Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oracle Identity And Access Management Kwesi Edwards Principal Industry Architect, Team Lead Oracle Higher.

Similar presentations


Presentation on theme: "Oracle Identity And Access Management Kwesi Edwards Principal Industry Architect, Team Lead Oracle Higher."— Presentation transcript:

1 Oracle Identity And Access Management Kwesi Edwards Principal Industry Architect, Team Lead Oracle Higher

2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remain at the sole discretion of Oracle.

3 Agenda Introduction Current state on Campus How can IDM help Oracle’s IDM Solution Product strategy and roadmap Commitment to our customers

4 5 Questions: to ask your Chief Security Officer How do you control access to your sensitive apps? –Usernames and passwords, HW Tokens. What determines your employee’s access? –Give Alice whatever Wally has Who is the most privileged user? –3 time summer intern? How secure is your identity data? –It is in 18 different secured stores. How much are manual compliance controls costing? –Don’t ask!

5 Next Generation Security Challenges Auditors & Regulators Identity Thieves Rogue Employees Privileged Users

6 Next Generation Security Solutions Auditors & Regulators Identity Thieves Rogue Employees Privileged Users Compliant Provisioning Fraud Prevention Entitlement Management Data-Center Security

7 State Of Security on Campus Incomplete Multiple point solutions from many vendors Disparate technologies that don’t work together Complex Repeated point-to-point integrations Mostly manual operations ‘Non-compliant’ Difficult to enforce consistent set of policies Difficult to measure compliance with those policies User ‘un-friendly’ Solutions not user-centric but technology-centric Processes not end-user friendly

8 It’s A Risky Business DateInstitutionState Incident Number 1/14/2008Univ of Wisc MadisonWIAccident39,535 1/23/2008Baylor UniversityTXHacking39,535 1/29/2008Georgetown UnivDCStolen38,000 2/12/2008Long Island UnivNYAccident30,000 3/28/2008Antioch UnivOHHacking70,000 4/4/2008Univ of CA IrvineCAStolen7,000 4/17/2008Univ of MiamiFLStolen2,100,000 5/4/2008Staten Island Univ HospitalNYStolen88,000 5/14/08Oklahoma State UniversityOKHacking70,000 6/6/2008Stanford UnivCAStolen72,000 6/10/2008University of Utah Hospitals and ClinicsUTStolen2,200,000 8/18/2008The Princeton ReviewNYAccident108,000 11/12/2008Univ of FloridaFLHacking330,000 2/13/2009University of AlabamaALHacking37,000 2/19/2009Univ of FloridaFLHacking97,200 3/11/2009Binghamton UnivNYAccident100,000 5/7/2009University of California - BerkeleyCAHacking160,000

9 Security Incidents by type Higher Ed SSN Qty Breach by Type

10 Identity Threats Identity Theft Consumers hesitate to embrace on-line self service Stolen identity and credit cards used to pay for on-line purchases Fragmented Application Security Too Many privileged users Silo’d and fragmented disjointed Security Data Center Security Administer 100’s of Data stores

11 X Enforce strong password policies via synchronization or single sign-on (SSO) Implement strong authentication and risk based authorization for critical apps and web services Enforce minimal access rights based on roles, attributes, and requests Leverage federation technologies for cross-domain SSO How Can Identity Management Help? Enforce Strong And Granular Security Policies

12 How Can Identity Management Help? Establish Enterprise Identity & Roles Consolidate or virtualize multiple, complex identity environments to a single enterprise identity source Automate linkage of employee records with user accounts Establish enterprise roles for automation, compliance and business continuity Eliminate rogue and orphaned accounts ?! X

13 Deploy self-registration and self-service to reduce help desk cost and improve service level Manage the rich role information for a highly dynamic user base with multiple affiliations Implement on-boarding and off-boarding automation to deal with activity level driven by academic calendar Deploy secured identity repository to ensure user privacy and HIPAA compliance How Can Identity Management Help? Scalable Security And Administration For Higher Ed.

14 Deploy secured storage and control processes to guard patient’s data privacy Deploy audit and control mechanisms to ensure cost effective compliance to HIPAA Implement access control to ensure the security of shared workstations for single sign-on and sign-off Enable self-service and automated application provisioning for mobile healthcare workers How Can Identity Management Help? Guarantee Patient Privacy For Healthcare

15 More Value Less Complexity Comprehensive Industry Portfolio Complete More Flexibility Less Cost Designed to Work Together Integrated Oracle Enterprise Software More Choice Less Risk Standards-Based Architecture Open

16 Key Oracle Differentiators Complete suite of best-of-breed products Proven for large scale deployments Best long-term investment

17 Identity Admin.Directory Services Audit & ComplianceManageability Comprehensive IdM Solutions Core Platform “Identity Management 2.0” Identity lifecycle Organization lifecycle Provisioning & Reconciliation Password management Role management Role mining Relationship management Authentication Authorization Single sign-on Federation LDAP storage LDAP synchronization OS authentication Strong authentication Risk based authorization Fine grained entitlements Web Services security Identity virtualization AuditReporting Analytics Fraud Attestation Segregation of duties Service level Performance ConfigurationAutomation Access Management

18 Access Manager Identity Federation Enterprise Single Sign-On Access Management Identity Manager Identity Admin. Internet Directory Authentication Service for OS Directory Services Identity Management Suite Audit & Compliance Enterprise Manager IdM Pack Manageability Oracle’s Identity Management Suite Adaptive Access Manager Entitlements Server Web Services Manager Role ManagerVirtual Directory Core Platform “Identity Management 2.0”

19 Access Control & Single Sign-On LDAP AD HRMS Contractor Student Staff User Oracle Access Manager Single sign-on w/ Federation Directory synchronization Personalization For internal and external users Single sign-on w/ Federation Directory synchronization Personalization For internal and external users Oracle Identity Federation Oracle Internet Directory Oracle eSSO Suite

20 Access Management – Run-Time Authentication, Authorization, SSO, Federation Authentication Session Management User Policy Management Authorization Federation & Trust Web SSO eSSO Web Applications Legacy Applications Partner Applications & Web Services Fraud Monitoring Risk Profiling Web Service Access Audit

21 WebGates Oracle Access Manager Policy Enforcement Points (PEP) OAM Access Server Policy Manager Policy Decision Engine Authentication & Authorization Request Applications AccessGates End User Authentication & Authorization Decisions LDAP Store User Data Policy Data Configuration Data OAM Identity Server Delegated Admin Identity & Group Lifecycle Management

22 Self-Service LDAP AD HRMS Contractor Student Staff Approver Self-service and self-registration Delegated administration Password reset For internal and external users Self-service and self-registration Delegated administration Password reset For internal and external users Oracle Identity Manager

23 Provisioning Customer Internal User Approver Mainframe Device DB ERP Partner Admin Role Based Policy Oracle Identity Manager User Provisioning Workflow Rogue Account Detection

24 Compliant Role Based Provisioning Role Management Attester Mainframe DB ERP SIS/HRM S Provisioning Platform SoD Policy Engine Oracle Identity Manager Oracle Role Manager Oracle Application Access Controls Governor Align access to University roles Automated & auditable attestation Enforce SoD policies Align access to University roles Automated & auditable attestation Enforce SoD policies

25 Identity Admin. – Lifecycle Management Provisioning, Role Management, Self-Service HRMS CRM LDAP Self-Service Self-Registration Delegated Administration Identity & Role Lifecycle Management Identity Reconciliation Account Provisioning Account Reconciliation Password Sync. Applications Infrastructure DB Identity Audit

26

27

28 IDM Provisioning for PSFT

29 Identity Theft Protection Mutual authentication Knowledge based authentication Key-logger-proof devices Mutual authentication Knowledge based authentication Key-logger-proof devices Fraud analytics Transaction monitoring Device & location tracking Behavior profiling Fraud analytics Transaction monitoring Device & location tracking Behavior profiling Device & Geo-location Forensics Secure Mutual Authentication Account Management New Purchase Oracle Adaptive Access Manager

30 Scalable, Secured & Agile Infrastructure LDAP AD LDAP Finance DBA CRM DBA Finance HR CRM Centralized Management of DBAs Integration with Active Directory SoD for Privileged DBA Access Centralized Management of DBAs Integration with Active Directory SoD for Privileged DBA Access DBAs Enterprise User Security App A App B Oracle Virtual Directory DB Vault

31 Directory Services – Infrastructure Identity Virtualization And Consolidation HRMS CRM External LDAP Schema Aggregation Schema Transformation Schema Mapping Data Synchronization Aggregated Schema Virtual Schema N Applications Meta Directory Internal LDAP Virtual Schema 1 Applications

32 IdM And Data Security Enterprise User Security (EUS) OVD enables EUS to run on Active Directory, SunOne, and OID OIM further enables centralized DB user admin via EUS ORM IT role management extends EUS role managment Database Vault OIM provisions standard DB user + DB Vault privileges DB Vault is used to protect DBA access to sensitive IdM data Transparent Data Encryption (TDE) TDE encrypts data transparently for OID, OIM and ORM

33 Complete Enterprise Control User On-Boarding Lifecycle Mgmt. Account Provisioning & Remediation Access & Role Attestation Authentication, Authorization, SSO Identity Management GRC Process Management Controls Monitoring & Enforcement Best Practice Controls & Policies Privilege Level SOD Contextual SOD Authorization GRC Application Controls Apps, Systems & Data Repositories Business Applications Policy RepositoryEvidence Management Control TestingRisk & Compliance Reporting

34 Leader in Magic Quadrants Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. User Provisioning, H2 2008Web Access Management, H “Oracle assumes the No. 1 position” - Earl Perkins, Perry Carpenter, Aug (Research G )

35 Standards Support Contribute and lead SSTC (SAML Working Group) - Co-Chair Liberty Alliance - President, Board Member WSS, WS-SX (Web Services Security), JCP - Author SPML - Author XACML – Voting member Implement Accelerate product development Simplify product integration & minimize TCO Innovate Enable Identity Governance Framework: CARML, AAPML Standards for end-to-end security

36 Looking Ahead Oracle will broaden security product portfolio Security is not just another line of business for Oracle Security is strategic to Oracle’s entire product portfolio Emerging areas: entitlement management, fraud, privacy, governance, risk management… etc. From security silos to built-in security Built into enterprise applications, middleware, DB, OS Identity Services Framework Project Fusion Single security model across Enterprise Applications Suite Enforced uniformly at all parts of technology infrastructure Across entire life-cycle from development to maintenance

37 Oracle IdM’s Customer Focus Customer Advisory Board Collaboration with strategic customers on product roadmap and technology directions Security Executive Forum C-level executive helps to validate Oracle’s strategy and drive future investments Past attendees: Bank of America, British Telecom, Franklin Templeton, JP Morgan Chase, Network Appliance, Royal Bank of Scotland, The Hartford, T-Mobile, Toyota, Wachovia, …. Best post-sale support in the industry Product management sponsorship to ensure every deployment and every upgrade is a success Strong track record of customer upgrade success

38 Customer Advisory Board Share, Communicate, Partner

39 Oracle’s Identity Management Strategy Complete solution Integrated suite of best-of-breed components Each component individually deployable Application centric Integrated with business applications Integrated to application life cycle Hot-pluggable Standards-based Works across leading platforms OperateDevelopDeploy Identity Services Framework FMW Technologies

40 For More Information search.oracle.com or oracle.com Identity management

41


Download ppt "Oracle Identity And Access Management Kwesi Edwards Principal Industry Architect, Team Lead Oracle Higher."

Similar presentations


Ads by Google