Web Servers Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) BI and Content Management Portal and App Servers / File Servers Mainframe Web Services (External) Web Services (Internal) Databases Data Warehouses Unstructured Content Presentation Tier 8 Logic (Business) Tier Data Tier

9 Presentation Tier Employees Customers Partners Logic (Business) Tier Presentation Tier Data Tier Web Servers Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) BI and Content Management Portal and App Servers / File Servers Mainframe Web Services (External) Web Services (Internal) Presentation Tier This Includes Web Servers, Fat Clients and Externally exposed web services Databases Directories Data Warehouses Unstructured Content

10 Employees Customers Partners Logic (Business) Tier Presentation Tier Data Tier Web Servers Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) BI and Content Management Portal and App Servers / File Servers Mainframe Web Services (External) Web Services (Internal) Presentation Tier Solutions Databases Directories Data Warehouses Unstructured Content Risk-Based Authentication  Deploy Online Fraud Detection  Use stronger forms of Authentication than a password like software authenticators Self Service Deploy web-based, self-help tools for Password Reset, Registration and Account Administration Centralize Authorization Centralize the protection of your Web Applications AND Web Services Single Sign On Simplify User Access with SSO: 1.Web-based Apps 2.Client / Server-based Apps 3.Partners with Federation

11 Employees Customers Partners Logic (Business) Tier Presentation Tier Data Tier Web Servers Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) BI and Content Management Portal and App Servers / File Servers Mainframe Web Services (External) Web Services (Internal) Logic (Business) Tier This Includes Packaged Applications, Application Servers, Mainframes, Servers and File Servers as well as internal web services Logic (Business) Tier Databases Directories Data Warehouses Unstructured Content

12 Employees Customers Partners Logic (Business) Tier Presentation Tier Data Tier Web Servers Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) BI and Content Management Portal and App Servers / File Servers Mainframe Web Services (External) Web Services (Internal) Logic (Business) Tier Solutions Databases Directories Data Warehouses Unstructured Content Identity Management Automate On-Boarding, Off-Boarding and User Change based HR data Enterprise-Level Role Management Mine, create and manage roles at an “Enterprise Level” spanning many applications Password Management Reduce the number of passwords by synchronizing them across systems Identity Audit/Governance Use a integrated, web-based system to: Quickly tell you “Who Has (and Had) access to what?” Allows you to schedule and delegate attestation of user entitlements Notifies you about rogue accounts

13 Employees Customers Partners Logic (Business) Tier Presentation Tier Data Tier Web Servers Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) BI and Content Management Portal and App Servers / File Servers Mainframe Web Services (External) Web Services (Internal) Data Tier This Includes Oracle and Non-Oracle Databases, Directories, File Shares, etc Databases Directories Data Warehouses Unstructured Content

14 Employees Customers Partners Logic (Business) Tier Presentation Tier Data Tier Web Servers Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) BI and Content Management Portal and App Servers / File Servers Mainframe Web Services (External) Web Services (Internal) Data Tier Solutions Databases Directories Data Warehouses Unstructured Content Encryption Secure your data with integrated, tested and proven database options Database User Management Externalize and Centralize users and passwords for database users in existing directories (like AD) Access Control Lock Down access to ANY Oracle Database data Credit cards, Employee Data from unauthorized access…even the DBA Lots of Data Stores, Need a Common View Create a single “Virtual” LDAP view of heterogeneous data stores (Directories, Database Tables, Web services)

15 Data Defense in Depth Privacy & integrity of data Comprehensive auditing Privacy & integrity of communications  Network Users Authenticate Access control KNOX12029 KYTE17045 CAREY12032 HOECHST PIERMAR SCOTT14220 KING18031        Org 10 Org 20 Admin Org 30

16 16 Data Privacy and Regulatory Compliance Database Security Focus Areas Protecting Access to Application Data Data Classification Database Monitoring Database Monitoring De-Identifying Information for Sharing Protecting Data- at-Rest

17 17  Prevent privileged users from accessing data outside their authorization  Eliminate security risks from database consolidation  Enforce Separation of Duties, Least Privilege, and other policies  No changes to existing applications required Protecting Data Access: Oracle Database Vault DBA HR App DBA SELECT * FROM HR.EMP FIN App DBA HR HR Realm FIN FIN Realm

18 18 Oracle Database Vault Real-Time Multi-Factor Authorization HR Application User FIN Application DBA HR FIN CONNECT … CREATE … Business hours Unexpected IP address  Command rules consider multiple factors  Enforce two-admin rules and other security policies  Prevent application by-pass and ad-hoc access  Out-of-the-box policies for Oracle applications

19 19 Protecting Data-At-Rest: Oracle Advanced Security  Protect sensitive application data by transparently encrypting: Specific columns (credit cards) Entire application tables New SecureFile type (images, documents)  Automated built-in key management Two-tier scheme for separation of duties Hardware Security Modules (HSM) integration  No changes to applications required Network Encryption ^#^ * 75000

20 20 Data Classification: Oracle Label Security  Classify data with labels  Assign clearances to users  Use classification label to enforce security policies “Need to Know” Labels can be "factors" in Oracle Database Vault policies Confidential Highly Sensitive Sensitive User Label Authorizations Sensitive Highly Sensitive

21 21 De-Identifying Shared Information: Enterprise Manager Data Masking Pack  Turn sensitive information into non-sensitive information for sharing  Consistent masking via extensible format library  Maintains referential integrity for applications  Automated data masking for databases enterprise- wide Cloned Database Mask Production Database LAST_NAMECREDIT_CARDAMT AGUILAR BENSON LAST_NAMECREDIT_CARDAMT ANSKEKSL BKJHHEIEDK

22 22 Monitoring Database Activity: Oracle Audit Vault  Manage Audit Data Secure consolidation of audit data from all Oracle databases Centrally manage all Oracle database audit settings  Detect suspicIous activities Monitor all database users – especially privileged users Alert on unauthorized activities  Simplify compliance reporting Built-in compliance reports Define custom reports Other Sources (Future) Oracle Database Audit Data Oracle Audit Vault

23 23 Audit Vault Reports Out-of-the-box Audit Assessments and Reports  Out-of-the-box reports Privileged user activity Role grants DDL activity  User-defined reports What privileged users did on the financial database? What user ‘ A ’ did across multiple databases? Who accessed sensitive data?

24 Identity Management – Key Areas  Access Control Single Sign-On Identity Federation Web Access Control Web Services Security*  Identity Administration User, Role Management User Provisioning  Identity Infrastructure Virtual Directory Directory *Oracle Web Services Manager licensed separately from the Identity and Access Management Suite

25 Enterprise Identity Management NOS/DirectoriesOS (Unix) Systems & RepositoriesApplications ERPCRMHRMainframe Auditing and Reporting Policy and Workflow EmployeesIT StaffSOA Applications Partners External Delegated Admin SOA Applications Customers Internal Identity Management Service Access Management Authentication & SSO Authorization & RBAC Identity Federation Identity Administration Delegated Administration Self-Registration & Self-Service User & Group Management Directory Services LDAP Directory Meta-Directory Virtual Directory Identity Provisioning Agent-based Agentless Password Synchronization Monitoring and Management

26 Oracle Identity Manager  Features Automated user provisioning and de-provisioning Rich, flexible connector framework User-friendly request & policy wizards Sophisticated workflow & reconciliation engines Unique compliance automation & reporting  Benefits Reduced administration cost Improved end user experience Critical for regulatory compliance Improved security  Differentiators Enables compliance via comprehensive audit history and periodic attestation framework Powers largest global provisioning implementation by number of targets Adapter Factory significantly lowers the TCO of customers’ solutions over time HRMS User created or removed in HR system Business Applications Workflow; Assign or revoke roles, privileges Application Driven Identity System Provision accounts and access rights

27 Oracle Identity Federation  Features Identity and trust sharing across business partners, both as Service Provider (Hub) or Identity Provider (Spoke) Lightweight, multi-protocol gateway – SAML, Liberty, WS-Federation Integrates with leading Identity Management platforms  Benefits Reduced cost of interaction between business partners Reduce administration cost Deliver improved end user experience  Differentiators Self-contained, easy to deploy solution Flexible deployment configurations Rich, 100% web-based configuration interfaces for improved administrator and end user experience Proven scalability - large production deployments

28 Oracle Internet Directory  Features Full feature LDAP server with a RDBMS data-store Industry leading scalability and HA capabilities Strong Oracle Platform integration VSLDAP certified and EAL4 compliant  Benefits Reduced operational cost with Oracle Grid support Seamless integration with Oracle Applications and Products  Differentiators RDBMS backend provides proven scalability & performance Rich, built in auditing of all events and operations Flexible data replication and redundancy features Ships with built-in directory integration functionality

29 Oracle Virtual Directory  Features Virtualization, Proxy, Join & Routing capabilities Modern Java & Web Services technology Superior extensibility Scalable multi-site administration Direct data access  Benefits Perform Real-time directory integration Accelerate application deployment Lower development costs  Differentiators Lightweight & flexible architecture Supports true virtualization without local cache, enabling stringent policy or privacy requirements Modular architecture supports the addition of connectors to a wide array of identity stores LDAP VDE DIRECTORY ENGINE WEB GATEWAY WEB SERVICES WEB GATEWAY JOIN VIEW Local Store LDAP DB NT Custom

30 Oracle Access Manager  Features Multi-level, multi-factor authentication Web and App server level authorization Workflow driven Self-service & Delegated administration Services-based architecture eases integration with existing IT infrastructure  Benefits Policy-based access management Centralized and consistent security across heterogeneous environments Reduced administration cost Increased IT governance and compliance readiness  Differentiators Administrative scalability via workflow and delegation Access control leverages up to date identity information Comprehensive auditing to a common database Authentication Authorization Identity Admin

31 Oracle Enterprise Single Sign-on (ESSO) Suite  Oracle ESSO Logon Manager is an event-driven single sign-on solution that eliminates the need for end users to remember and manage their sign-on credentials  Oracle ESSO Password Reset enables end users to reset their Windows password from a locked workstation (note: also available stand-alone)  Oracle ESSO Authentication Manager enables end users to authenticate with forms of strong authentication and grant specific levels of access based on the form of authentication  Oracle ESSO Provisioning Gateway enables OIM to add, edit and delete credentials within an end user’s Oracle ESSO credential store  Oracle ESSO Kiosk Manager provides fast user switching and sign-on/sign- off support for kiosk users

32 32 Compliance Products IAM Suite AuditVault Separation Of Duties Monitor, Alert, Consolidate Content/ Record DB Unstructured Data Mgmt

33 33 Oracle Enterprise Security Solutions Addresses top 3 Security Focus Areas IT Governance IT Risk Mgmt IT Compliance Oracle Access Manager Oracle eSSO Suite Advanced Security Option Oracle Secure Backup Oracle Identity Federation Oracle Virtual Directory Oracle Identity Manager Oracle Internet Directory Oracle AppServer SSO Database Vault Oracle Label Security Oracle Audit Vault Oracle Identity Manager Contents DB/ Records DB Database Vault Oracle Web Services Mgr. Database Vault Advanced Security Option Oracle IRM Sensitive docs Oracle OAACG Application Control

34 34 Strongest Vendor According To “Oracle is currently the IdM vendor to beat” - VantagePoint 2007: Identity and Privacy Trends in Enterprise IT “Oracle continues to increase in mindshare while broadening its IdM portfolio.” -VantagePoint 2008: Identity and Privacy Trends in Enterprise IT

35 35 Market Leader According To “Oracle has established itself as Leader.” - The Forrester Wave: Identity And Access Management, Q Oracle reached the top of our evaluation through a combination of the breadth, depth, interoperability, and packaging of its IAM features alongside the strategy and current state of market execution on its application-centric identity vision. - The Forrester Wave: Identity And Access Management, Q1 2008

36 36 Oracle Security/Identity Management Customers Financial Services Manufacturing & Technology Public Sector Transportation & Services Telecommunication Retail © 2008 Oracle Corporation – Proprietary and Confidential

37 37 11g Audit Vault 11g Database Vault 11g Transparent Data Encryption Identity Provisioning Virtual Directory Identity & Access Mgmt Federation& Secure Web Services 8i/9i/10g Common Criteria Evaluation Fine Grained Auditing Label Security Virtual Private Database LDAP and SSO Identity preservation for multi tiers Encryption, digests in database Oracle receives (FIPS-140) evaluation Advanced security with biometrics Oracle introduces network encryption (SNS) Oracle evaluates under Orange Book as B1 and C2 Oracle includes roles for security administration “Project Oracle” needs relational database Oracle Core Information Security 30 years of Leadership Leadership 1980’s 1990’s 2000’s

38 TUSC – Trusted Oracle Expertise Across Techology and Applications Oracle E-Business Suite PeopleSoft Enterprise Siebel CRM JD Edwards EnterpriseOne JD Edwards World Oracle Retail i-flex Communications Billing ProfitLogic G-Log Application Server Integration / SOA Hot-Pluggable Business Intelligence Identity Management Data Hubs Collaboration Services Process Orchestration Java Development Tools Database Real Application Clusters (RAC) Enterprise Manager Partitioning OLAP Security Lite Times Ten Fusion Middleware Information Age Applications Database and Grid Computing

39 Contact Us  West: Brian Decker, (626)  South/Central: Lisa DiNitto, (770)  East/Central: Mike Margulies, (203)  For additional information and consultation Oracle Investment Value Analysis™  Review of existing Oracle topology and architecture, including deployment growth and capacity analysis  Review of existing Oracle licenses ownership and license surplus/exposure analysis  License optimization recommendations, including leveraging maximum available discounts and financing options Solutions Requirements Assessments Security/Identity/Compliance healthcheck and other delivery options


Download ppt "Data Protection, Identity/Access Management and Governance, Risk and Compliance Enabling Effective Security in an Insecure World:"

Similar presentations


Ads by Google