Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oracle Identity And Access Management

Similar presentations

Presentation on theme: "Oracle Identity And Access Management"— Presentation transcript:

1 Oracle Identity And Access Management
Kwesi Edwards Principal Industry Architect, Team Lead Oracle Higher

2 The following is intended to outline our general product direction
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remain at the sole discretion of Oracle.

3 Agenda Introduction Current state on Campus How can IDM help
Oracle’s IDM Solution Product strategy and roadmap Commitment to our customers

4 5 Questions: to ask your Chief Security Officer
How do you control access to your sensitive apps? Usernames and passwords, HW Tokens. What determines your employee’s access? Give Alice whatever Wally has Who is the most privileged user? 3 time summer intern? How secure is your identity data? It is in 18 different secured stores. How much are manual compliance controls costing? Don’t ask!

5 Next Generation Security Challenges
Auditors & Regulators Identity Thieves Rogue Employees Privileged Users 5

6 Next Generation Security Solutions
Compliant Provisioning Fraud Prevention Auditors & Regulators Identity Thieves Entitlement Management Data-Center Security Rogue Employees Privileged Users 6

7 State Of Security on Campus
Incomplete Multiple point solutions from many vendors Disparate technologies that don’t work together Complex Repeated point-to-point integrations Mostly manual operations ‘Non-compliant’ Difficult to enforce consistent set of policies Difficult to measure compliance with those policies User ‘un-friendly’ Solutions not user-centric but technology-centric Processes not end-user friendly

8 It’s A Risky Business Date Institution State Number Incident
1/14/2008 Univ of Wisc Madison WI Accident 39,535 1/23/2008 Baylor University TX Hacking 1/29/2008 Georgetown Univ DC Stolen 38,000 2/12/2008 Long Island Univ NY 30,000 3/28/2008 Antioch Univ OH 70,000 4/4/2008 Univ of CA Irvine CA 7,000 4/17/2008 Univ of Miami FL 2,100,000 5/4/2008 Staten Island Univ Hospital 88,000 5/14/08 Oklahoma State University OK 6/6/2008 Stanford Univ 72,000 6/10/2008 University of Utah Hospitals and Clinics UT 2,200,000 8/18/2008 The Princeton Review 108,000 11/12/2008 Univ of Florida 330,000 2/13/2009 University of Alabama AL 37,000 2/19/2009 97,200 3/11/2009 Binghamton Univ 100,000 5/7/2009 University of California - Berkeley 160,000 (1) Bank security breach may be biggest yet Account info at Bank of America, Wachovia sold by employees; more arrests expected, N.J. police say. May 23, 2005: 4:19 PM EDT NEW YORK (CNN/Money) - Bank of America Corp. and Wachovia Corp. are among the big banks notifying more than 670,000 customers that account information was stolen in what may the biggest security breach to hit the banking industry. Account information on the customers was illegally sold by bank employees to a man identified as Orazio Lembo, whom police said was doing business by illegally posing as a collection agency. (3) Firm will settle with state over data loss Missing laptop had information on thousands By Ross Kerber, Globe Staff  |  December 12, 2006 Ameriprise Financial Services Inc. will pay $25,000 to settle a probe of how one of its laptop computers went missing with the personal data of thousands of Massachusetts residents, Secretary of State William F. Galvin said yesterday. Galvin said the payment may be the first ever over a missing portable computer, a problem that has grown with the spread of the devices at many organizations including the US Veterans Administration and Fidelity Investments. Ameriprise of Minneapolis also will pay for an independent review of its procedures. The case dates to the 2005 theft of an Ameriprise laptop containing data on roughly 70,000 financial advisers and 130,000 customers. Ameriprise spokesman Steven Connolly said that the data should have been encrypted and that an employee was fired over the violation of company policy. He said the machine was recovered and there have been no reports of harm. Galvin's action is the only settlement with any regulator to date, Connolly said. (4) Nationwide Building Society (5) Capita Financial Administrators

9 Security Incidents by type
Higher Ed SSN Qty Breach by Type

10 Identity Threats Identity Theft Fragmented Application Security
Consumers hesitate to embrace on-line self service Stolen identity and credit cards used to pay for on-line purchases Fragmented Application Security Too Many privileged users Silo’d and fragmented disjointed Security Data Center Security Administer 100’s of Data stores

11 How Can Identity Management Help
How Can Identity Management Help? Enforce Strong And Granular Security Policies Enforce strong password policies via synchronization or single sign-on (SSO) Implement strong authentication and risk based authorization for critical apps and web services Enforce minimal access rights based on roles, attributes, and requests Leverage federation technologies for cross-domain SSO X

12 How Can Identity Management Help? Establish Enterprise Identity & Roles
Consolidate or virtualize multiple, complex identity environments to a single enterprise identity source Automate linkage of employee records with user accounts Establish enterprise roles for automation, compliance and business continuity Eliminate rogue and orphaned accounts ? ! X

13 How Can Identity Management Help
How Can Identity Management Help? Scalable Security And Administration For Higher Ed. Deploy self-registration and self-service to reduce help desk cost and improve service level Manage the rich role information for a highly dynamic user base with multiple affiliations Implement on-boarding and off-boarding automation to deal with activity level driven by academic calendar Deploy secured identity repository to ensure user privacy and HIPAA compliance What do these issues need?

14 How Can Identity Management Help
How Can Identity Management Help? Guarantee Patient Privacy For Healthcare Deploy secured storage and control processes to guard patient’s data privacy Deploy audit and control mechanisms to ensure cost effective compliance to HIPAA Implement access control to ensure the security of shared workstations for single sign-on and sign-off Enable self-service and automated application provisioning for mobile healthcare workers What do these issues need?

15 Oracle Enterprise Software
More Value Less Complexity Comprehensive Industry Portfolio Complete More Choice Less Risk Standards-Based Architecture Open More Flexibility Less Cost Designed to Work Together Integrated At Oracle, we not only understand where technology trends are headed; we’re defining and driving those trends in key markets such as enterprise applications, middleware, and information management. Oracle’s applications strategy reflects that deep market understanding, and is built upon three main pillars: Complete, Open, and Integrated. Complete: Comprehensive Industry Portfolio – Complete breadth and depth of the solutions across industries with an integrated tech stack. Open: Standards-Based Architecture – Build to open industry and technology standards. Re-architected to run on Fusion Middleware. Ideal for heterogeneous environments. Integrated: Designing all Applications to Work Together – Integrated architecture allowing easier interactions within and across enterprises. Oracle has invested in 6 acquisitions in IdM since 2005 So, let’s talk a bit more in depth about each of these concepts. 15

16 Key Oracle Differentiators
Complete suite of best-of-breed products Proven for large scale deployments Best long-term investment Complete suite of best-of-breed products Complete & best integrated identity management suite Includes compliance, virtualization and system management Market leadership validated by press and analysts Proven for large scale deployments Large, complex, and award winning deployments Broad customer base and use cases Large referenceable customer base Best long-term investment Strong support of open standards and hot-pluggable strategy Pre-integrated with leading applications and infrastructure Underpins Oracle’s next generation of Fusion Applications

17 Comprehensive IdM Solutions
Identity Admin. Access Management Directory Services “Identity Management 2.0” Role management Role mining Relationship management Strong authentication Risk based authorization Fine grained entitlements Web Services security Identity virtualization Core Platform LDAP storage LDAP synchronization OS authentication Identity lifecycle Organization lifecycle Provisioning & Reconciliation Password management Authentication Authorization Single sign-on Federation Audit & Compliance Manageability Audit Reporting Analytics Fraud Attestation Segregation of duties Service level Performance Configuration Automation

18 Oracle’s Identity Management Suite
Identity Admin. Access Management Directory Services “Identity Management 2.0” Role Manager Adaptive Access Manager Entitlements Server Web Services Manager Virtual Directory Core Platform Identity Manager Access Manager Identity Federation Enterprise Single Sign-On Internet Directory Authentication Service for OS Audit & Compliance Manageability Identity Management Suite Enterprise Manager IdM Pack

19 Access Control & Single Sign-On
Single sign-on w/ Federation Directory synchronization Personalization For internal and external users Oracle Internet Directory HRMS LDAP AD Oracle eSSO Suite Contractor Oracle Access Manager Oracle Identity Federation Student Staff User 19

20 Access Management – Run-Time Authentication, Authorization, SSO, Federation
Web Applications User Web SSO eSSO Authentication Session Management Policy Management Authorization Legacy Applications What do these issues need? Fraud Monitoring Risk Profiling Web Service Federation & Trust Partner Applications & Web Services Access Audit

21 Oracle Access Manager Policy Enforcement Points (PEP)
WebGates Authentication & Authorization Request Applications AccessGates End User Delegated Admin Authentication & Authorization Decisions User Data Policy Data Identity & Group Lifecycle Management Policy Decision Engine Policy Manager Configuration Data OAM Identity Server LDAP Store OAM Access Server 21

22 Oracle Identity Manager
Self-Service Self-service and self-registration Delegated administration Password reset For internal and external users HRMS LDAP AD Oracle Identity Manager Contractor Student Approver Staff 22

23 Oracle Identity Manager
Provisioning ERP Device Oracle Identity Manager Partner Admin Mainframe DB Role Based Policy User Provisioning Workflow Rogue Account Detection Customer Approver Internal User 23

24 Compliant Role Based Provisioning
Align access to University roles Automated & auditable attestation Enforce SoD policies ERP Mainframe DB Attester Oracle Identity Manager Provisioning Platform Oracle Application Access Controls Governor SoD Policy Engine Role Management Oracle Role Manager SIS/HRMS 24

25 Identity Admin. – Lifecycle Management Provisioning, Role Management, Self-Service
Delegated Administration Identity Audit Password Sync. HRMS Applications Identity Reconciliation Account Provisioning Identity & Role Lifecycle Management Infrastructure CRM What do these issues need? Account Reconciliation Self-Service Self-Registration LDAP DB



28 IDM Provisioning for PSFT

29 Identity Theft Protection
New Purchase Mutual authentication Knowledge based authentication Key-logger-proof devices Oracle Adaptive Access Manager Secure Mutual Authentication Account Management Device & Geo-location Forensics Fraud analytics Transaction monitoring Device & location tracking Behavior profiling 29

30 Scalable, Secured & Agile Infrastructure
AD LDAP DBAs Enterprise User Security Centralized Management of DBAs Integration with Active Directory SoD for Privileged DBA Access LDAP Oracle Virtual Directory Finance HR CRM DB Vault Finance DBA App A App B CRM DBA 30

31 Schema Transformation
Directory Services – Infrastructure Identity Virtualization And Consolidation Virtual Schema 1 HRMS Applications Virtual Schema N CRM Schema Aggregation Schema Transformation Schema Mapping Data Synchronization Applications What do these issues need? Aggregated Schema Internal LDAP Meta Directory External LDAP

32 IdM And Data Security Enterprise User Security (EUS) Database Vault
OVD enables EUS to run on Active Directory, SunOne, and OID OIM further enables centralized DB user admin via EUS ORM IT role management extends EUS role managment Database Vault OIM provisions standard DB user + DB Vault privileges DB Vault is used to protect DBA access to sensitive IdM data Transparent Data Encryption (TDE) TDE encrypts data transparently for OID, OIM and ORM 32

33 Complete Enterprise Control
GRC Process Management Policy Repository Evidence Management Control Testing Risk & Compliance Reporting GRC Application Controls Identity Management Controls Monitoring & Enforcement Best Practice Controls & Policies Privilege Level SOD Contextual SOD Authorization User On-Boarding Lifecycle Mgmt. Account Provisioning & Remediation Access & Role Attestation Authentication, Authorization, SSO Use this slide to talk about GRC + IdM to a COMPLIANCE or CONTROL centric audience. Business Applications Apps, Systems & Data Repositories

34 Leader in Magic Quadrants
“Oracle assumes the No. 1 position” - Earl Perkins, Perry Carpenter, Aug (Research G ) User Provisioning, H2 2008 Web Access Management, H2 2008 Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

35 Standards Support Contribute and lead Implement Innovate
SSTC (SAML Working Group) - Co-Chair Liberty Alliance - President, Board Member WSS, WS-SX (Web Services Security), JCP - Author SPML - Author XACML – Voting member Implement Accelerate product development Simplify product integration & minimize TCO Innovate Enable Identity Governance Framework: CARML, AAPML Standards for end-to-end security

36 Looking Ahead Oracle will broaden security product portfolio
Security is not just another line of business for Oracle Security is strategic to Oracle’s entire product portfolio Emerging areas: entitlement management, fraud, privacy, governance, risk management… etc. From security silos to built-in security Built into enterprise applications, middleware, DB, OS Identity Services Framework Project Fusion Single security model across Enterprise Applications Suite Enforced uniformly at all parts of technology infrastructure Across entire life-cycle from development to maintenance

37 Oracle IdM’s Customer Focus
Customer Advisory Board Collaboration with strategic customers on product roadmap and technology directions Security Executive Forum C-level executive helps to validate Oracle’s strategy and drive future investments Past attendees: Bank of America, British Telecom, Franklin Templeton, JP Morgan Chase, Network Appliance, Royal Bank of Scotland, The Hartford, T-Mobile, Toyota, Wachovia, …. Best post-sale support in the industry Product management sponsorship to ensure every deployment and every upgrade is a success Strong track record of customer upgrade success

38 Customer Advisory Board Share, Communicate, Partner

39 Oracle’s Identity Management Strategy
Identity Services Framework Develop Deploy Operate FMW Technologies Complete solution Integrated suite of best-of-breed components Each component individually deployable Application centric Integrated with business applications Integrated to application life cycle Hot-pluggable Standards-based Works across leading platforms

40 For More Information or
Identity management or 40


Download ppt "Oracle Identity And Access Management"

Similar presentations

Ads by Google