Presentation on theme: "Oracle Identity And Access Management"— Presentation transcript:
1Oracle Identity And Access Management Kwesi EdwardsPrincipal Industry Architect, Team LeadOracle Higher
2The following is intended to outline our general product direction The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remain at the sole discretion of Oracle.
3Agenda Introduction Current state on Campus How can IDM help Oracle’s IDM SolutionProduct strategy and roadmapCommitment to our customers
45 Questions: to ask your Chief Security Officer How do you control access to your sensitive apps?Usernames and passwords, HW Tokens.What determines your employee’s access?Give Alice whatever Wally hasWho is the most privileged user?3 time summer intern?How secure is your identity data?It is in 18 different secured stores.How much are manual compliance controls costing?Don’t ask!
7State Of Security on Campus IncompleteMultiple point solutions from many vendorsDisparate technologies that don’t work togetherComplexRepeated point-to-point integrationsMostly manual operations‘Non-compliant’Difficult to enforce consistent set of policiesDifficult to measure compliance with those policiesUser ‘un-friendly’Solutions not user-centric but technology-centricProcesses not end-user friendly
8It’s A Risky Business Date Institution State Number Incident 1/14/2008Univ of Wisc MadisonWIAccident39,5351/23/2008Baylor UniversityTXHacking1/29/2008Georgetown UnivDCStolen38,0002/12/2008Long Island UnivNY30,0003/28/2008Antioch UnivOH70,0004/4/2008Univ of CA IrvineCA7,0004/17/2008Univ of MiamiFL2,100,0005/4/2008Staten Island Univ Hospital88,0005/14/08Oklahoma State UniversityOK6/6/2008Stanford Univ72,0006/10/2008University of Utah Hospitals and ClinicsUT2,200,0008/18/2008The Princeton Review108,00011/12/2008Univ of Florida330,0002/13/2009University of AlabamaAL37,0002/19/200997,2003/11/2009Binghamton Univ100,0005/7/2009University of California - Berkeley160,000(1) Bank security breach may be biggest yetAccount info at Bank of America, Wachovia sold by employees; more arrests expected, N.J. police say. May 23, 2005: 4:19 PM EDTNEW YORK (CNN/Money) - Bank of America Corp. and Wachovia Corp. are among the big banks notifying more than 670,000 customers that account information was stolen in what may the biggest security breach to hit the banking industry.Account information on the customers was illegally sold by bank employees to a man identified as Orazio Lembo, whom police said was doing business by illegally posing as a collection agency.(3)Firm will settle with state over data lossMissing laptop had information on thousandsBy Ross Kerber, Globe Staff | December 12, 2006Ameriprise Financial Services Inc. will pay $25,000 to settle a probe of how one of its laptop computers went missing with the personal data of thousands of Massachusetts residents, Secretary of State William F. Galvin said yesterday. Galvin said the payment may be the first ever over a missing portable computer, a problem that has grown with the spread of the devices at many organizations including the US Veterans Administration and Fidelity Investments. Ameriprise of Minneapolis also will pay for an independent review of its procedures. The case dates to the 2005 theft of an Ameriprise laptop containing data on roughly 70,000 financial advisers and 130,000 customers. Ameriprise spokesman Steven Connolly said that the data should have been encrypted and that an employee was fired over the violation of company policy. He said the machine was recovered and there have been no reports of harm. Galvin's action is the only settlement with any regulator to date, Connolly said.(4) Nationwide Building Society(5) Capita Financial Administrators
9Security Incidents by type Higher Ed SSN Qty Breach by Type
10Identity Threats Identity Theft Fragmented Application Security Consumers hesitate to embrace on-line self serviceStolen identity and credit cards used to pay for on-line purchasesFragmented Application SecurityToo Many privileged usersSilo’d and fragmented disjointed SecurityData Center SecurityAdminister 100’s of Data stores
11How Can Identity Management Help How Can Identity Management Help? Enforce Strong And Granular Security PoliciesEnforce strong password policies via synchronization or single sign-on (SSO)Implement strong authentication and risk based authorization for critical apps and web servicesEnforce minimal access rights based on roles, attributes, and requestsLeverage federation technologies for cross-domain SSOX
12How Can Identity Management Help? Establish Enterprise Identity & Roles Consolidate or virtualize multiple, complex identity environments to a single enterprise identity sourceAutomate linkage of employee records with user accountsEstablish enterprise roles for automation, compliance and business continuityEliminate rogue and orphaned accounts?!X
13How Can Identity Management Help How Can Identity Management Help? Scalable Security And Administration For Higher Ed.Deploy self-registration and self-service to reduce help desk cost and improve service levelManage the rich role information for a highly dynamic user base with multiple affiliationsImplement on-boarding and off-boarding automation to deal with activity level driven by academic calendarDeploy secured identity repository to ensure user privacy and HIPAA complianceWhat do these issues need?
14How Can Identity Management Help How Can Identity Management Help? Guarantee Patient Privacy For HealthcareDeploy secured storage and control processes to guard patient’s data privacyDeploy audit and control mechanisms to ensure cost effective compliance to HIPAAImplement access control to ensure the security of shared workstations for single sign-on and sign-offEnable self-service and automated application provisioning for mobile healthcare workersWhat do these issues need?
15Oracle Enterprise Software More ValueLess ComplexityComprehensive Industry PortfolioCompleteMore Choice Less RiskStandards-Based ArchitectureOpenMore Flexibility Less CostDesigned to Work TogetherIntegratedAt Oracle, we not only understand where technology trends are headed; we’re defining and driving those trends in key markets such as enterprise applications, middleware, and information management. Oracle’s applications strategy reflects that deep market understanding, and is built upon three main pillars: Complete, Open, and Integrated.Complete: Comprehensive Industry Portfolio – Complete breadth and depth of the solutions across industries with an integrated tech stack.Open: Standards-Based Architecture – Build to open industry and technology standards. Re-architected to run on Fusion Middleware. Ideal for heterogeneous environments.Integrated: Designing all Applications to Work Together – Integrated architecture allowing easier interactions within and across enterprises.Oracle has invested in 6 acquisitions in IdM since 2005So, let’s talk a bit more in depth about each of these concepts.15
16Key Oracle Differentiators Complete suite of best-of-breed productsProven for large scale deploymentsBest long-term investmentComplete suite of best-of-breed productsComplete & best integrated identity management suiteIncludes compliance, virtualization and system managementMarket leadership validated by press and analystsProven for large scale deploymentsLarge, complex, and award winning deploymentsBroad customer base and use casesLarge referenceable customer baseBest long-term investmentStrong support of open standards and hot-pluggable strategyPre-integrated with leading applications and infrastructureUnderpins Oracle’s next generation of Fusion Applications
18Oracle’s Identity Management Suite Identity Admin.Access ManagementDirectory Services“Identity Management 2.0”Role ManagerAdaptive Access ManagerEntitlements ServerWeb Services ManagerVirtual DirectoryCore PlatformIdentity ManagerAccess ManagerIdentity FederationEnterprise Single Sign-OnInternet DirectoryAuthentication Service for OSAudit & ComplianceManageabilityIdentity Management SuiteEnterprise Manager IdM Pack
19Access Control & Single Sign-On Single sign-on w/ FederationDirectory synchronizationPersonalizationFor internal and external usersOracle Internet DirectoryHRMSLDAPADOracle eSSO SuiteContractorOracle Access ManagerOracle Identity FederationStudentStaff User19
20Access Management – Run-Time Authentication, Authorization, SSO, Federation WebApplicationsUserWeb SSOeSSOAuthenticationSession ManagementPolicy ManagementAuthorizationLegacyApplicationsWhat do these issues need?Fraud MonitoringRisk ProfilingWebServiceFederation& TrustPartner Applications& Web ServicesAccess Audit
30Scalable, Secured & Agile Infrastructure ADLDAPDBAsEnterprise User SecurityCentralized Management of DBAsIntegration with Active DirectorySoD for Privileged DBA AccessLDAPOracle Virtual DirectoryFinanceHRCRMDB VaultFinance DBAApp AApp BCRM DBA30
31Schema Transformation Directory Services – Infrastructure Identity Virtualization And ConsolidationVirtualSchema 1HRMSApplicationsVirtualSchema NCRMSchema AggregationSchema TransformationSchema MappingData SynchronizationApplicationsWhat do these issues need?AggregatedSchemaInternal LDAPMetaDirectoryExternal LDAP
32IdM And Data Security Enterprise User Security (EUS) Database Vault OVD enables EUS to run on Active Directory, SunOne, and OIDOIM further enables centralized DB user admin via EUSORM IT role management extends EUS role managmentDatabase VaultOIM provisions standard DB user + DB Vault privilegesDB Vault is used to protect DBA access to sensitive IdM dataTransparent Data Encryption (TDE)TDE encrypts data transparently for OID, OIM and ORM32
33Complete Enterprise Control GRC Process ManagementPolicy Repository Evidence ManagementControl Testing Risk & Compliance ReportingGRC Application ControlsIdentity ManagementControls Monitoring & EnforcementBest Practice Controls & PoliciesPrivilege Level SODContextual SOD AuthorizationUser On-Boarding Lifecycle Mgmt.Account Provisioning & RemediationAccess & Role AttestationAuthentication, Authorization, SSOUse this slide to talk about GRC + IdM to a COMPLIANCE or CONTROL centric audience.Business ApplicationsApps, Systems & Data Repositories
34Leader in Magic Quadrants “Oracle assumes the No. 1 position”- Earl Perkins, Perry Carpenter, Aug (Research G )User Provisioning, H2 2008Web Access Management, H2 2008Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
35Standards Support Contribute and lead Implement Innovate SSTC (SAML Working Group) - Co-ChairLiberty Alliance - President, Board MemberWSS, WS-SX (Web Services Security), JCP - AuthorSPML - AuthorXACML – Voting memberImplementAccelerate product developmentSimplify product integration & minimize TCOInnovateEnable Identity Governance Framework: CARML, AAPMLStandards for end-to-end security
36Looking Ahead Oracle will broaden security product portfolio Security is not just another line of business for OracleSecurity is strategic to Oracle’s entire product portfolioEmerging areas: entitlement management, fraud, privacy, governance, risk management… etc.From security silos to built-in securityBuilt into enterprise applications, middleware, DB, OSIdentity Services FrameworkProject FusionSingle security model across Enterprise Applications SuiteEnforced uniformly at all parts of technology infrastructureAcross entire life-cycle from development to maintenance
37Oracle IdM’s Customer Focus Customer Advisory BoardCollaboration with strategic customers on product roadmap and technology directionsSecurity Executive ForumC-level executive helps to validate Oracle’s strategy and drive future investmentsPast attendees: Bank of America, British Telecom, Franklin Templeton, JP Morgan Chase, Network Appliance, Royal Bank of Scotland, The Hartford, T-Mobile, Toyota, Wachovia, ….Best post-sale support in the industryProduct management sponsorship to ensure every deployment and every upgrade is a successStrong track record of customer upgrade success
39Oracle’s Identity Management Strategy Identity Services FrameworkDevelopDeployOperateFMW TechnologiesComplete solutionIntegrated suite of best-of-breed componentsEach component individually deployableApplication centricIntegrated with business applicationsIntegrated to application life cycleHot-pluggableStandards-basedWorks across leading platforms
40For More Information search.oracle.com or oracle.com Identity managementororacle.com40