Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling Effective Security in an Insecure World:

Similar presentations


Presentation on theme: "Enabling Effective Security in an Insecure World:"— Presentation transcript:

1 Enabling Effective Security in an Insecure World:
Data Protection, Identity/Access Management and Governance, Risk and Compliance

2 Agenda Business Drivers and Pain Points Oracle Solution
Oracle Advanced Security Oracle Label Security Oracle Audit Vault Oracle Data Vault Oracle Identity Management Oracle Identity Federation Oracle Internet Directory Oracle Virtual Directory Oracle Access Manager Oracle Enterprise Single Sign-On Summary/Contact Info

3 Breaches Common Front Page News
Security breaches are front-page news. Only 2 weeks ago a major retailer (anyone hear from TJX stores?) had to announce a breach that could have been 40M or more identities. These are not just in sec mags, but NYT, WSJ, etc.

4 Publicly Available = Public Exposure

5 Regulatory Compliance Challenges Costly and Complex
More global data privacy regulations 90% companies fail compliance Costly breach disclosure laws $239/record Up to $35M/breach Complex IT requirements Separation of duties Proof of compliance Constant self assessment On-the-spot audit reporting K-SOX SOX GLBA PCI SAS70 HIPAA Basel II J-SOX 21 CFR Part 11 PIPEDA Similarly regulatory compliance is no easy matter either. The IT Policy Compliance Group concluded about 6 months ago that about 90% of companies are still failing compliance in the US. And given the global economy that we all live in, even the lucky 10% that have are passing regulatory compliance in the US, now have to worry about passing regulatory compliance in the EU, in Japan, in Korea, etc. as data privacy and data protection regulations are introduced all over the world. Also many of the new regulations have teeth. Data breaches can’t be swept under the rug any more. A financial services data breach can now cost up to $35M to remediate. Without even taking into account the potential civil suits that can result. To comply with these data privacy regulations, enterprises must put in place numerous IT controls. These need to be in place across the IT infrastructure but one of the first place auditors will look is the database given that’s where all the regulated data resides. EU Directives 5 5

6 What Security Means to The Customer
Complying with Governance and Regulatory Mandates  “How can we stay on top of increasing regulatory and reporting demands without adding cost?” Organizations spend an average of 34 percent of their IT resources on activities devoted to satisfying compliance for multiple regulations Security and Compliance Council, September 2005 Preventing Failures with Better Risk Management “How can we better manage risk to prevent business and compliance failures?” 74% of senior risk managers believe that “adopting best practices whether required by current regulations or not” is very effective in managing regulatory risk Economist Intelligence Unit, June 2005 Improving Business Agility and Automation Highlight the percentages spent to satisfy compliance and the majority of risk managers feel that adopting sound practices helps manage risk and may even help the organization run more efficiently “How can we automate processes that improve employee productivity and also protect the organization?” Revolving door of Identities - With an increasingly mobile workforce, healthcare providers are looking for clear, flexible and well-defined best practices by Deborah Pappas - Healthcare Informatics, August 2007 6 6

7 Enterprise Security Strategy Goals Mitigate Risk and Cost
Provisioning: Streamline Onboarding & Offboarding Automate user account Add/Mod/Deletion to the Content Server Simplify & secure access to all content SSO & unified Web access control & Web Services security Secure stored data Securely store data in motion, data at rest and data in hibernation Role Management Holistic view of business users, job functions and entitlements Information Rights Management (IRM) Protect sensitive/confidential information, audit usage, control actions Ensure destruction of obsolete/remote content based on business rules

8 IT Landscape Presentation Tier Logic (Business) Tier Data Tier
Employees Customers Partners Web Services (External) Web Services (Internal) Portal and App Servers Web Servers Presentation Tier BI and Content Management / File Servers Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) Logic (Business) Tier Databases Data Warehouses Directories Data Tier Mainframe Unstructured Content 8

9 Presentation Tier Presentation Tier Presentation Tier
This Includes Web Servers, Fat Clients and Externally exposed web services Employees Customers Partners Web Services (External) Web Services (Internal) Portal and App Servers Web Servers BI and Content Management / File Servers Presentation Tier Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) Directories Mainframe Logic (Business) Tier Unstructured Content Data Warehouses Data Tier Databases

10 Presentation Tier Solutions
Risk-Based Authentication Deploy Online Fraud Detection Use stronger forms of Authentication than a password like software authenticators Employees Customers Partners Web Services (External) Centralize Authorization Centralize the protection of your Web Applications AND Web Services Web Services (Internal) Portal and App Servers Web Servers BI and Content Management Single Sign On Simplify User Access with SSO: Web-based Apps Client / Server-based Apps Partners with Federation / File Servers Presentation Tier Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) Self Service Deploy web-based, self-help tools for Password Reset, Registration and Account Administration Directories Mainframe Logic (Business) Tier Unstructured Content Data Warehouses Data Tier Databases

11 Logic (Business) Tier Logic (Business) Tier Presentation Tier
This Includes Packaged Applications, Application Servers, Mainframes, Servers and File Servers as well as internal web services Employees Customers Partners Web Services (External) Web Services (Internal) Portal and App Servers Web Servers BI and Content Management / File Servers Presentation Tier Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) Directories Mainframe Logic (Business) Tier Unstructured Content Data Warehouses Data Tier Databases

12 Logic (Business) Tier Solutions
Identity Management Automate On-Boarding, Off-Boarding and User Change based HR data Password Management Reduce the number of passwords by synchronizing them across systems Enterprise-Level Role Management Mine, create and manage roles at an “Enterprise Level” spanning many applications Employees Customers Partners Web Services (External) Identity Audit/Governance Use a integrated, web-based system to: Quickly tell you “Who Has (and Had) access to what?” Allows you to schedule and delegate attestation of user entitlements Notifies you about rogue accounts Web Services (Internal) Portal and App Servers Web Servers BI and Content Management / File Servers Presentation Tier Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) Directories Mainframe Logic (Business) Tier Unstructured Content Data Warehouses Data Tier Databases

13 Data Tier Data Tier Presentation Tier Logic (Business) Tier Data Tier
Employees Customers Partners Web Services (External) Web Services (Internal) Portal and App Servers Web Servers BI and Content Management Data Tier This Includes Oracle and Non-Oracle Databases, Directories, File Shares, etc / File Servers Presentation Tier Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) Directories Mainframe Logic (Business) Tier Unstructured Content Data Warehouses Data Tier Databases

14 Data Tier Solutions Presentation Tier Logic (Business) Tier Data Tier
Access Control Lock Down access to ANY Oracle Database data Credit cards, Employee Data from unauthorized access…even the DBA Encryption Secure your data with integrated, tested and proven database options Employees Customers Partners Web Services (External) Web Services (Internal) Portal and App Servers Web Servers Database User Management Externalize and Centralize users and passwords for database users in existing directories (like AD) BI and Content Management / File Servers Presentation Tier Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP) Lots of Data Stores, Need a Common View Create a single “Virtual” LDAP view of heterogeneous data stores (Directories, Database Tables, Web services) Directories Mainframe Logic (Business) Tier Unstructured Content Data Warehouses Data Tier Databases

15 Defense in Depth Comprehensive auditing Access control Authenticate
Users Data Comprehensive auditing Access control KNOX 12029 KYTE 17045 CAREY 12032 HOECHST 18029 PIERMAR 17170 SCOTT 14220 KING 18031 SMITH gAMES fONES MIER ByAgE SCOjd sfING Org 10 Org 20 Admin Org 30 Authenticate Privacy & integrity of communications uthenticate Network There are essentially five areas of focus when it comes to the security & privacy of confidential information: Authentication – When a user gains access to an application or system and is comprised of basically three levels: What you know – A password; What you have - i.e. Secure ID card…The best example of this is an ATM card. Using your ATM card requires you to know something (a password) and have something (the ATM card itself); Who you are - This requires identifying you based on part of your body, for example, a fingerprint,a scan of part of your eye (retina, iris), or the geometric dimensions or your hand. Privacy & Integrity of Communications – Refer to this as data in motion. When information is in transit between a web server, a web browser or a database server - data is often easily viewable to anyone who can connect, or “sniff” the network. Any informationcan easily be seen. The protection of information in motion requires for data to be encrypted (or scrambled) while in route and protected with a cryptographic checksum. A cryptographic checksum ensures that data cannot be modified while in route. For example, a salary transaction that increases a persons salary to $20,000 could be intercepted and changed to $200,000 and sent back on its path across the network… Access Control – The ability to provide access only to the information needed by an individual to do their job. Sometimes this is implemented in the code of a particular application. While this is effective when using the application, the security does not apply if a user were to access the data another method, or outside the context of the application. (When presenting point out that the nurse (designated by the color blue and only see corresponding blue data shot, lab test, therapy, etc)). Privacy & integrity of data

16 Data Privacy and Regulatory Compliance Database Security Focus Areas
Protecting Access to Application Data Database Monitoring Protecting Data-at-Rest When we take these data security and regulatory challenges down to database level, we pretty much see five key database security challenges: Protecting Access to Application Data Protecting Data-At-Rest Data Classification De-Identifying Information for Sharing and Database Monitoring In this presentation we will be drilling down into all of these, and looking at the Oracle Database security products that can address these different challenges. De-Identifying Information for Sharing Data Classification 16

17 Protecting Data Access: Oracle Database Vault
Prevent privileged users from accessing data outside their authorization Eliminate security risks from database consolidation Enforce Separation of Duties, Least Privilege, and other policies No changes to existing applications required SELECT * FROM HR.EMP DBA HR HR Realm HR App DBA Oracle Database Vault is powerful rules engine inside the Oracle database that can enforce security policies such as least privilege and separation of duties by restricting access to any users, including privileged users. Since policies are enforced inside the database no changes to applications are needed. Here we see how Database Vault Realms placed around application databases enforce administrative boundaries and restrict access to those application to privileged users. So for example a database administrator that can manage all the application databases cannot actually read (do a select) the data stored in those databases. Similarly a privileged HR application user has free reign over the HR Application database but cannot access data stored in the Financial Application database since these are different Realms. Being able to prevent privileged users from accessing data outside their authorization is critical as many enterprises are consolidating application databases on the same database server and more data into databases for ease of management and lower TCO. <Only if it comes up> The performance overhead of Realms is between 3 and 5 percent. FIN FIN Realm FIN App DBA 17

18 Oracle Database Vault Real-Time Multi-Factor Authorization
Command rules consider multiple factors Enforce two-admin rules and other security policies Prevent application by-pass and ad-hoc access Out-of-the-box policies for Oracle applications CONNECT … HR Unexpected IP address HR Application User CREATE … In addition to Realms, Database Vault can also restrict ad-hoc access to the database, protecting application data from being accessed through other tools or via other unauthorized means. With Database Vault organizations can define authorization rules based on internal and external factors, such as ip address, time of day, application being used, authentication type, etc. So for example if a request to access HR data comes from an IP address that is assigned to a desktop v. an IP address assigned to an HR Application server, Database Vault can block that access. Similarly if let’s say an organization has a policy of no changes to databases during production hours, and a new DBA tries to do an upgrade at an unauthorized time, Database Vault can block him. Or alternatively the rule could have been setup so that it required a second DBA to be present (logged in) if a change had to be made during production hours. Database Vault rules can be associated with over two dozen individual database commands, such as create table, create view, drop table and comes with many built-in factors, all of which can be extended via APIs. Database Vault also comes with Out of the box policies for Oracle E-Business Suite, PeopleSoft, and Siebel applications. FIN FIN Application DBA Business hours 18

19 Protecting Data-At-Rest: Oracle Advanced Security
Protect sensitive application data by transparently encrypting: Specific columns (credit cards) Entire application tables New SecureFile type (images, documents) Automated built-in key management Two-tier scheme for separation of duties Hardware Security Modules (HSM) integration No changes to applications required Network Encryption 75000 ^#^ * Oracle Advanced Security ensures data privacy at rest and in transit, and on backup media with Transparent Data Encryption (TDE) and Network Encryption. With TDE, customers can encrypt sensitive database columns such as credit card numbers or entire application databases. TDE can also be used to encrypt new Oracle Database 11g SecureFiles allowing medical images or document scans to be stored encrypted in the database. TDE data means data is natively encrypted and decrypted by the Oracle database, requiring no changes to applications. Native encryption is an obvious choice for any organization looking to encrypt sensitive information in their Oracle database since any third party encryption solutions will require application schema changes (such as triggers) that may break or not work reliably with many existing applications, or have a very negative performance impact. (optional) Also although useful, third party solutions for storage encryption are not an alternative to TDE since they cannot prevent someone from simply copying a file at the server level. These third party encryption solutions cannot differentiate between someone issuing an OS ‘copy’ command versus someone using the Oracle database to access the same data. Also TDE can ensure data stays encrypted when it is backed up or exported and moved to different storage media. Additionally TDE features a cost-effective built-in key management system. The two-tier scheme enables simple separation of duties by allowing the master encryption key to be managed by a Security Administrator rather than a Database Administrator. In Oracle Database 11g, the TDE master key can be further protected via the use of a Hardware Security Module (HSM) appliance. <only if asked when to use column v. tablespace> Tablespace encryption has very low overhead and addresses the restrictions around range scans, foreign keys and data types with column level encryption. Additionally tablespace encryption eases deployment since customers may not know all the columns containing sensitive information in a third-party or off-the-shelf application. <only if asked if TDE is the only encryption option> Oracle does also provide an encryption API starting that is included in both the Enterprise and Standard Edition. It obviously requires application changes in terms of using the APIs and key management must also be handled by the application. 19

20 Data Classification: Oracle Label Security
Highly Sensitive Classify data with labels Assign clearances to users Use classification label to enforce security policies “Need to Know” Labels can be "factors" in Oracle Database Vault policies Sensitive Confidential User Label Authorizations Oracle Label Security (OLS) is a simple to use data classification tool that allows implementing powerful subject-object access restrictions. Data classification schemes can vary from simple to quite complex. The example here shows a basic Multilevel Security (MLS) scheme. The objects, records in the database, have been classified as highly sensitive, sensitive, or confidential. The subjects, database uses, have been assigned security clearance for sensitive and highly sensitive. Users are limited to accessing data that is within their clearance level. It is possible to define even more flexible policies by using labels in conjunction with Database Vault. For example a user assigned security clearance of highly sensitive might be allowed to connect directly to the database to perform ad-hoc queries against application data, whereas a user with a lower security clearance would not. Data classification has traditionally be used in the public sector, especially within the intelligence agencies to enforce need to know and other security policies. However it is quite useful in the commercial sector as enterprises start consolidating more data like documents in their database that want to similarly compartmentalize access to sensitive data. Sensitive Highly Sensitive 20

21 De-Identifying Shared Information: Enterprise Manager Data Masking Pack
Turn sensitive information into non-sensitive information for sharing Consistent masking via extensible format library Maintains referential integrity for applications Automated data masking for databases enterprise-wide LAST_NAME CREDIT_CARD AMT AGUILAR 80.00 BENSON 60.00 Production Database Mask Cloned Database Using the Data Masking Pack sensitive data irreversibly replaced with realistic-looking but scrubbed data based on rules and templates. The original data cannot be retrieved, recovered, or restored. By masking sensitive data it is no longer sensitive or subject to regulatory requirements and can be shared with internal or external groups. The DMP offers uses an extensible format library for consistent masking of fields. The out-of-the-box format library can be extended by customers and third-parties based on application specific best practices. The masking rules are applied automatically across all databases in the enterprise maintaining referential integrity for applications. In the example we see here the last name was masked using a template that says to substitute random characters but preserve the first character so that the sort order would be maintained. Similarly real credit card numbers get substituted with values that pass the Luhn check so that application logic would continue to work. LAST_NAME CREDIT_CARD AMT ANSKEKSL 80.00 BKJHHEIEDK 60.00 21

22 Oracle Database Audit Data
Monitoring Database Activity: Oracle Audit Vault Manage Audit Data Secure consolidation of audit data from all Oracle databases Centrally manage all Oracle database audit settings Detect suspicIous activities Monitor all database users – especially privileged users Alert on unauthorized activities Simplify compliance reporting Built-in compliance reports Define custom reports Oracle Audit Vault Oracle Audit Vault is a centralized tamper-proof audit data warehouse that can be used to monitor database activity, detect insider threats, and simplify compliance reporting. Oracle Audit Vault centralizes management of database audit settings or policies and automates collection and consolidation audit data from Oracle Databases into the Audit Vault repository. Once consolidated, IT security officers and internal auditors can use the audit data to monitor all database users, especially privileged users to ensure they are not abusing their powers. Alerts can be setup in Audit Vault to automatically flag unauthorized activities to make it even easier to detect insider threats. Many organizations find that just knowing that solutions like Audit Vault are in place acts as a deterrent against unauthorized activities. Audit Vault also helps organizations simplify compliance reporting with both built-in reports and custom reports that allow demonstrating the existence of IT controls. Oracle Database Audit Data Other Sources (Future) 22

23 Audit Vault Reports Out-of-the-box Audit Assessments and Reports
Out-of-the-box reports Privileged user activity Role grants DDL activity User-defined reports What privileged users did on the financial database? What user ‘A’ did across multiple databases? Who accessed sensitive data? Oracle Audit Vault provides out-of-the-box reports for activities associated with privileged user activity, access to sensitive data, roles and privileges, object management, and login/logout activities across the enterprise databases. Oracle Audit Vault provides the capability to generate user defined reports as well. For example, a report can be generated that tracks the activities of privileged users on the financial database. A report could also show the user activity across multiple databases. Another report might be defined to help support an internal investigation to see who accessed sensitive data. Oracle Audit Vault provides an open audit warehouse schema that can be accessed from Oracle BI Publisher, Oracle Application Express, or any 3rd party reporting tools. This provides the ability to generate custom reports for compliance and security requirements. 23

24 Identity Management – Key Areas
Access Control Single Sign-On Identity Federation Web Access Control Web Services Security* Identity Administration User, Role Management User Provisioning Identity Infrastructure Virtual Directory Directory *Oracle Web Services Manager licensed separately from the Identity and Access Management Suite

25 Enterprise Identity Management
External Internal SOA Applications Delegated Admin Customers Partners IT Staff Employees SOA Applications Identity Management Service Access Management Authentication & SSO Authorization & RBAC Identity Federation Identity Administration Delegated Administration Self-Registration & Self-Service User & Group Management Auditing and Reporting Monitoring and Management Policy and Workflow Directory Services LDAP Directory Meta-Directory Virtual Directory Identity Provisioning Agent-based Agentless Password Synchronization Applications Systems & Repositories ERP CRM OS (Unix) HR Mainframe NOS/Directories

26 Oracle Identity Manager
Features Automated user provisioning and de-provisioning Rich, flexible connector framework User-friendly request & policy wizards Sophisticated workflow & reconciliation engines Unique compliance automation & reporting Benefits Reduced administration cost Improved end user experience Critical for regulatory compliance Improved security Differentiators Enables compliance via comprehensive audit history and periodic attestation framework Powers largest global provisioning implementation by number of targets Adapter Factory significantly lowers the TCO of customers’ solutions over time HRMS User created or removed in HR system Business Applications Workflow; Assign or revoke roles, privileges Application Driven Identity System Provision accounts and access rights

27 Oracle Identity Federation
Features Identity and trust sharing across business partners, both as Service Provider (Hub) or Identity Provider (Spoke) Lightweight, multi-protocol gateway – SAML, Liberty, WS-Federation Integrates with leading Identity Management platforms Benefits Reduced cost of interaction between business partners Reduce administration cost Deliver improved end user experience Differentiators Self-contained, easy to deploy solution Flexible deployment configurations Rich, 100% web-based configuration interfaces for improved administrator and end user experience Proven scalability - large production deployments

28 Oracle Internet Directory
Features Full feature LDAP server with a RDBMS data-store Industry leading scalability and HA capabilities Strong Oracle Platform integration VSLDAP certified and EAL4 compliant Benefits Reduced operational cost with Oracle Grid support Seamless integration with Oracle Applications and Products Differentiators RDBMS backend provides proven scalability & performance Rich, built in auditing of all events and operations Flexible data replication and redundancy features Ships with built-in directory integration functionality Scalability Millions of users 1000’s of simultaneous clients High availability Multimaster & Fan-out replication Hot backup/recovery, RAC, etc. Manageability Grid Control multi-node monitoring Security Flexible authentication mechanisms Role & policy based access control Auditability Extensibility & Virtualization Plug-in Framework Attribute and namespace virtualization External authentication Custom password policies Certifications Open Group VSLDAP Certified Common Criteria EAL4 Compliant

29 Oracle Virtual Directory
Features Virtualization, Proxy, Join & Routing capabilities Modern Java & Web Services technology Superior extensibility Scalable multi-site administration Direct data access Benefits Perform Real-time directory integration Accelerate application deployment Lower development costs Differentiators Lightweight & flexible architecture Supports true virtualization without local cache, enabling stringent policy or privacy requirements Modular architecture supports the addition of connectors to a wide array of identity stores LDAP VDE DIRECTORY ENGINE WEB GATEWAY WEB SERVICES JOIN VIEW Local Store DB NT Custom

30 Oracle Access Manager Features Benefits Differentiators
Multi-level, multi-factor authentication Web and App server level authorization Workflow driven Self-service & Delegated administration Services-based architecture eases integration with existing IT infrastructure Benefits Policy-based access management Centralized and consistent security across heterogeneous environments Reduced administration cost Increased IT governance and compliance readiness Differentiators Administrative scalability via workflow and delegation Access control leverages up to date identity information Comprehensive auditing to a common database Authentication Authorization Identity Admin

31 Oracle Enterprise Single Sign-on (ESSO) Suite
Oracle ESSO Logon Manager is an event-driven single sign-on solution that eliminates the need for end users to remember and manage their sign-on credentials Oracle ESSO Password Reset enables end users to reset their Windows password from a locked workstation (note: also available stand-alone) Oracle ESSO Authentication Manager enables end users to authenticate with forms of strong authentication and grant specific levels of access based on the form of authentication Oracle ESSO Provisioning Gateway enables OIM to add, edit and delete credentials within an end user’s Oracle ESSO credential store Oracle ESSO Kiosk Manager provides fast user switching and sign-on/sign-off support for kiosk users The ESSO is sold as one suite of products; however, Oracle SSPR is available stand alone

32 Compliance Products Content/ Audit IAM Suite Record DB Vault
Separation Of Duties Unstructured Data Mgmt Monitor, Alert, Consolidate Finally, the IAM suite with auditing, rogue account reconcilliation, and attestation make for a great foundation for compliance, whether it is SOX, GLB or HIPAA. Content Records and DB help address the regulations in the industry around how long data is kept, changes made, etc. A great foundation across the enterprise to build content mgt on top of. Finally, Audit Vault will centralize all the auditing of all systems into a single place that is tamper proof and allow for separation of duties between Sec Admin and everyone else. 32 32

33 Oracle Enterprise Security Solutions
Addresses top 3 Security Focus Areas IT Governance Oracle Access Manager Oracle eSSO Suite Advanced Security Option Oracle Secure Backup Oracle Identity Federation Oracle Virtual Directory Oracle Internet Oracle AppServer SSO Database Vault Oracle Label Security Oracle Audit Vault Contents DB/ Records DB Oracle Web Services Mgr. Oracle IRM Sensitive docs Oracle OAACG Application Control IT Risk Mgmt IT Compliance 33

34 Strongest Vendor According To
“Oracle is currently the IdM vendor to beat” - VantagePoint 2007: Identity and Privacy Trends in Enterprise IT “Oracle continues to increase in mindshare while broadening its IdM portfolio.” VantagePoint 2008: Identity and Privacy Trends in Enterprise IT 34 34 34

35 Market Leader According To
“Oracle has established itself as Leader.” - The Forrester Wave: Identity And Access Management, Q1 2008 Oracle reached the top of our evaluation through a combination of the breadth, depth, interoperability, and packaging of its IAM features alongside the strategy and current state of market execution on its application-centric identity vision. - The Forrester Wave: Identity And Access Management, Q1 2008 35 35 35

36 Oracle Security/Identity Management Customers
Financial Services Transportation & Services Manufacturing & Technology Telecommunication Public Sector Retail © 2008 Oracle Corporation – Proprietary and Confidential 36 36

37 Oracle Core Information Security 30 years of Leadership
• 11g Audit Vault • 11g Database Vault • 11g Transparent Data Encryption • Identity Provisioning • Virtual Directory • Identity & Access Mgmt • Federation& Secure Web Services • 8i/9i/10g Common Criteria Evaluation • Fine Grained Auditing • Label Security • Virtual Private Database • LDAP and SSO • Identity preservation for multi tiers • Encryption, digests in database • Oracle receives (FIPS-140) evaluation • Advanced security with biometrics • Oracle introduces network encryption (SNS) • Oracle evaluates under Orange Book as B1 and C2 • Oracle includes roles for security administration • “Project Oracle” needs relational database 2008 2006 2005 2000’s Leadership 1990’s This slide is not just a point of all the security features we have built in, but shows three things: Oracle started with CIA as first customer. In fact, first three customers were intelligence agencies and we have worked with them, as well as financial services, and healthcare organizations to drive better security into the product for the last 25 years. Not only are these technologies numerous, almost all have one or more patents associated. A patent is of course a mark of innovation. Oracle has and continues to innovate in the area of computer security. This means that Oracle is a proven leader in this area. We are continuing to grow our presence in the security area. The IAC is growing. We are committed to having our database evaluated in each major release. We are also expanding the list of products to submit to evaluations (keep in mind an evaluation costs $500,000 - $1M each). Finally, we have quite a few new technologies in development in the area of security. Please sign the NDA’s! 1980’s 1976 37 37

38 TUSC – Trusted Oracle Expertise Across Techology and Applications
Database and Grid Computing Fusion Middleware Information Age Applications Database Real Application Clusters (RAC) Enterprise Manager Partitioning OLAP Security Lite Times Ten Application Server Integration / SOA Hot-Pluggable Business Intelligence Identity Management Data Hubs Collaboration Services Process Orchestration Java Development Tools Oracle E-Business Suite PeopleSoft Enterprise Siebel CRM JD Edwards EnterpriseOne JD Edwards World Oracle Retail i-flex Communications Billing ProfitLogic G-Log

39 Contact Us West: Brian Decker, deckerb@tusc.com, (626) 836-9574
South/Central: Lisa DiNitto, (770) East/Central: Mike Margulies, (203) For additional information and consultation Oracle Investment Value Analysis™ Review of existing Oracle topology and architecture, including deployment growth and capacity analysis Review of existing Oracle licenses ownership and license surplus/exposure analysis License optimization recommendations, including leveraging maximum available discounts and financing options Solutions Requirements Assessments Security/Identity/Compliance healthcheck and other delivery options


Download ppt "Enabling Effective Security in an Insecure World:"

Similar presentations


Ads by Google